Can IIS be kept hackproof?

I work at a research center at the University of Michigan. Some of our programmers use .NET framework, and their machines constantly get hacked into and become Warez file/porn servers. We’ve pretty much established that its due to the weaknesses in .NET. My question is:

1. Can .NET be made safe?
2. Can I ever locate these hackers and get them back?