Well, when I said "secure" I wasn't talking about security in a broad sense, only referring to its potential to get infected with a virus.
When I read discussions about Windows being infected I see remarks like,"thank god for linux".. Which compels me to wonder why Linux it thought to be more secure and so I go find discussions on it. The primary reasons for this belief seem to be primarily based on the two features of Linux that I gave. But if you could expand on your statement, that would be appreciated..
OK.
Let's take the first fallacy- that Linux is more secure because it's open source.
Let's think about that for a moment. The reason cited is basically that more people will be looking at the code, so bugs/issues are more likely to get fixed. But that doesn't really make a whole lot of sense, since most code, even in an open source project, has to go through a review process before it's merged into the main repository/build. More to the point, very few- to the point where I would go so far as to say no- people actually just sit around and browse the source for Open Source projects. the very idea is absurd. I'm a Linux user, I've used Slackware, Mint, Ubuntu (ech), Fedora and Arch, and you know how many times I've looked at the source? zero. Same for every single application I've run that is Open Source. Zero. The fact is, the only think an OS or piece of software being Open Source does is encourage developers to close bugs and issues, and basically say "fix it yourself" to the people reporting them.
Additionally, it assumes that those people who are browsing the source code are only interested in fixing problems, and not exploiting them, which is equally absurd. There are no doubt just as many unknown flaws in Red hat or CentOS as there are in Windows, the fact is that the Open Source nature makes it easier to find these flaws- like, for example, the backdoor into any red hat system that was in the OS for nearly 5 years. Obviously, somebody added that in, and who knows who it was, or whether they exploited the loophole they added in those 5 years before somebody stumbled upon it and reported it. That is an important point as well, since it was actually a user of the system that found this backdoor by accident, not one of the fictitious thousand-eyes that are supposedly poring over the source code.
As to the second notation:
"and because being logged in you're only logged in as a user without admin privileges, making malicious code more difficult to run"
Vista/7 no longer default to logging the user in with admin privileges. It might, if UAC is disabled, I think. But I wonder why Linux advocates can't seem to complain enough about UAC and yet have no problem with the graphical sudo/gksudo etc implementations, which are pretty much exactly the same (except they always prompt for a password, whereas the UAC prompt, depending on account settings, merely asks for confirmation).
What it comes down to is that Linux is more "secure" from malware simply because it's not a target of malware. If you had to choose to run your piece of malware on a system that had over 80% coverage, or one with less than 3% market penetration, I think the common-sense choice would be the first one.
d
The fact is, regardless of the system, if you want it to be "secure" you are going to have to make changes to the default configuration, and those things you add and change, later on. The only possible exception I can see being FreeBSD and openBSD, which come fairly locked down.
However, you can't use a locked down box. you need to access the net, run applications, etc. So far, I've not seen any real protections on this linux machine I am using now (Mint 10) to prevent me from running malware beyond what windows provides. Of course because there is so little malware written that will run on linux (probably because writing software for linux is like trying to use a bow and arrow to hit a moving target while wearing goggles covered in ketchup, which is why so few games are available for it*), the chances of getting infected are slim to none. Of course with careful browsing on any OS your chances are slim to none, but let's not cloud the issue with facts.
Other weird sayings that piss me off:
"Linux is good for programmers"
No. It's not. that's so stupid. people who say this obviously haven't had to write non-trivial applications for Linux. It's a bloody nightmare. It's a nightmare just getting half the programs you download to compile properly. Because god forbid they ever give you binaries to make installing their software easy. no, It's ./configure this, and make install this and check the pre-requisites that. And then when the ./configure shell script bombs trying to find all the requirements the error message doesn't tell you anything about what you need. "you need the package from python? but I just ran "apt-get install python" to make sure you had them. Then you search online to discover, OH IT was SO OBVIOUS that I needed to install python-dev rather than the normal peasant version of python. Basically, it's only for masochistic programmers. or programmers that keep all their code so that it doesn't import from any other library. I've also noticed that a lot of Linux desktop app programmers have never touched Windows development and yet still claim Linux is easier. As if they even have a barometer to measure.