I had a roundup of posts on Windows’s latest Beta OS release, Windows7, and the security “features” that went into it, where they fall short, and what’s missing. To summarize the post, this is what’s required for the “trojan” to pwn you:

1. Go to a malicious site.
2. Get prompted to install software.
3. Choose to install it.
4. Put in your admin password when it asks for it.
5. Get pwned.

So this brings me to, “an operating system is only as secure as the idiot using it.” I’m tired of arguing about the security of Windows versus Linux versus OS X. They’re pretty much all the same, and they’re all insecure. A competent user or sysadmin managing it will limit the number of services running and ports open, install only signed/verified applications, and practice safe browsing. This won’t protect you or them from an 0day.

Whether your grandma is more secure using one OS over another, again… it’ll only be as secure as she can be. With more and more vulnerabilities exploiting the browser and targeting the user, no OS is secure.