Historically, a lot of the problems were due to poor decisions on the part of Microsoft.
For example—you open a Word document that someone emailed you—and it would go off and execute any script that was attached to it. So just opening an email would be enough to get you infected.
Most of those things have been fixed now—so life is better.
So these days it’s more down to the mentality of the malware authors.
The most popular operating system on the Planet is Linux. All of the fastest supercomputers run on Linux, upwards to 80% of the servers on the Internet run Linux…although according to surveys, only 60+% of the servers on the Internet run directly on Linux, but many of the Windows servers on the Internet run virtualized on some form Linux hosting platform. Reminds me of the old joke “What are clouds made of? Linux, mostly Linux.”
Basically, Linux Owns the Internet.
Oh, yes, and the most popular operating system, off the Planet? You guessed it! Linux, which is running on the laptops on the ISS!
Linux doesn’t get viruses. I mean, there has been a few proof of concept ones, but very few “out in the wild”. Linux was built from the ground up with security and multi-user capabilities built in. Thus it’s really hard to create a self-propagating self-replicating piece of malware for Linux. Generally, malware usually only can compromise one level of Linux (and other Unix flavours like *BSD, AIX, HP-UX, etc), and then has a problem on the next layer. You can think Linux as having multiple fences that malware has to go through to take control of the system. This doesn’t make Linux immune to malware, but it makes it much harder to totally compromise. Add to that, the average Linux Administrator is much more savvy about computer security than the average Windows Admin, many of which have only passed a test to get MS certification, if that.
And for the most part, we are speaking of remote exploits…any computer, if you have physical access to it can be compromised…that is why most “secure” computers are in server rooms with lots of physical security.
So, in summation…if you run your system on Linux, keep up with the security patches, and don’t do anything that you are not aware of, you are going to be much more secure than if you had done the same with Windows.