Yep, there's no free lunch. To deal with spambots it would make more sense for ISPs to monitor the volume of SMTP traffic and alert the user if there's a spike (perhaps enforced by a block if it continues).
I just found a useful feature in McAfee (I just deployed it here as a replacement for Symantec). You can configure the antivirus client to whitelist the programs that can use port 25, so the only way a trojan can turn your machine into a spambot would be to replace your existing mail client or hack the whitelist. ZoneAlarm has been using that technique for all internet traffic.
Most of the spambots are short-lived on any given machine anyway. All it takes is one recipient that can read headers and he's busted.