I would go with Linux has never had a rapidly spreading virus, or the standard security settings in Linux have so far prevented the spread of Linux viruses without anti-virus software
The fact that one must manually execute the malware, instead of having Windoze conveniently install it for you makes a difference.
If you run the windows task manager you will typically see about three users with processes running. (as opposed to the typical linux machine that has over a dozen users, bind, www, mail, etc.)
It concerns me that you run multiple services on the same nodes and then talk about security. You are way off the mark with that comment though. My machine that I'm doing some web development on has a high user count of 7 at the moment, but turning off some stuff that is not normally in use brings this down to 3. I should point out, however, that these extra users are running various services under these restricted identities. This is a Good Thing.
I do not want to have just one user running all services. I want them separate. It's safer that way. But a DNS server should not be running web services or email. One server, one service.
Windows security model is closer to that of linuxSE than traditional unix permissions.
Exactly how do you figure that?
The big problem with windows security is that configuration is left as an exercise for the end user.
No, the big problem is that it's almost non-existent.
According to a study released by Microsoft 90% of the Windows malware would not run if people did not run as administrator.
Blame the customer? Nice one. ;)
Personally I believe that when SELinux makes it to web browsers and filemanagers, then Linux may be ready for the desktop, in the meantime it is as close as anything else.
SELinux has little bearing on general desktop acceptance. And I would suggest that "ready for the desktop" happened years ago.
Regs.
Iain.