It's time for Microsoft to dump Windows.
In fact, ten years ago would have been a good time to start. At the risk of berating the obvious, it's clear that security will continue to be a major problem for Microsoft. The reason is their tether to legacy code, and their patchwork attempts to shore up their OS core. It's time to let it go.
Apple did it, and did it well. They created a virtualized environment to run Classic MacOS apps in order to ease the transition. When they switched processor architectures, they developed Rosetta, which allows PowerPC apps to run on an Intel platform without modification, again, easing the transition. It can be done. It has been done. It should be done.
If Microsoft really wants to get a firm handle on security and shore up their OS offerings, they need to jettison nearly everything under the covers in Windows, and basically write a windowing shell on top of a UNIX-based core, much like Mac OS X. Make it pretty, make it fast, and make it backwards compatible with existing Windows applications via virtualization.
With multi-core CPUs, ever-cheaper RAM prices, and Vista's already heavy minimum requirements, the time is right. They could launch a whole marketing campaign revolving around the proven security benefits in the new version of Windows, touting "35 years of development!" and make all the UNIX geeks groan.
They could leverage the massive amounts of POSIX code already running on dozens of UNIX-based platforms. This would be a benefit for many software vendors, since the similarities between their platform-specific applications would be significant, and thus reduce development time. Windows would immediately benefit from enhanced security, and the chains of 20 years of questionable code could be thrown off, or at least relegated to a virtualized sandbox.
There would be plenty of work involved in this effort, of course, but given the fact that it's already easy to run Windows apps side-by-side with Linux and Mac OS applications using VMware or Parallels, it's certainly not as large a task as it might seem. They could even write their own X11 clone and have their way with it, like they do with most other existing protocols and frameworks. If need be, they could buy CodeWeavers and use that framework to deliver Windows apps on a UNIX-based core. The options are many, and the need is there.