Security is not like parmesan cheese
You can't get a can of the stuff and shake it on top to make your meal complete.
[Security is more like "kosher" - it's something that you have to include in every ingredient, or the final dish won't qualify.]
Whenever I talk to the religious platform adherents - and because of the sphere in which I work, they're always Linux adherents - I have to ask them what the Linux developers are doing, that Microsoft isn't.
Security obviously cannot be granted by merely labeling something as Linux, nor even by releasing the source code (I would argue that Microsoft, with its various source code licences, may have more people devoted to passing eyeballs over their code than Open Source does!) - so if Linux / OS X / Unix is more truly secure, it must be because something is done differently when developing the code, or reviewing it before including it in the source base.
Anything that happens after the build - testing, code inspection, user behaviour - is going to affect the released code in no way whatsoever. It may provide reason to re-visit the code and change a few things for the next build, but it can't make the existing code more secure - and judging from the people who complain about Windows 98 reaching "end of life", existing code spends a long time in active use before being retired to pasture!
I will readily admit that Unix users are ahead of the game in one respect - they are more accustomed to thinking in terms of "root" versus "non-root". Give them an application program that only runs as root, or which requires permissive sharing of executable directories, and they are (on aggregate) just as meek in accepting it.
But again, that's something that's applied after the build is released, and therefore cannot be something that demonstrates how Linux itself is inherently more secure. If the merry marching morons that are often depicted as the majority of Windows' users were to follow the advice of the religious adherents, and switched to Linux tomorrow, they'd bring all their stupid "must be administrator all the time" application vendors with them, and they'd cause just as much damage to themselves on Linux.
Do any of you see a process that I'm missing, that gets applied prior to a Linux build being released, that makes it more secure, and that isn't currently being done by Microsoft?