faults are soon found and corrected. Thus making it more secure. But the biggest advantage is the fact it's designed with security in mind from the ground up and heavily compartmented with security gateways between certain areas; thus making an attack having to jump a number of hoops to get anywhere. Any major changes also result in a check of all the code of the OS, which also happens on a regular basis so they can keep the code down. Any security issues result in a change of the faulty code to close out its possible use.

Microsoft is all hidden code and bloated because new code is often added without checking if the same thing can be done by just changing the old code. Security patches are just that. more code put on top to patch the hole, not a fix of the hole. but the biggest issue with Windows is Microsoft did NOT include any security in the base code at all, and any security since has been add ones that once you bypass them you have the whole system open to you to attack and use as you wish. Add in the very first version of Windows, and each since, also included back doors to allow other Microsoft software to interact faster by being able to bypass the few security gateways they put in later, and you can see why it's so easy to have an infections jump from one program into the OS as they use those wide open highways.

Now it is possible Microsoft have left other deliberate holes for use by malware as part of its efforts to push their vendor lock-in process they call Secured Computing (once called Palladium), no one has yet been able to find any definitive proof of that, despite there being some empirical data to support the claim. So it can't be said they HAVE done that.