PC World: "Software makers routinely sacrifice some security for the sake of usability, and Microsoft is no exception. I've built a career on teaching people how to harden Microsoft Windows over its default state. Several of my inch-and-a-half thick books instructed people what security templates to apply, what files to remove, and what registry edits to make to bring Windows into what I considered a safe but generally functional baseline.
Starting with Windows Vista, most of that old advice is no longer necessary. Microsoft now delivers a product that is significantly more secure out of the box. You don't have to download NSA security templates or modify the system in any way to be fairly secure from the start. Most of today's client-side threats come from users being tricked into running malicious Trojan horse executables and naively lowering the default defenses, such as by disabling UAC (User Account Control), turning off automatic patching, or deactivating the built-in Windows Firewall."