That's something I often remind to phpBB users, phpBB was the most hacked software because it was the most used, and even more, the most badly used (eg with weak mods or not maintained up to date).
But, I as well always add when talking about phpBB security that the last time I saw phpBB.com hacked was couple years ago and actually due to an awstat security leak, not a phpBB one.
So of course, all OS are vulnerable for people with enough skills. And if on one hand, many windows (and phpBB actually) exploit where only due to script kiddies reproducing methods made (and many time packaged into a software) by the few capable ones, we cannot really say that windows was really paying attention to security in the early ages and that it did not carry stupid leaks for a long time among updates.
For sure, things have started to become better with win2k, XP and vista (even though I really do not like it).
Linux Os where just a lot stronger from the beginning, even though this may not have made a real difference for really skilled hackers.
About IE, version older than 7 (eg up to IE6) are really not well secured, IE7 is better, but did not pas the ACID test
, so we cannot really say that all was done to lower the risks.
I'm not an ACID integrist and I know how standardized test can be wrong sometime, but still, it's odd to see that such a big corporation fails to follow agreed standards (like the w3c) where others do it with a lot less means.
A concrete example of the type of weirdness that can be found in IE was recently pointed by the phpBB group : http://www.phpbb.com/blog/2008/10/25/at ... -explorer/
I mean, I don't know of any other browser with a dedicated html commented tag (if IE) to allow webmaster to fix the way it interprets the W3C!
Could be seen as "we where unable to do better, but we allowed you to try", even though it's still kind from them to have let us way to do this.
So I agree with the fact that we must take into account the market when talking about a software, I even sometime wonder if some AV software developer where never tempted to participate into building exploits since it would after all be good for their business, but we still must not forget that among all OS, windows originally was among the weakest.
It's of course better with vista, even though I wonder if someone made it to hack a windows machine with a simple .wav, since you can now speak with your pc, something like your voice telling "format c:"