I disagree anjali, as we can't just look at "Default securities" because if the admin doesn't know it's secure already and how, it's a waste. Windows doesn't come with as many open services as you think (I counted 3 - 4 on a default tcp probe unfirewalled), and this is equal to a default install of Redhat.

Thus we can't say Linux is more secure than Windows, or vice versa, because it isn't about the OS it is about the admin knowing what securities are in place. If someone from Redhat switches to OpenBSD and starts changing a ton of settings because they knew Redhat down pat but BSD runs differently, then BSD's default security is once again worthless. Point being, though, that defaults mean absolutley nothing in the world of security. If someone is defending their network with a default install I would call them an untrustworthy admin. Not just because it is a default install (and even OpenBSD at that), but because they would not take the time to learn the OS and take the extra steps to secure it further.

Because, in the end, they can all be just as secure with the same amount of hassel. While setting up Ipchains may take someone weeks to figure out, installing zone alarm takes them 5 minutes. Where as it may take someone a few weeks to learn how to turn off windows services, editing starting services on a linux box can take 3 minutes. It isn't about default, it's about what the OS can do in the end and what limits you can stretch it to.