This is what I use. Although it is not perfect, it does require an exploit targeting it specifically. Until it becomes a de facto standard, I would expect this type of exploit to be found largely in targeted attack on an individual or specific organization rather than in a broadly sweeping virus.