That's a common misperception. The basic idea is that with more eyes on the source code, bugs tend to be shallower. Also, open source software doesn't tend to have spyware built and designed into it, which tends to negatively effect security. The history of Linux certainly backs up the idea that it is more secure, though part of that security is in the design. Microsoft has made some terrible design decisions in the past that severely effected the security of the platform. Sometimes that is because they want to make it easier to use, and that ease of use will bite users in the ass. For instance, on Linux, if someone sends you a program in an email, you can't just click it and run it, because the default for saving files is to make them non-executable, whereas on MS-Windows it is the filename, among other things, that makes the file executable, which is a truly horrible design decision, that has cost both consumers and businesses billions, if not trillion in losses.
Very good explanation. The executable situation is huge.
Back in the Windows95 days, Microsoft made the incomprehensibly daft decision that the “Active Desktop” would be a good idea. In and of itself, it wasn’t such a bad plan, but it was the way it was done. It was partly because Gates wanted to destroy Netscape, so MS integrated Internet Explorer on Windows’ desktop - EVERYTHING ran through IE. And the way MS made that happen was by merging the shell with Internet Explorer. The abominable mshtml.dll (and a couple of other pieces of kit) was born, with the resulting graphical shell. Windows can NEVER be made as secure as Linux since Windows’ is permanently crippled with its graphical shell.
Linux has always kept the shell separate with the X-windows (or whichever) system being an “add-on”, which means Linux can be run headless without any graphical component. 100% pure CLI.
Hence, the design of Linux is inherently more secure out-of-the-box than Windows can be made, no matter how much anti-virus/malware/etc. kit you cobble onto it.