More importantly, you highlighted the biggest weakness of Windows and that is that most problems originate between the keyboard and chair.

Linux security stems from the fact that no one actually logs in as root, in fact with Ubuntu based distros the root account is "disabled" by the installer setting the root account password to a ransom string.

Windows on the other hand defaults to an admin account and most users continue using that account all the time. The admin account has root privileges and any software that is run with that account likewise has root privileges, so of course viruses are going to run.

If you log in as root on Fedora and run a shell script that with the line "rm -rf​ /*", what do you think is going to happen?

So yes, if you log in as admin/root viruses, or any poorly coded program, are going to wreck havoc on your system.

Linux's vaunted security has always been predicated on a lie, it's basically just ACL enforced by default, nothing special, nothing unique.

If you want to see how pathetic Linux security is, install Kali Linux, run Metasploit and check out all the exploits that target Linux, at last count there was over a thousand.

Here's an example from 2021 that allows an user to gain root by exploiting a bug that has existed since 2014:

I have always said that Linux users are less knowledgeable than Windows users because they believe the myth of the supposed superior security of Linux.

As researchers and cyber criminals alike study the vulnerability and rush to develop a hacking tool that takes advantage of it, the scale of the risk to users will become more clear. But a flaw in a crucial cryptographic component of Windows is certainly problematic,

"This is a core, low-level piece of the Windows operating system and one that establishes trust between administrators, regular users, and other computers on both the local network and the internet," says Kenn White, security principal at MongoDB and director of the Open Crypto Audit Project. "If the technology that ensures that trust is vulnerable, there could be catastrophic consequences. But precisely what scenarios and preconditions are required—we're still analyzing. It will be a long day for a lot of Windows administrators around the world."

For longer than some of you have been alive, I've been preaching the gospel of using more secure desktop operating systems. You see, Windows has been insecure since 1985's Windows 1.0, really an MS-DOS extension, rolled out the door. Then, as now, there were more secure options. Then it was Unix desktop operating systems. Today it's Linux desktops.​

Why hasn't Microsoft ever gotten its security act together? The fundamental problem is that Windows was never, ever meant to work on a network. It worked as a standalone PC operating system. And, even today, 37 years later, the same pre-internet problems keep showing up. Unix and Linux started with the premise that there's more than one user on the system, and you need to secure accounts and programs from other users, local or remote. This has served these operating systems well.

The Google Threat Analysis Group (TAG) that found it said, "This technique has been widely used to distribute IE exploits via Office files since 2017. Delivering IE exploits via this vector has the advantage of not requiring the target to use Internet Explorer as its default browser."

Oh, guys, it is so, so much older than that. I described this kind of problem in the long-defunct magazine PC Sources in 1992 when I found it in Windows for WorkGroup 3.1. Then, as now, Windows and its native programs treated document data as programming instructions.

This vulnerability requires that a user with an affected version of Windows access a malicious server.