Security is just an illusion. Even if we know what are trying to achieve and know the exact procedure to follow. Even in that case, we can never say for sure if everything is alright. For instance, If you are looking for an image editing application on Internet. Eventually, you will find one and install it. But wait, did you ask yourself if the application was downloaded from trusted sources. Was the source code available to user for inspection. If the answer to both the questions is NO then, you can’t ever be sure if it was right to install that particular application.
One argument against the second question is – not everyone is tech-savvy to analyze application code. That is correct, but if the applications source code was available for all to analyze then someone could have spotted a potential vulnerability thereby pushing the developer to fix those vulnerabilities. Though nothing against those who don’t provide source codes. They take the responsibility. But, those who analyze the application whether its a open-source application or otherwise may overlook something. And, some bad actor exploits the vulnerability.
Is Ubuntu/Linux considered relatively secure?
Firstly, When you intend to install an application, then look for the application in Ubuntu’s standard repository. We can at least be certain that the packages we install come from trusted sources.
Secondly, By default you won’t be logged in as an administrator. A root (or, administrator) user has the privileges to modify anything on the distribution. To have root’s privileges, one needs to directly login as root or become a user who has administrative rights. And, without the superusers’ access it is impossible to make any changes to critical files in Ubuntu/Linux. Above all, Ubuntu/Linux users have App armor/Security Enhanced Linux to assist them in critical moments.
Lastly, Its free and open-source; any one can analyse the source code. Potential vulnerabilities can be spotted and fixed quickly. Though there could have been loopholes that may have been overlooked. Under such circumstances, other users may chip in and analyze the application. And, if there is a vulnerability then it can be notified. Compare this to a scenario, where only ten developers designed an application and they remain unaware of a potential vulnerability for the longest of time. Some bad actor may exploit the vulnerability for years without getting noticed.
We can never say one operating system is more secure than the other. It all depends on one preference for utilities.