Leap Of Illogic
Imagine two products--it doesn't matter what kind. Let's say that one product has 1,000 customers, and a terrible reputation for reliability. The other has only 50 customers, but a great reputation. Why the difference in reputation? The small product has only 2 or 3 customers with problems, but the large product has fully 50 customers with problems. In other words, the large product has as many trouble-plagued customers as are in the total user base of the small product. No wonder it has a bad reputation!
You can see where this is going, of course: Both imaginary products actually have exactly the same 5% trouble rate. It's only the disparity in the size of the user base that makes them seem different. In reality, they are both roughly equally reliable--or unreliable.
Using the same simplified analogy, and everything else being equal, a browser with a 95% market share will generate 95% of the problem reports in a given area. That doesn't mean that the browser with a 95% share is necessarily worse than a browser with a smaller share, just that a larger user base means larger numbers of problems; and a smaller user base means a smaller number of problems.
Of course, things do get more complicated when you shift to the real world. For example, the "everything else being equal" part of the above analogy fails when discussing Windows 95, 98, and Millennium Edition because they're not the equals of any of the current generation operating systems. Rather, Windows 95, 98, and ME have fundamental architectural problems that make them hard to secure: They are, at their core, still that "easy-to-connect-to" operating system from a decade ago; and not well suited to today's computing environment.
But on the flip side, the "everything else being equal" argument also breaks down for Linux and other open-source software because, as small-share players, they've gained a reputation for security that's at least partly undeserved: Low numbers of problems is not the same as a low percentage of problems. (We'll come back to this in a moment.)
Plus, this software has only recently begun to receive serious scrutiny from the malicious hackers, crackers, cyber-vandals, and other lowlifes that have traditionally focused on Windows. Consider that, historically, Linux was a numerically marginal player, attracting mainly users with a high degree of skill and knowledge; these users were "friendly" to their operating system of choice, and were not inclined to mount attacks against their fellow users. Instead, when these users found an exploitable hole in part of the operating system, they reported it and helped to correct it. In fact, this was an example of the open-source movement at its finest.
But today, open-source software has moved into the mainstream. For example, there now are enough unskilled and semi-skilled users of Linux that the operating system presents targets of opportunity for the unscrupulous. And with more crackers seeking open source security flaws for malicious exploitation, more and more are, in fact, coming to light, as a variety of independent sources confirm.