The problem is that Microsoft have never understood security, and bad security is now so entrenched in the operating system (and the mindset of MS-only admins) that they probably never will.