Re: Keeping things secure
If you gave Linux to your typical office desktop users, you'd have as many, if not more, of the same security breaches.
We have an office full of Linux systems, and never had a single breach. A big part of that is that users are just that. Locked-down user, no privileges to install anything.
With Windows, you can't even set-up two users on the local system to be able to access the same set of files, without making them administrators. Search for "unable to take ownership". You'll see lots of resolutions options like disabling UAC, which is both a terrible idea, and still doesn't work. You can set all the ACLs on the files and folders correctly to allow two users full access to them, but Windows only recognizes one owner, and won't let you open and modify those files until you're the owner, which you can't make happen unless you're also an administrator...
Linux is designed to be a sane, multi-user operating system. Windows has only just the basics of multi-user operation tacked-on, poorly.
And if users were allowed to install software, they would only be doing it from the repos... Careful use of sudo can allow them to do that, without giving them full root permissions. And those Linux software repos are still curated and extremely, without being locked-down with onerous restrictions and fee demands like Apple does with their store. Whereas the very model for Windows software installation has for decades been "download binaries from websites on the internet and run them, and say yes when asked if they should be allowed to do absolutely anything to your system" which is the real security nightmare.
Linux doesn't let you run exe's or other binaries from files attached to e-mails with a click. Linux doesn't hide (crucially important on Windows) file extensions from you, allowing attackers to mask executable code as innocuous images or other documents.
And should we talk about auto-run?
This is just scratching the surface. The list of ways in which Windows is inherently insecure is legion.