Realistically the difference is in how Linux mitigates the common vectors for attack that Windows doesn’t. Most malware targeting individual workstations gets in by either supply chain attack, vulnerable web renderer or by tricking the user into installing it.
Centralized repositories with centralized build tooling limits opportunities for supply chain attacks, plus helps prevent users from accidentally downloading a Trojan when trying to grab other software. Containerizing web applications helps limit browser exploits, and less “features” phoning home means a default incoming-deny firewall policy will largely prevent most vulnerabilities from being remotely serious.
So for an individual workstation, Linux is significantly safer from viruses. In the enterprise it’s a completely different story where the threat environment does require defense in depth regardless of your choices of vendors
Realistically the difference is in how Linux mitigates the common vectors for attack that Windows doesn’t. Most malware targeting individual workstations gets in by either supply chain attack, vulnerable web renderer or by tricking the user into installing it.
Centralized repositories with centralized build tooling limits opportunities for supply chain attacks, plus helps prevent users from accidentally downloading a Trojan when trying to grab other software. Containerizing web applications helps limit browser exploits, and less “features” phoning home means a default incoming-deny firewall policy will largely prevent most vulnerabilities from being remotely serious.
So for an individual workstation, Linux is significantly safer from viruses. In the enterprise it’s a completely different story where the threat environment does require defense in depth regardless of your choices of vendors