When a program requires root authority, the user is required to enter the root password to certify authorization. Virus writers seek to defeat or bypass this process in every way possible. For example, a virus author might automate the entry of root’s password.
If root authority required a CAPTCHA as well, the function of a CAPTCHA would defeat automation.
By their nature, CAPTCHA’s require human intervention for maintenance, so this would not be possible to use in a WAN roll-out, such as Windows Update.