What is the most secure operating system?

Security is a difficult and sometimes controversial thing to analyze. The only truly "secure" operating systems are those that have no contact with the outside world. The firmware in your DVD player is a good example.

Among all modern general purpose operating systems (Windows, Mac OS X, Linux, Solaris, FreeBSD, NetBSD, OpenBSD) the most secure by defualt is by far OpenBSD. OpenBSD has an extremely stringent security auditing policy; only two remote attack vulnerabilities have been found in the last ten years. This is because OpenBSD doesn't create a large attack surface by running a large number of networked apps.

Of course, the sad fact is that any networked operating system can be made insecure through careful misconfiguration. Window's problems with security stem mainly from the fact that it runs with a large number of network services on by default, and that it (XP and prior) let the user run with full privileges by default. Windows Vista attempted to fix this issue, but people rejected it as "too confusing" and complained that their old apps did not work correctly under limited accounts.

Mac OS X is better about user permissions, but still has had a (in)decent number of remote exploits. Apple's slow response to patch many of these issues will be even more worrying if it gains significant market share.

Most Linux distributions have an excellent policy of quickly patching known security vulnerabilities. Unfortunately, two of the top ten distros deliberately use outdated code (Damn Small Linux) or make it too easy to run as a privileged user by mistake (Damn Small Linux, Puppy Linux). Were these distros to gain significant popularity, their users would be exposed to a larger number of vulnerabilites than if they encouraged proper security policies.