Microsoft OSes began with no security. Windows 95 through ME had varying levels of front-end password-based security bolted on at some point, but it was hardly layered through the entire OS like UNIX. They weren't multi-user environments so interprocess security wasn't seen as an issue, and remote exploits were all over the place since they weren't built for network use. The NT base of Windows 2000, XP, and now Vista provided a much better security model and had some multi-user roots, but had to carry the burden of compatibility with code written for the original, completely insecure Win95 base. Simply put, Microsoft had the chance to beat Apple to the punch and make a giant leap back in 1997 or so, killing off the existing Win32 platform in favor of an NT-based client and server that did not have to run legacy applications natively. They didn't, and we are still paying the price for it today. Even if you're not running an MS OS, most of the spam in your mailbox came from zombie Windows systems in the control of spammers.
I also don't buy into the whole "Mac users are sheep" thing. You wouldn't have gotten me near a Mac before OS X. I didn't like the UI, I didn't like the hardware, and I certainly didn't like the IP stack. It was great in the 80's and early nineties, but by the time OS 9 was released, it was a joke. Way too many features had been bolted on the side, duct-taped to the rear, and glued on everywhere else. Apple had to rebuild their entire OS. They did, with a huge helping of public code vetted over the decades and proven secure and reliable. Microsoft didn't. They're faced with massive-scale exploits like the spreading ANI vulnerability. That affects every Microsoft OS, server and workstation alike, across the board. This gives us a glimpse into the code shared between generations of Microsoft OSes, and it's not a pretty view.
As Henry Spencer said, ""Those who don't understand UNIX are condemned to reinvent it, poorly."