I started down this path by comparing how secure I am on a Mac vs. on Windows, then I compared Mac vs. Linux. To complete that trifecta, I guess its only fair to compare the end-user data security aspects of Windows against Linux.
Before I get into my rationale, though, just a little more background is in order. I started using a UNIX desktop way back in college and was always comfortable there. At my first couple of jobs after college, I mostly used UNIX workstations from Dec and Sun as my primary desktops.
Mac vs. Linux: Which is More Secure?
Is the Mac Really More Secure than Windows?
IT In 2007: Budget and Trends
The Emerging Dell-Linux-Apple War|
Later, I started using Windows-based systems at the office, but never felt quite at home. I was constantly frustrated by the frequent reboots, lack of serious security capabilities (from my perspective), and such. Then, following a brief foray in OS/2, I quickly gravitated to running Linux at home so I could once again have a real multi-tasking working environment.
Nowadays, my primary desktop is on a Macbook Pro the best computer Ive ever owned, without any doubt.
But, I still run a Debian Linux infrastructure for my company, with a couple Samba servers at its core. Its not uncommon for the Linux systems to go over a year in between reboots. And, I still use XP on another laptop from time to time, generally when a customer requires it or I absolutely must run something like ActiveX controls on a web site. I try my best to learn how to best use the security features of each OS I use, naturally.
So, with that background in mind, its clear my views are somewhat biased. However, I consider myself very open-minded and will always give credit where its due. Heck, some of my best friends use Windows (but I do my best to talk them into OS X anyway).
True to UNIX. Its tough to be entirely fair here, since Windows isnt UNIX in any sense. But my point here is that Linux does follow the security features and capabilities it inherited from UNIX quite closely. In particular, the notion of an administrative (root) user that maintains and operates the system, and desktop users who only run the software on the system, is completely ingrained in most Linux distributions.
Now its true that many Linux users ignore these features and run all their software from a root-level account anyway, but thats a choice that theyve made. The system defaults to protecting the operating system components from its users actions (intentional or otherwise). That feature alone must account in large degree for the dearth of viruses and other malicious vermin on Linux and UNIX platforms.
Windows, on the other hand, started life as a single user system, with that single user being all-powerful. Although thats no longer the case, the general attitude can still be found in many Windows-based software products many of which just cant be installed and/or run properly without desktop administrator privileges. This is all changing for the better, but it took Microsoft far too long to adopt this default-secure configuration practice.
Qualitative score: Windows gets a D+ while Linux gets an A-.