Microsoft gets blamed for a lot of security problems, and for the most part, they deserve it. There's no excuse for the irresponsible "on by default" policy that resulted in so many vulnerable Windows 2000 IIS installations. That's why Nimda was so devastating. Windows 2003 has a great security record, mostly because of Microsoft's new "off by default" policy. I expect Windows XP SP2 to be similarly successful.
This is a companion discussion topic for the original blog entry at: http://www.codinghorror.com/blog/2004/10/full-trust-cant-be-trusted.html