Incorrect use of encryption\security\global certificates
Breaking memory address randomization (or whatever its called)
"hidden" back doors
being susceptible to fuzzing, buffer overruns,
leaving ports open when they should never be open or only open for specific time period
the list goes on and on.
"security" software can be as poorly written as you like.
I've said it before and I'll say it again: "Your security software should be your LAST line of defense not the first!"
YOU are the first line of defense quit being stupid!
Some of things I recommend are:
Practicing safe computing / be aware of what you are doing!
Using a curated proxy such as opendns.
Use your router's firewall with NAT turned on.
not using your admin account for every day tasks!
using secure browser such as firefox or chrome along with using an ad blocker. Only turn on ads for responsible websites, techreport etc. (ads are a possible source of infection)
make sure your O/S is up to date.
Do not use any version of windows on the internet prior to windows 7.
If you have someone who is perpetually infected and does not need to play games - switch them to linux (Mint perhaps) with a regular user account.
Main machine: Core I7 -2600K @ 4.0Ghz / 16 gig ram / Radeon RX 580 8gb / 500gb toshiba ssd / 5tb hd
Old machine: Core 2 quad Q6600 @ 3ghz / 8 gig ram / Radeon 7870 / 240 gb PNY ssd / 1tb HD