In Linux...
petur: You didn't need to install them because
1) Built into the linux kernel (if the distro sets it up right)
2) Don't open ports, don't allow random code to act as services running as root
3) Have a nice secure SELinux config setup.
Assume you've got your security in line and you may even be able to reflect a targeted attack. Of course the confusion over targeted vs blanket continues to spread, everything is simply 'security', not running random crap on untrusted devices/websites is a good way to be blanket secure and is probably where Microsoft still falls down.