Kind of compares apples to oranges to melons
Concepts such as privilege escalation and process separation are not 'stand alone' issues, they exist as part of the overall system, as security is all about layers.
The point here, is that the design and architecture of the OS kernel not as relevant as what goes on top the kernel, and how the services and processes are exposed to attack.
There are differences, to be sure. If you compare the heart of the kernels of CG Linux versus Windows XP.
But this is mostly irrelevant, as a misconfigured or poorly patched GG Linux system will get owned before a patched and locked-down XP system.
Why? It's all about attack surface and finding vulnerabilities.
Attacks do not succeed because one OS is more secure in a generic sense. Attacks succeed if there are exposed exploitable services or unpatched vulnerabilities.
An out-of-the-box Windows PC has an attack surface the size of Texas, while a hardened UNIX or Windows server has a very small attack surface.
A successful exploit can only happen if there is a vulnerability, and the vulnerability can be performed on the device, by the attacker, which means possibly bypassing logical or physical controls.
The issue with a Windows wokstation, obviously is that it's 'do anything' capability can be used for both good and evil.
If you deploy a Windows server in the recommended configuration for NIST EAL-4 certification, it's not the same thing as the unpatched XP workstation of Joe-six-pack.
