"more secure" doesn't mean anything when the level of security is zero.
"I don't think you can have a totally secure system which lets users do what they want."
You don't let _users_ do whatever they want. Admins are for that.
In any W7-system admins sit in Redmont, except for viruses, of course. W7 is very much like toy OS, even the "admin" can't uninstall unused windows components, all of them sit on the hard drive, forever. No wonder it takes more than 50 gigs from hard drive and there's nothing you can do about it.
Nor no reinstall disks for you: If hard drive blows, go and buy new retail version, no OEMs for you.
".. Mac and Linux people, you can't know "
Linux users can. Read the source code and look: _It's all there_. It's as simple as that.
Which part of "open source" you don't get? It looks that even the concept of an OS that you or your friends can check all the way to single lines of code and _all the code_, is so alien to you that you can't understand it at all.
You _can_ know: By checking it yourself. Or your team.
"if your systems are more secure (maybe they are) but they're damn sure not impregnable if virus writers targeted them and it would be idiotic to think they were."
No system is impregnable, but some systems are much harder to break into than others and denying that is plain stupidity. MS is one of those built on "security by not telling anyone". That's very lousy security nowadays.
MS as a company also have this constant "Nono, we don't have any bugs and if we have, they are not serious and we won't patch them as it costs money" - attitude, even today.
"There is no money in bugfixes" like Bill himself said. That's one of his most honest statements since 1980s. Maybe only one, who knows.
"... if virus writers targeted them... "
Essentially bullshit. >90% of worlds webservers are running Apache (more often than not on Linux): You really think that these are _not_ targeted, every day? On what grounds?
Even apache-modules running top of a Apache are attacked every day (mostly various php-applications like phpBB).
What would be better platform for spreading malware than a webserver? Much, much better than any Windows PC.
Even SSH is targeted all the time, why an earth someone can even imagine that most common http-server isn't, is beyond my imagination.