@AC on Funny how
OK, here is the difference.
On most Windows systems, people are running as a privileged user most of the time (they need to so their applications work). So if there is a hole in the browser that allows a remote-code exploit, it then has the required privilege to immediately add other back-doors, inject code into the core OS, and generally play havoc on the system in ways too many to mention.
On Linux, most users run as a restricted user by default. When they browse the internet, run applications etc, if there is a remote-code exploit, this code runs as a non-privileged user. So if it tries, for example, to write to /dev/mem, it fails. If it tries to change any system libraries, it fails. If it tries to change any binaries in system directories, it fails. In fact, pretty much everything damaging fails EXCEPT ON FILES OWNED by the user, which is their own data, and the configuration files for the apps they run.
Of course, it is possible to run most programs as root, but the normal state of affairs is that people don't. THIS IS THE DIFFERENCE.
By default, there is no way for code to cross the non-privileged/privileged divide without the user taking affirmative action, and unlike Vista, it does not ask for permission every two minutes, so as soon as it does, most Linux users will be wary.
Before you start, yes, it is possible to change the users path so that you run unintended programs, but normally, if you su or sudo, the path gets controlled again. Ditto the LD_PATH. Of course, you could try social engineering (go on, you really DO want to sudo this script I've dropped onto your system, even though you do not know what it does), but this is not a flaw in the OS. There really are people who know about security acting as gatekeepers-by-proxy for the dangerous things.
The UNIX model is not immune from exploits, but most of them are well known, and you can find out how to avoid them in any of the myriad of Linux or UNIX books that are available. Most distro's install pretty secure anyway, and they also contain information to avoid most of the pitfalls. And major distros patch new exploits as a result of code defects pretty quickly.
The plain truth is that *NIX security is too well understood to allow simple exploits any more. It's all in the pedigree.