On the interminable linux point:
I’ve seen what end-users do with linux. They’ll happily just run, as root (either directly or via sudo) any random .rpm or .deb they think has The Coolest Thing (say, oh, “EverythingYouNeedForBeryl!!! OMGITZKOOL !!! JustLikeVistaOnlyLinux!!!InOneFile!!!.rpm” - I exaggerate, but only a little.).
If Ithat/i contains a rootkit, they’ve just screwed themselves as well as anyone running Windows running a random .exe.
The problem is not so much the OS (not to let MS off the hook - various versions of IE 7, for instance, would run 3rd party code from a popup ad even if you clicked the close icon on the IE window frame, nothing inside the popup - that’s just intolerable), as users.
Users are lazy and clueless, and will happily disregard your security infrastructure if there’s any way for them to do so, if they think it’ll make their lives temporarily easier, or faster.
MS has done pretty well at preventing attacks that Iaren’t due to the user/i, these days, with XP SP2+ or Vista. Nothing can save the user from user stupidity.
(Vista UAC helps, but just today, somewhere else, I saw someone say “first thing, turn UAC off!” … I suppose the only way people are going to be satisfied is if the default install simply installs a fast virtual machine and that’s all you ever run, to just reinstall it whenever necessary.)