The largest threat is social engineering. A well-hardened/secured Linux box is much more secure, technically, than a Windows box.
In fact, I've set up all our new builds here at work so that no user (except one account) can become root--even if they know the root password. They can run a limited subset of commands as root (to enable them to do their jobs), but they cannot become root, and they cannot edit important configuration files as root--though they can edit other files as root.
“In fact, I’ve set up all our new builds here at work so that no user (except one account) can become root—even if they know the root password. They can run a limited subset of commands as root (to enable them to do their jobs), but they cannot become root, and they cannot edit important configuration files as root—though they can edit other files as root.”
Yes, I was just reading about creating levels of configuration access.