Most people like to say it's because Windows is more popular. More people means more interest in writing viruses. There's some truth to this, but it's not as big a cause as most people think.

The biggest problem is Microsoft doesn't really understand or care about security. Any time security would hinder usability, usability trumps security in the design Microsoft goes with. They figure they can always patch it later. They also have the mistaken corporate culture of "security through obscurity". Meaning, if no one has the source code to Windows, they won't know that flaw X exists in component Y, and be able to exploit it. We've all seen just how well this idea pans out in the real world.

One big thing Apple has going for it, with OS X, is that it's based on FreeBSD, which is a Unix derivative. It automatically inherits around 30 years worth of real world experience regarding security by its very design. It also uses the Unix user model, where individual users are "sandboxed". Meaning they're largely contained to their own little area. If a user gets infected with a virus, that virus can only affect files that user has access to.

There are a bunch of other factors, but those are probably the big ones.