I don't think it's very fair to blame all of this on microsoft. I think Intel, AMD, many programmers, and software vendors around the world are responsable for the security problems we're having now days.

I see people here like many labor under the disillusion that simply using Linux or a iMac will suddenly end you're security problems. That is untrue and if anything I think they are less safe. The worse thing about computers such as iMac is there isn't as much attention to their problems. Some of you may think that is a good thing, but it's not. Windows is under constant and aggressive search for exploits, which is a good thing because it gets them out in the open. While mac especially and Linux has exploits that aren't known. I would rather have a kiddy scripter running around operating to be “l33t” then someone who is very dangerous operating like a ghost.

Running a firewall doesn't mean that you're protected from hackers, worms, and the like. If you allow any program on you're computer the right to act as a server or the right to connect to the Internet, then you're security is only as strong as the programs you are running. This is where I think Linux is weakest of them all. Linux takes pride in open source software and that probably makes them weaker then any other system out there. Most open source software is written by armatures and hobbist, people who don't practice or even know good solid programming concepts. Not to just single out Linux, I see the same type of thing in the Microsoft and mac market. Software vendors usually attempt to rush things out into a market and some things are sacrificed, things like security. Programmers are under trained or just flat out careless.

A more technical explanation:
There is basically two types of memory that computer programs access. It's not really two different types but more like two different concepts on how memory is allocated to a program. The first type is called a Stack and the other type is called a Heap. Stack based variables are normally created within programs that have dimensions that are usually known at compile time. Any time you pass parameters to a function for example, you pass them on the stack. (They can also be passed through CPU registers)Where as dynamically allocated memory is usually found on the heap. The heap is kind of like a pool that any computer program running can go to if it needs more memory at runtime. A program will ask the operating system to assign it some memory from this location if it needs more then what it has.

Now as far as the computer is concerned, there is no difference between variables and instructions. Variables of any type or instructions are all the same as far as you're CPU is concerned. Now I'm sure at this point you can probably tell where the is going even if the good people at AMD and Intel didn't. Basically the computer has a register (Register is a memory location inside the CPU) called the IP register or Instruction Pointer. That one single register is what keeps data and code separated.

Now when a computer program has a variable that has bounds (Not dynamic) and that bounds isn't checked and is allowed to overflow, a person has the ability to over-write the address in the instruction pointer. This type of overflow allows a person to execute code on a computer. See what they do is over-write the address stored for the instruction pointer and have it point back into the variable. So the CPU begins executing the things inside the variable as if it was instructions.

This method of attack is what most of you're hackers use. It's how they deface web sites and how non-email worms spread. Even if you have a firewall installed on you're computer, you can be vulnerable to an attack if you allow a program that has this type of problem access to the Internet. This type of problem can occur in every single type of system. It's not fair to blame Microsoft, Linux, or other software vendors as much as CPU vendors. Sure programmers who have failed algorithms have some blame but not as much as Intel and AMD as they are the ones who really write the rules programming wise.