[Bush2000]

That's the default, even if you buy Windows and install it.

Practically nobody buys Windows retail and installs it themselves. This is the domain of geeks only. Windows installs a single account when you install it yourself: an administrator account. It doesn't force the installer to run as administrator. The installer is able to create a lower-privilege account at any time.

I wouldn't be surprised if the OEM contracts preclude this messing around with the defaults.

Nope. Dell, Gateway, and other OEMs are able to customize practically any aspect of Windows. The reason that they choose not to, by default, is that (as I said before) they know from experience that having a user run as a lower-privileged user will result in a greater number of support calls when the user tries to install ProductA, discovers that ProductA won't install, and calls Dell/etc asking why they can't install ProductA. It's simply a higher support burden for Dell to create a restricted user account by default.

Meanwhile, Linux and Mac come relatively secure out of the box.

Linux is the province of geeks only. Practically no desktop users are using it. So, it's of marginal interest for purposes of comparison. Servers are made to be custom-configured. This isn't an issue on servers at all.

This problem of poor default security settings, except for the administrator problem, will be somewhat alleviated in XP SP2.

The "administrator problem", as you call it, needs to be solved by OEMs, not Microsoft.

[antiRepublicrat]

Practically nobody buys Windows retail and installs it themselves.

I'd better tell Best Buy and Circuit City to get rid of all those copies.

The installer is able to create a lower-privilege account at any time.

For average user desktop systems, the installer usuall won't run at a lower level account because they don't provide enough privileges, that is if that user even knows other types of privilege groups exist.

they know from experience that having a user run as a lower-privileged user will result in a greater number of support calls when the user tries to install ProductA, discovers that ProductA won't install, and calls Dell/etc asking why they can't install ProductA.

Yet on a Mac, users get it out of the box with an administrator account that can do almost everything any user could want to do, and without support calls. But yet they still don't have root access which equivalent to the Windows administrator level. Windows privileges are poorly designed.

Linux is the province of geeks only. Practically no desktop users are using it.

I wouldn't give my mom a Linux box either. But Mac is brain-dead easy to use for anyone, and it has the same privilege system and shares a lot of the components found in Linux. What about that? Would you say a Windows system out of the box is more secure than a Mac system? Why?