Security is a strange beast. No one can really tell you what it is, but instead say its a process. Yes, its a process. An ever changing process that indeed moves too quickly for most people, let alone companies to deal with. Companies like Microsoft have several disadvantages when it comes to security (in my opinion). First, Windows XP was built on other flawed operating systems. Security was an after thought (yes, I know this is true with other systems, keep reading ). There is nothing out there for them to compare to besides their own previous operating systems. Linux was also basically a first of its kind (I dont want to get into minix/whatever technicalities, just go with it). But, it had ~30 years of Unix experience to use, to learn from, to have the choice of not making the same mistakes. Unix didnt start out with security in mind (although many of the frameworks were there early on I believe), but it quickly learned that this was important. When linux came out it wasnt built for security. It was a "lets see if I can do this" type of thing. When the system was built they realized that they needed security. Since those beginning months, security has been worked on with linux. Linux developers dont have to worry as much about something in linux changing, and changing the way things work. If that breaks a program, they release and apology, an explanation, and maybe some hints on ways to get the programs to work again. Microsoft on the other hand still allows old 16bit programs to run. Why? Because companies would get angry if they could not run their old programs they rely on. While this is not a bad goal, it adds complexity and whatnot to your code. The more complex the code is, the better chance of you missing something important. K.I.S.S.
Another problem Microsoft has that linux does not have to deal with in quite the same way is the education of their users. No offence is meant to anyone here as I am sure all of the Microsoft users on this forum are wizzes, but the computer literacy of an avverage Microsoft user is lower than that of the average linux user (please lets not make this a debate). Because of this Microsoft has to cater to the lowest common denominator, a computer illiterate PHB type that shakes the etch-a-scetch to clear the screen. In these scenarios, Microsoft wants to leave everything open by default to make it easier for the users to use the desktop, instead of forcing them to learn and open what they need. Linux on the other hand has 2 distinct advantages. First, there are several distrobutions of linux. Each one could be geared towards a different market. While I dont think thats a great solution (newbies shouldnt have everything open!), its one of the things that seems to be happening right now. A "class divide," Slacking elites and the Mandrake newbies. Anyhow, enough with that tangent The second advantage I see is that Linux users are generally more computer savvy than Microsoft users, which allows the distrobutions to close everything off and allow the admint o open what he needs.
I see Microsoft, and every other proprietary OS distributer, as having a disadvantage in the security arena over the open source or free operating sytems. They arent able to keep up and it is making them look bad.