I can tell you without a shadow of a doubt that if you replaced all the Windows machines with Linux tomorrow by next week those users inboxes would be full of "free_porn_codec.sh" or "Happy_puppy_screensaver.sh" with instructions that they WOULD follow to run them.
This is FUD.
You either do not know (or understand) what the "onion/layered approach" is regarding security.
An onion model assumes that vulnerabilities WILL happen, and therefore permissions are restrictive by default. If there is real world exploit on multiple levels, it is the OS fault.
Permissive systems assumes that no exploits will occur, or rather that all KNOWN exploits are now defended against (ok, job done, let's go home guys...). If there is real world exploit on multiple levels, it is the USER'S fault.
Guess which model has stood the test of time?
I get really annoyed when mouse jockeys try to say that Linux would be just as insecure as Windows IF ONLY MORE PEOPLE WERE USING IT. Your argument is based either on ignorance of UNIX, security, or out of defensiveness for your livelihood: you do profit from people's misfortunes using Windows. It is not your fault they run Windows and you enable that to continue - they choose this. So you shouldn't feel any need to emotionally defend Windows with an attack on Unix.
PS - if you actually TRIED sending "Happy_puppy_screensaver.sh" to a newbie who runs Linux, it would fail for more reasons than you could ever know.
It would be impossible for the Linux user to run emailed scripts by clicking in the email. Even if you had the user save the file, it would still not run. Even if you talked the user through how to enable the file's execute bit via chmod +x, it STILL would NOT infect the OS with malware. If you talk the user into running "su" to gain root permissions, only then are we talking real damage. THAT is what an onion layer is like.
Here's another example:
On UNIX, there is 1 permission to read a file, and a different permission to allow execution. These permissions go on users, files, directories, filesystems, and even partitions.
Windows thought it would be a great "convenience" to just assume if you have permission to read something, it must be OK to run it also...
The DOS/Windows way of "read permission + file extension == execute" was widely laughed at before Windows even existed. In fact when Microsoft wanted a secure GUI system, they actually did security the UNIX way (OS/2).