“What’s the difference between the security policy of Microsoft compared to GNU/Linux and even better, BSD systems? It’s the defaults, idiot!”

I’m not an idiot but I’m suggesting that the defaults in Linux distros aren’t always optimized for best security.
It depends on which distro you’re referring to.
Many distros have tons of services up’n runnin by default. Not only are they consuming precious RAM, but some of them are known to have had (or having) security issues.
And if Linux were so secure out-of-the-box, why are there tides of how-to’s on the internet providing the user valuable information on how to harden your linux-box?

What’s the difference between this:

http://www.markusjansson.net/exp.html

and this:

http://www.puschitz.com/SecuringLinux.shtml

The articles are probably equally long and equally elaborate.
My point is, there’s no such thing as a secure OS. OS security is not static. I would definitely put my trust on a WinXP machine with sp2 installed and FW + AV software installed because windows users in general know by now that these actions are mandatory in order to secure their system, than an Ubuntu without firewall and a user that believes in the mantra - “Linux is secure because it’s Linux and I don’t have to do a darn thing to make it more secure! Hey, it’s a Linux!”.

And why are there tons of security applications (snort, tripwire, rkhunter, chkrootkit, aide, selinux, grsecurity, apparmor etc etc) if Linux distro “X” is so much more secure than Windows? And have a look at secunia.org and browse for any Linux distro and you’ll notice that the security advisories for those are not really rare.

Next:

“Firewall is installed and configured by default”

Not true. Again, it depends on which distro you’re referring to. Security focused distros such as Fedora will ask you during the installation whether or not you would like to activate the fw/ip-tables, but it’s not activated per default. *buntu doesn’t even ask if you want to use a firewall, and even if you opt to install a FW after the installation has finished, it will not always start with the boot. How secure is that, thinking that you’re running a FW when you’re not. I know a Slackware based distro, NetSecl, that doesn’t even ask if you want a FW or not - it’s activated by default. Kudos to the developer.
So it really depends on *which* linux distro, not linux distros *in general* when you make a generic statement about firewall based security.

“Forcing the user to log in using an unprivileged account”

Yup, again it depends on the distro. In some, you’re not even encouraged to create an unprivileged account after the installation is done. In Linspire, you’re Root all the way.

“Easy installation of complex security patches, not only to the kernel of the OS but for all installed applications (and the apps tend to have many more holes than the kernel”

And blindly installing all patches will never introduce new bugs and security holes into your system? My impression is that even for Linux, it’s not generally recommended to immediately install all “bleeding” patches since there’s no guarantee that the patches will indeed benefit your system.
For example, upgrading the kernel can sometimes introduce annoying instability issues to your system.

Believe it or not, I am an avid linux user and love the concept of gratis software to everybody and more importantly, the implementation of fine grained security some distros offer to the user, but I wouldn’t dare to recommend any generic linux distro out there to a potential Windows convert by saying stuff like “linux is secure because it’s linux!”. Because that simply isn’t true. It’s way more complicated than that.

Don’t get me wrong, I use Linux (Ubuntu Feisty Fawn) as much as I do windows but problems because of doing nothing isn’t really a reason to switch…