To author an MS Press book you need not be an MS employee. A lot of the authors are just outside consultants who are commissioned to write the books.
I figured as much, just like their hardware and pretty much everything but the software they produce. It's just got their name on it.
Admonish MS all you want for their past security policies (or lack thereof), but there is a concerted effort to turn things around.
I know, I've seen Win2K3 and I was surprised at how good a job they did setting almost everything up like I usually do. Instead of 20 minutes of fixing stupid defaults it was like 2. But I still think a big problem is the ease of use they push, it makes people think they're administrators when they're really not. For instance a friend of mine recently started playing with Win2K3 and AD at home, that in itself isn't a problem but I know he did nothing more security-wise than go through the add role wizards. Just for internal AD/DHCP/DNS this isn't a problem but he spoke of trying to setup Exchange next and running a personal mail server and that has a lot more potential to be a problem.
In addition to that his Cisco DSL router has the default telnet and enable password, when I told him I could get into his router from anywhere on the Internet he said "but that's not an issue because they don't know I have a Cisco router", after I ran nmap on his router and showed him that it even displayed the model number (the new nmap OS detection code is bad ass) he didn't reply because he just don't really care. And that's a problem with a lot of MS clients, they buy the software hoping to get a quick server setup for something and don't care to set it up right. That's not MS' fault, but they make it too easy for them to setup poorly secured boxes. Atleast with Linux if you don't have the dedication to read the documentation you don't have a chance of getting it setup at all =)