Not that simple mate. They've gotta make an OS that's compatible with as much stuff as possible, from the latest hardware to the oldest software. The more things change...
The problem with MS security isn't the applications, or the hardware. It's the OS. Compatibility isn't the problem. I'd argue Apple is compatible with more hardware per working engineer than MS is, and yet they pull it off. Linux is usually a few months behind the curve, but their compatibility with ancient systems is legendary and they're usually just a few months behind on new releases.
I would argue that the reason they don't is because they don't have to do so. When you have 90%+ of the market (or however much it is these days, still an overwhelming majority) and brand loyalty ingrained, you can put out substandard product and the people will still buy it.
This is a lot of it. Once MS looses 5% of their market share because of security problems, they'll focus on security-- probably in some completely draconian method, but they'll put the money into it.
Unlike apple M$ cannt really start over. Apple had the advantages of being very small and having a very very small market share so making OSX and starting over was not a huge deal. They pretty much said screw all the old software and threw it out. This allowed apple to fix a lot of problems from there OS that was pre Internet age. M$ still has to deal with issues and holes from pre Internet that are hard to plug.
I think you have that backwards... Microsoft has 95% of the market. If they suddenly shut down windows and produce something better that's only 80% compatible, where do you think developers and users will go? They'll stick with what they know and at that point all they know is Microsoft. You can say "past performance does not indicate future results" until you're blue in the face and no one will get it.
Apple, on the other hand, had to risk alienating developers and users who were already in a position of wondering why they were bothering to fight the current and why they shouldn't just go with the major player. Imagine if Adobe had said, "you know, this just isn't worth it for us".
Because then they would be putting all of the anti-virus software companies out of business, and that wouldn't be very nice.
This is part of it too... Microsoft has designed a platform to attract developers (developers, developers) and businesses to build on and endorse. IE was intentionally designed to benefit advertisers, because websites want advertisers and IE wanted websites "best viewed on IE".
Symantec et al made a big stink about MS closing certain hooks that the AV writers used to plug into. MS claimed it was to secure the OS, but then they capitulated and left it open... Symantec wanted the hooks left open because that was how their tools attach to the kernel, not because it made it easier to write viruses (at least I hope that's not why), but what does it mean when you make your OS less secure because the AV companies ask you to?
------------
The other big problem in MS culture is the engineers attempts to out-geek each other. I read an article lately about how VBA is written-- what a freaking mess! No wonders they can't maintain that... They do stuff in their code that is very "clever" but not terribly smart-- they save a cycle here and there, but they can't maintain it, they can't secure it, and usually they can't even get it to work right in the first place.
This attitude spills over into their refusal to build to open standards. They think they can do things better themselves (either for technical or business reasons) and they lose the benefits of all the great minds outside of Microsoft.