Gotta agree with much of what you say Evo.

OTOH SuSE have their patches on line very quickly and you certainly do NOT have to recompile the kernel!

"Many, if not most, of the recent widespread Windows problems have been perfectly avoidable" - yes indeed. I'm religious (OK, obsessive) about patching and backup, reach the Web through FireFox and a Freesco hardware firewall router, use Norton AV and make sure it's updated, and run Ad-Aware, SpyBot and a big HOSTS file of banned sites. Plus a few other tricks. Download a lot of executables and images too. So far so good - last infection was from a BBS in the pre-Web days. Joe Sixpack and Granny Smith can't help being ignorant and you can't expect them to do all that.

But I don't need ANY of that crap with Linux - provided that I'm not running as root the damage that can be done is very limited. One of the real problems with Windows is that it does not effectively separate userspace from kernelspace - couple that with the fact that stacks of applications just don't work unless you run as Administrator and you have a big potential for trouble. It is actually possible to lock Windows up fairly tight, but you need to get quite savvy with group policies and cope with a passle of complicated permissions and it's a pain in the ass. At least Linux is pretty secure right out of the box.

Real security comes at the price of convenience - truly tight systems only run one or two apps., like a database and just won't do anything else.

"Move Linux into the mainstream and you're back to an mis-configured and unpatched operating system - just an open-source one, this time." I don't doubt it - one techie hardening an enterprise server is one thing, he ain't going to be there to tighten your Aunt Lucy's.