That is one way of looking at it, however in order to begin an assessment of how secure a system is you need to make a risk assessment. Another way of looking at your example is what is at risk on grandmas computer? How does grandma use her computer? Once those questions are answered then an realistic solution to grandma’s risk can be ascertained. Grandma’s computer doesn’t need the level of security as say a computer used for storing and processing classified information on a DOD network, so Grandma can “get away with†a less secure system. What makes Microsoft so “insecure†is what makes it so marketable....grandma can figure out how to use it and not have to pay some techie to load a new printer.....Security is and should be assessed based on risk. It is a balance between acceptable risk mitigation vs the users ability to do work....Unplug a system, box everything up and store it in a locked room and you have a secure system...that no one can use. A better way to view it is as what was stated in a prior post...what OS can be USED that provides the BEST security (least vulnerabilities) for the given RISK level....And what are the expenses (mitigation costs) in order to make the system usable at an acceptable risk level....Risk mitigation must be viewed in a layered approach...both in the elimination of processing tasks (applications, services, drivers, ect) and hardening those that are needed.....One can not put all the eggs in the OS basket IF security is of greater concern than a home PC....and a home pc does not require a higher level of security offered out side of the current Microsoft systems....so it boils down to personal preference on a home PC,
Macs have been easier to use than Windows machines for years.
The newer versions of Linux are just as easy to use as a Windows machine.
Windows is not secure because of poor design. It's possible to be secure and be usable and marketable. Microsoft isn't willing to invest the resources needed to make that happen.