The key thing to understand is that these kind of programs offer general guidelines, not definitely a security indication and assesment of your system. Moreover, risks about each possible attack are different, and there is an element of usability that conflicts with security.
Don't simply stay with the shiny red color the programs use to scare you. Take your time to read it in detail and most important to understand what each pointed "problem" really means, why it's marked as a problem and what are the implications of not following it.
An example could be the password policy. Not forcing a minimum password lenght is seen as a weakness, however having shorter password, specially in a local account in a non-shared computer isn't a bad thing, or even you can have a long password without this policy. Such a "vulnerability" can easily be considered unnecesary. Others have rightfully concerns.
There is no real protection against malware. All these "protection" programs are only there so that we can sleep at night. If you want to be safe, stay off the internet with your Windows system and use a Linux in a virtual partition. That works very well and you are safe.
Nothing like that. There ARE effective protections against viruses, begining with
common sense. While security rarely comes from antiviruses, a knowing and concious user can make a real difference. Saying that Windows is impossible to secure is simply lacking knowledge of what security is and how Windows works. Of course, Linux can make a very safe system, indeed.