What is true for all main OSs (in desktop user form anyway)...
... is that once an attacker gets ordinary user level access, it's pretty much game over. Just about all of the linux vulnerabilities are local privilege escalation issue; no idea about windows (I don't get emails about them, I just install them every month) but I assume it's pretty much the same. And although this is a particularly large and easy hole to exploit, I bet there's more subtle ones in OSX as well.
The lesson from that pwn to own competition (no machine could be hacked just by having network access; all of them could be hacked* by exploiting a flash vulnerability) is that your vulnerability is linked directly into what you do with your system. If you're a desktop user, then things like that flash vulnerability have the potential to catch out ANY user on ANY system, without needing to click anything. On a server, the services you run and how well they're used (how exploitable is your dynamic website?) determine your vulnerabiliy.
Yes, you can customise your system to be more resistant to local-user attacks (especially if you run a multi-user system) but, pretty much, if someone gets local access it's game over.
The one thing that doesn't affect your vulnerability is OS, especially on servers. On desktops, of _course_ most people concentrate on the OS with the market share, but just coz the threat is lower doesn't affect your vulnerability.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Tor attack nodes RIPPED MASKS off users for 6 MONTHS