Some technologies keep the private key on external hardware such as a PCI card. This may prevent theft but not abuse of the private key. Watch a virus exploit this plan: The virus patches the code that legitimately operates the card. When it is time to sign some documents, the patched code causes them to be signed as expected, but also submits several other alien packets to be signed as well. These packets have been imported into the machine by colleagues of the virus and the signed packets are then exported as before. The same trick can be done for decryption that requires the private key.
The PCI card makes abuse of the private key less convenient because the intruder must wait for those times when the legitimate user is using his key. If the computer is not always attached to the net, further delays occur.
The virus may be able to steal the password when it is used so as to be able thereafter to use the private key whenever the card is installed.
The only solution to these problems that I am aware of requires a trusted communications path between the holder of the private key and the user. The content of the signed document must also be displayed to the user thru this trusted mechanism.