One of the biggest drawbacks of the Windows Registry is that it truly is a single point of failure. If something corrupts the registry, the computer won't boot anymore and oftentimes there is no way of fixing the problem. Since the registry holds configurations for pretty much every program installed, the user must not only reinstall Windows, but also all the programs.
In this way, Linux is truly more powerful than Windows. Should something happen that is similar to the afore-mentioned registry corruption issue on a Linux box, the user might still not be able to boot: in this case, however, the user can generally boot into single-user mode (or off a boot CD) to fix or remove the problem. Since the problem would be with a configuration file, the worst that would happen is that the file would have to be removed.
But let us not bash Windows just for the sake of bashing it: I think a fair comparison is in line.
All that being said, I don't really think that Linux is 100% secure by design. It has tons of advantages compared to Windows. For the most part, a Linux user has permission to edit things only in their home directory, so installed software generally can't take the whole system down: in Windows, a user can potentially access most of the system, especially since many Windows installs give the user administrative rights (or they login as Administrator) by default. A user on a Linux box can FUBAR their system just as effectively (or more so) than a Windows user if they have the root password or have unlimited sudo access, it is usually just a bit more difficult than on Windows.
As Linux begins to make larger strides into the desktop market, I think some very important issues regarding "viruses" will emerge. For instance, I would bet money that I could write "a virus" that would immediately break any modern Linux box in a heartbeat and it would never be detected by antivirus software. A script that asks for root permission to recursively delete "/" (kdesudo rm -rf /) probably wouldn't get picked up by antivirus. A script that opens a port on startup which executes commands as root would be almost trivial to create, and the user would never know.
The issue of detective viruses is tricky. What is a virus? A/V companies (as far as I can tell) seem to believe that searching for "signatures" is the way to find them. The fundamental issue, here, is that the viruses have to first be *discovered* (not to mention being classified): at least one person has to be infected by it before others can be protected... meaning that a given virus, assuming it actually runs, has virtually 100% chance of getting at least once system infected. Virus scanners have to become more proactive to be useful in Linux: besides finding these signatures, they must also interpret a processes' activities and be able to pre-emtively stop it from doing something bad.
The bottom line? If there were one Linux desktop out there for every one Windows desktop (or laptop, or netbook, or whatever), we would find that Linux simply has a different set of vulnerabilities. And the biggest vulnerability is the user.