I would say your friends are essentially correct.
To put an extreme example, there is only so much an operating system can
do for security-unconscious users that will grant root permissions to an
unknown executable that promises adult content or the Linux port of
Knowledgeable and determined attackers can only be fended-off with an
active security policy.
However, the Linux software distribution model based on well-maintained
centralized repositories will probably help in making casual infections
more difficult. If those repos are compromised, though...
Linux-audio-dev mailing list