the underlying model is far more advanced than what traditional Unix has to offer.
No. That's exactly what part of makes Windows so insecure.
The security model is so "advanced", convoluted, and complicated, that the implementation cannot possibly be correct in any realistic universe.
There are so many errors and holes in Windows' implementation of security, AND holes in administrator practices, that you are pretty much guaranteed things will be insecure.
Yeah, you can do fancy things like run different services as unprivileged users. What does the average admin wind up doing, when installing software?
Accepting insecure defaults... run the application as administrator... run the service as LOCAL SYSTEM, etc.
Let us not forget all the registry key troubles and DLL hell, man, malware messes up your registry like a Dog on crack
An adequate bootstrap is a contradiction in terms.