Indeed OS security is only as good as the user's understanding. Most users just want it "on" so they can get on with things and often don't understand the consequence of bypassing a security measure to get a task done. Generally I have found OSX to be the best at managing its own security for the unaware user, Unix/Linux requires a deeper understanding of security for the unaware user and often a visit to the command line and vi editor. Windows is getting better with some impressive improvements of late but these aren't in the mainstream conscience yet.

You could argue that all three systems above provide good enough security with the weakest link being the end user. The common x86 architecture has allowed malicious payloads to be carried in obscure software, or even injected during a download. The diligent users would only choose reputable software vendors and always verify their software (md5, certs, etc). For everyone else it's a game of chance regardless of the OS used.

Most Unix/Linux security failings that I have seen have been the fault of poorly written third party software like CMS tools (WordPress is known as Hacking101 in *nix land), and there used to be some beauties in the olden days like:
Running mknod on tmpfs in Solaris would cause a kernel panic
Setting up a cron job to unlock a compromised account was a common hack
My favourite #include "/dev/tty" even won the code obfuscation competition.

Unix/Linux wont be the panacea for solving all your security issues unless you have sound technical knowledge to deal with them. If you don't have the time or inclination to learn it all then look at OSX first then Windows.