An out of the download/box Linux is usually not secure either; it has to be patched. In that respect it and Windows are in the same boat. In another respect, however, it is in a far better position than Windows: anybody who wishes can look at the source code. It would be very difficult for a mole to smuggle anything into Linux.
I agree with you. But I think you are emphasizing internet access such as your various ports about the TCP/IP stack. To me, this is easily fixed with an inexpensive external hardware firewall or router.
For those folks wanting to be on the internet with their computers it is important to secure your computer independent of any configuration model that the OS may provide ... otherwise, all you have is a toy.