If MS put real effort into providing good security [...]
You're bitching about an OS with mandatory access controls, DEP, ASLR, virtualized filesystem access, application whitelists, secure boot, and that runs its own authentication daemon in a VM so that not even the kernel itself can directly manage password hashes. You're doing this bitching in an article about a tool they maintain so you can harden and sandbox third-party programs, even when those programs weren't built with stack smashing or ASLR or all those neat Visual Studio canaries in mind.
[...]it would destroy the lucrative market for anti-malware software.
They bundle anti-malware software with the OS. They're, clearly, very concerned about not destroying all that filthy McAfee lucre.