If desktop Linux ever gets popular, people will target it and then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.
Got anything to back this up with? A majority of the internet runs on Linux machines, a majority of firewalls and routers run Linux. What makes desktop Linux systems inherently less secure? Just sounds like FUD/propaganda to me.
Ok let's be 100% transparent and honest here. It's certainly not FUD/propaganda. It's a clear architectural evaluation. Just to show I'm not some windows fanboy shitting on Linux here, I will point out that I'm a RHCA and have been running Linux in production on the Internet in clusters of hundreds of nodes for large well known companies for about 20 years. I have written everything from kernel modules to system utilities to full blown applications hosted on top of it. Before that was Solaris. I was the dude who's coffee table was a sun4d (1000E) which I was fixing Linux SPARC port kernel bugs on. And with that comes a lot of experience as to where the flaws are.
On the server, it's certainly not terrible but the exposed surface of Linux and the stacks that run on it is usually 100% written in C which is a language with a thousand foot guns in it. Someone mentioned static analysis and comparison to commercial software. I have run static analysis extensively before (coverity) and dynamic analysis (valgrind etc) on things like haproxy and nginx and found things which were scary. These were reported and fixed but there's a lot of stuff out there that is still wide open. We need to get rid of that ecosystem as the overall attack surface is controlled by the lowest skilled member of the team and on open source products this quality metric is somewhat variable and impossible to control. Also there are priority, attention and professionalism issues with open source software as the developers only want to fix the interesting bugs. Plus a large quantity of the maintainers seem to be the comic book guy out of Simpsons. So I regularly write a patch to fix something quite horrible in something and submit it and it sits there for 3 years until it becomes a CVE or I get told I'm not a maintainer and basically fuck off. That's about it. Not good. Glorious open source is not the panacea everyone tells me it is, even as a major proponent of it for a long time. I'm on the fence. Vendors usually have financial ties motivating them. On the technical issues, alas that's probably one for the Rust thread so I won't go further into it here
Also anyone who's not run Linux in production, I suggest you set up a box on digitaloean or something, with an open ssh server (no open accounts) and http server and watch the sshd, firewall and web logs. There are a lot of compromised Linux machines set up by idiots or unpatched all knocking on your door 24/7. It's not unusual for a single IP to get just over 10,000 SSH knocking attempts a day and similar amounts of HTTP traffic. Basically the Internet is genuinely a warzone of compromised crap and a lot of it is Linux.
Going back to the desktop, there are some serious problems with it. I've mentioned these elsewhere as well. There is virtually no process segregation within a user's session. Thus when someone compromises your firefox process (happens, a lot) if they can pop up an execve then they can write into your profile directory quite happily and set off a command/control process every time you log in. That's C again for you, usually helped along by shitty programming. SELinux (and AppArmor) are supposed to help with that by introducing MAC to the user but it is never configured in a way which is actually effective because that's incredibly difficult when your processes are used to puking stuff all over the disk randomly (dotfiles, cache, temp files, all sorts) in a completely non standardised way so they just don't bother and tell everyone it's done. With this situation, the same is true if you run Firefox, Evolution, Thunderbird, anything. And lets not forget those horrible wget and pipe to bash installers.
If you look at Microsoft, as much as I hate the bastards, they're making a lot of progress in this space. Far more than any of the other vendors out there thanks to their baptism of fire over the last few years.
Security is a journey, not a destination. Linux and open source has somewhat stalled by its complacency from being the least shit option. That's not going to be the case forever.
Now there's absolutely no reason to run windows on a server these days though. Just the automation friction is a game ender. But on the desktop it's still the best option IMHO.