Once more when we see any survey of any sort which questions Linux security, people trounce on it unthinkingly.
Sure, this report leaves out worms. But that is completely irrelevant. I'm willing to bet that most of the successful attacks on Linux could be automated in a worm.
The point about worms is that they are most successful when you have large numbers of vulnerable hosts to propogate. Windows wins simply by having sheer numbers of similarly installed machines, so worms are not an indication of how secure/insecure an OS is. Worms are mostly written for Windows, not because its less secure, but because there is a better chance of success.
A better way to criticise this survey is that it counts total numbers of attacks, not attacks as a percentage of deployed machines. I suspect that this is because this just makes Linux look even worse.
One poster even complained that they had to patch their Windows servers more often than their Linux servers. Don't people see that this is a _good_ thing. Despite what people think, Linux programmers are about equal to the same order of magnitude as Windows programmers. So bugs are likely to be at about the same rate. More patches simply means that more bugs are being discovered and fixed.
If you count vulnerabilities found, Linux and Windows have been consistently about the same order of magnitude (cf. CERT). This is about what you'd expect for similarly complex pieces of software. Being open source doesn't automatically mean that the software is more secure, you still have to have someone looking.
Instead of burying their heads in the sand and Windows bashing, Linux-o-philes should take a long hard look at how they can make Linux better.
Oh and BTW: I run FreeBSD :-)
