And in most cases, that's not Microsoft's fault. The application builders did things that required that level of access. Anyone could build Linux apps that "need root privileges to work", but it's more likely they won't get much, if any, use because of that requirement.
Granted, many developers were used to working from a Win9x standpoint, where there was no limiting security like there is with NT, but they built the software with "full access" for Win9x, and people claim Microsoft screwed up when it stops working because of the better security model of NT and Vista (and up). And Microsoft, to do what they could to ensure a sale, took a mindset of backwards compatibility to a huge degree, so if someone had a 5 year old application from a dead company built for Windows 95, it would still work if they needed it in Windows XP.
As long as a user can run any program or script and wipe out everything they are allowed to, it's still a problem. The current Windows security model (with Vista and Win 7) and Linux model are mostly the same at this point.
Outside of NT, Windows didn't have such a thing as an administrator and regular user. And the Win9x systems were a bit more oriented for home users, where the users pretty much always are the administrators. And I will agree that, with WinXP, they screwed up by defaulting to administrator, but with Vista and Win 7, they're moving in the right direction.
But, once again, if you push Linux to the mass market, you will get a lot of people that resist the user security design. It's not just a Linux thing, a lot of people like that hate the new security method in Vista and Win 7.

yeah, hence I said, Vista is better than WinXP in that context. Anyway, I know what I'm talking about because I work in tech support for an ISP and I have users unbind/rebind tcp/ip, run a cmd prompt with admin rights, and all sorts of things of that manner, for a living. Thank you sir.

At this point it really doesn't matter whose fault it is; dredging up old history to try to figure out just where to cast blame isn't particularly helpful, and casting blame isn't what I'm out to do. What's important is simply to recognize what the current security models are, and what the weaknesses are in them.
That's actually something I think was a big mistake, at least in the way that they handled backwards compatibility, but that's a matter for another discussion and we're already wandering off-topic as it is.
Users doing stupid things has always been and will always be a problem. There will always be people who for some reason refuse to follow good security practices, and this isn't something you can fix through technological means. What you can do is design the OS to make it as easy as possible to follow good security practices for those who want to and those who are neutral on the matter (including setting all the default options to strike as good a balance as possible between security and usability, as most folks will simply leave the defaults as they are unless they aren't able to do what they want to do).
I believe you've mentioned as much before, and thus I'd hope that if I get any details wrong or if my opinions indicate a gap in my knowledge or understanding that you'd use your experience to better educate me on the specifics.

When I was in primary school in oh, say, 2000 or so, we didn't have a Windows machine for the first three years. It was an Acorn computer. That does not make me any less computer literate. Whoever says that we shouldn't use OSS in schools because kids wouldn't understand Windows in real life is wrong.

I'm sorry, but you're wrong. whooray Cnet!

You really should read the whole report. FF may have had more reported flaws, but they were fixed quicker and were generally less severe than those that affected IE. In fact, the report shows that at the time it was generated, IE still had flaws that were publicly reported and not fixed for almost 300 days, while the longest FF went without a fix was only 86 days and had no open issues at the time. Which is more secure, the browser that finds and fixes the bugs quickly or the one that finds the bugs, but takes almost a year to fix them, leaving the users completely vulnerable in the meantime?

I read that, but having more holes means less secure imo.

Having more unpatched holes means less secure IMO.
Also, don't forget that the quoted report only covers vulnerabilities that were publicly disclosed by the vendors. It is not uncommon for closed-source software companies to refuse to acknowledge certain vulnerabilities even when there are exploits in the wild.

I see it as a means for them to attempt to offer a way for customers to move forward to a more advanced/secure/etc. version of their operating system without having to potentially pay huge amounts to upgrade or replace their existing software, which may have changed licensing for new versions or may not have new versions.
They are a company. They're in it to make money. They will do some things (and did) to minimize the number of people that won't upgrade because Windows XYZ breaks their poorly written application.
And Linux isn't immune from that either. Any distro or kernel updates could break an existing application, and any non-coders would either be stuck without it, waiting for someone to update it to work, if anyone does maintain it or has it as open source, or not upgrading their distro/kernel, which leaves potential holes or issues that should be patched.
...
As far as being "on-topic" for the thread, I don't see any issue with wanting to explore using open source software, but at the same time, as has been brought up before, some things should be considered before decided to use open source in some cases instead of existing closed source solutions, due to the "price" of switching.
There are many good open source projects out there, and there are some do perform as well or better than the closed source counterparts they set out to replace. But a "price tag" should never be the only consideration for what software to use.
...
EDIT: Wanted more space between my reply to DarrkPhoenix and my general on topic comment, but I guess they strip extraneous newlines.