They do have very rich(or more precisely rich reach) filesharing, yes, that they start sharing C$ drive, netbios, RPC over the whole internet instantly - "hey its me, Im ready for drive". Thats besides obvious phoning back to HQ. I don't understant what nature(habbit) what: lameness, insecurity by default or LAN-only concept.
They have documented and undocumented functions.
Documented change over time and there is long legacy path(via redundancy(gigabytes), "symlinks" etc)
Undocumented change, when MS want it.
Within that functions ppl sometimes find bugs.
Then, when bugs(sometimes) get officially patched - new bugs apprear.
So, you have some app that may be using documented or undocumented features and which is closed source and with developer probably stopping support at some time. And each linked function may break anytime on update. Or it is even bringing own DLLs to the *fun house*, trying to overwrite the original(who cares). This was somehow corrected by MS via hack in vista(?), so we should not take it seriously, but still copies are stored.
...and MS tries to maintain consistent API and ABI all the way & at the same time keeping bug-per-bug compatibility with legacy libraries.
If you multiply all these members of the "House, built by Jack", you will understand why every additional installed app slows, insecures and breaks - thus assisting in (regular) clean reinstall(reason why nlite, altris juice, wpi & similar appeared btw).
How many versions of .net do you need for recent amd catalyst control center btw? And how should they (and their patches) be installed so it works without errors? Of course, winupdate takes care (most times) about it and everything legacy is probably already integrated in new windows versions(but new keep coming), but .net is not the only library to introduce more errors due to wrong version/overwrite/order.
And now there comes AV in this *fun house*. AV does not even try to use "Heu!"-ristics to any big extent due to awesome amount of malicously behaving DRM and copyprotection(though sometimes it does draw msgbox with lovely false positive), but relies on signatures (that are useless against polymorphs, themself being very old technic). "Hello, this is KAV and I forcast with 60% probability that you get infected today".
The idea to digitally sign, although does not remove holes, does allow somehow secure software installation(although hacking/bruteforcing it is not rare) - and you end up with standard "trust me (blindly), as Im your vendor" situation.
And now, there is WINE, which in its own FAQ about completeness meantioned that every w-s api is like a book, each one contributes,(not one and only book which is updated, without legacy array, but many) and they must maintain bug-per-bug compatibility.
So yes, here goes 1% secure beer.