1.) winblows security barries are there i give you that but the implementation is no good and regularly hack any version of windows is a coffe cup away and well UAC/ntfs ACLS/ASLR/disable bit/TXT/etc. are mostly very bugged and are very easy to bypass, after that just hide your exploit processes and be happy for a while[i do some work as legal cracker now and then for bussiness in my country], well these days is even easier just exploit IE/MSN/.NET runtime to gain access to the kernel tho. [note this is without user intervention at all and giving the sysadmin 48 hours to pimp their security in Server/stations][on a good point windows firewall can be annoying if the admin is picky].
funny note after many years of cracking UAC has never asked me anything while breaking half the freaking OS but it annoys me to no end when im using actual safe stuff LOL
2.) Linux/BSD/Unix: here you are very wrong, these OSes are designed lot more securely from the start and they actually know quite a deal on how protect themselves so even as root is really hard to exploit/hack/virus/[put here] those kernel at least in a reasonable timeframe. Sure in linux as root you can install a keylogger or change the root/user password to mess with the guy for example but try to hide the actual process to make it invisible to the OS or try to access the memory reserved by another application to sniff a password, etc. in resume is not easy at all in fact you need to burn your braincells looking for an unknown security fail[to make it funnier in the kernel itself for the specific task you need to perform] write the exploit and pray the kernel just don't panic and bitch you out.[assuming a clean uber insecure linux here without any security measure active at all]
to fuck things more the linux kernel reserve memory and upload itself on ram which force you to work the exploit hot[on live ram] and the mofo really work hard to prevent you from you asm your way in plus you cannot talk directly to the hardware but you have to kindly ask the linux kernel to do it for you[unless you can DMA your way with a firewire cable jajaja but again is not easy and i think someone already posted a way to partially fixit][i won't even talk about jails or cgroups or virtualization or bypass iptables(PAAAIIINNN), etc]
so if you attack a machines with a relative updated system and you manage to get the root password you are still worlds of pain away from your goal and well viruses i don't think they will be too hot on linuxes[they are HUGE BLOBS and require very extremely nit picked kernel version]
now i agree user is another security flaw but unixes kernel are rough enough to hold just fine the integrity of the OS, now like i said trivial stuff like attaking evolution mail client or getting your bookmarks from firefox or putting some annoying keylogger is doable but those are userspace apps and pose no threat to the kernel[unless a major security flaw is found but moslty those lives for hours]
sure both can be compromised but is like say "i keep my money in a shoebox with a key cuz well vaults can be opened too" <-- that is true but the amount of time/ resources / knowledge / thief are not equal at all, any idiot with a knife can take your shoebox and get you money but you need higly trained[prolly military training]/heavily armed with very expensive tools to break a bank vault hence why the 500 most powerful supercomputer in the world use linux and not windows[windows can be clustered too and after paying millions of dollars in hardware you won't go cheapo on windows for a license, is the security and tools that make the difference since this computers moslty handle extremely sensitive data][ok some are for reaserch and stuff so i mean financial/military/weaponry sectors, happy?]