1. Smaller audience
Let's start off with an easy one. There are less people using Linux and the people that do tend to be more tech savy. Therefor it is less profitable to write malware for Linux, hence there are less attempts. It had to be said and it is probably true, however it is by far the sole reason. For example; Mac OS X (being a UNIX type operating system also) has gained enormously in popularity but not in malware. Coincidence? Read on!

2. Software Repositories
The process of installing software on a Linux box is somewhat different then most people are used to. For example; on Windows one would go to the software manufacturers website and download a binary to install. Instead most Linux distributions maintain socalled Software Repositories. Almost all software (browsers, wordprocessors, ftp-clients, mail-clients, et cetera) can be installed by simply selecting it within a package manager. The applications in the repositories are specifically built and tested for your system, which ensures that they are legitimate and contain no malware. The repositories are filled with tons of software which you might need, only in rare occasions would you have to resort to other installation methods like a manual binary install or compiling from source. Getting your software from a secured and verified place, makes it less likely that you accidentally install malware on your computer.

3. System-wide security patches
Another big advantage of Software Repositories is that it also allows for system-wide security updates. It is your Linux distribution that decides which version of a particular program you can install. This sounds like a disadvantage at first, but the benefits definitely outweigh the drawbacks. For example; if a patch is needed for a specific piece of software (from kernel to browser) you would almost instantly be given the possibility to update. This way you can easily keep your system up-to-date without having to constantly keep track of new software versions and flaws. In a sense you outsource the entire software security issue to your Linux distribution, making even inexperienced users as safe as can be.

4. User privileges
By default you are an underpriviledged user on your own system. You can do make/edit documents and run most application on your system. But as soon as you want to reconfigure the system or install/update software you'd first have to prove (usually by means of entering a password) that you are authorized to do so. It's a very effective way of preventing a single software flaw in becoming a systemwide security breach.

5. Execute permissions
Generally speaking, files can be documents or applications. A document (picture, video, tekst) is something you can make by using an application. In Unix environments files are treated as documents by default. Meaning, you can't run them. Suppose you accidently download some piece of malware thinking it is the latest Britney Spears hitsingle. Even tripple clicking it won't make it run. In order to make the file behave like an application you'd first have to manually set execute permissions on it. And because nearly all malware is first activated by the user himself, this simple precaution makes it that much harder for malware coders to deploy their malicious software.

6. Open Source
The security through obscurity principle is flawed, I think most security experts would agree. Proprietary software isn't inherently less exploitable then Open Source sofware simple because the code can't be looked into. I would even argue the exact opposite. When Open Source software get's popular, the source code is inspected and tested by a global community of developers. Granted some with bad intensions, but also those trying to learn from it and better it. As a result the software tends to consist of clean and well maintained code, which is thouroughly security scrutinized and debugged freely by third party's. Collaboration leads to better software!

Is Linux infallible?
Nope, not even close. But conceptually better protected then some.

Which distribution is right for me?
There is not one "Linux". Literally hundreds of different flavors exist, picking the right one is something you'd have to find out for yourself. If you're interested in trying out something easygoing, I'd personally recommend Ubuntu or Linux Mint.

Network auditing is a tedious task and because it's not very stimulating work, you're likely more prone to error. I too, as your fellow computer enthusiast, like to automate just about anything (and as such my dog is never hungry, my teeth never dirty and my neighbor never under-greeted).
So here's how I did it this time.

1. Nmap 5 to the rescue!
Nmap is a "network exploration tool and security / port scanner", commonly used by sysadmins and unanimously considered (by me) to be an indispensable tool. Nmap version 5 was recently (july 16th, 2009) released - bringing some exciting new features. This article focuses on Ndiff, the scan comparison tool. It's the fruit of a Google Summer of Code project in 2008.

Your first task is to install Nmap 5. It happily runs on Windows, Linux, and Mac OS X, however this article is written with Linux in mind. Note: earlier releases won't do, on Debian Lenny I had to obtain version 5 through the backports repository.

2. Next, install the script
Make a directory somewhere only accessible by root and put the following bash script in it:

#!/bin/bash
# Simple cron-based network auditing scanner
# Requires Nmap 5+
# Related article @ http://blog.fili.nl/articles/audit-your-network-using-nmap-ndiff-and-cron/

MAILOUT=your@email.com
NETWORK=10.0.0.0/24

CWD=`dirname $0`
NMAP=/usr/bin/nmap
NDIFF=/usr/bin/ndiff
MAIL=/usr/bin/mail

if [ -f "$CWD/baseline.xml" ]; then
    echo "Scanning network $NETWORK..."
    $NMAP -n -oX "$CWD/current.xml" $NETWORK >/dev/null

    echo -n "Comparing Nmap scans using Ndiff..."
    $NDIFF $CWD/baseline.xml $CWD/current.xml >$CWD/last-result

    if [ $(stat -c%s "$CWD/last-result") -gt 70 ]; then
        echo "Changed!"; echo "$MAILOUT has been notified."
        cat $CWD/last-result | mail -s "Alert: Network $NETWORK changed" $MAILOUT
        mv $CWD/current.xml $CWD/baseline.xml
    else
        echo "Ok."
        rm -f $CWD/current.xml $CWD/last-result
    fi
else
    echo "First scan, generating baseline..."
    $NMAP -n -oX "$CWD/baseline.xml" $NETWORK >/dev/null
fi

Download: naudit-cron.sh

It's a quite straightforward script as you can see.
Here's what it does:

1. At the first run, it makes a baseline scan of your network to compare too.
2. At subsequent runs it makes a new scan and compares that to the baseline scan. When something differs in your network (like newly opened/closed ports or computers that have appeared/disappeared) it alerts an admin.
3. Finally it updates the baseline xml-file to reflect the change.

3. Configure the script
There are few settings to adjust, but they are important. MAILOUT obviously declares where to send the notifications to. With NETWORK you can define what you want to scan, this could be an entire subnet (in CIDR notation) or a single ip.

MAILOUT=your@email.com
NETWORK=10.0.0.0/24

Make the file executable and run it (a couple of times) to generate the baseline xml-file and to verify that everything works as expected.

4. Finally, cron it
The only step left is to automatically execute this script on a hourly/daily/weekly basis. This is kind of OS specific, on most Linux distribution you'd create a new file in /etc/cron.d/ containing:

# minute - hour - monthday - month - weekday - command
0 1 * * * root /root/naudit-cron/naudit-cron.sh >/dev/null

Tweak the cron settings and you're done!