I would argue that Linux is inherently much more secure than windoze, simply because of how it handles user space vs. System (root access vs. User access). Also by how transparent its configuration is and how much information is readily accessible detailing how it works and how to adjust things.
However, when talking security for anything above the average user’s browsing needs, it can get very complicated depending on what you are trying to achieve.
Think of it like building something to keep out honest people vs. to keep out hardened, knowledgeable, clever thieves. Obviously the latter is going to take more time and resources to achieve, while the need to keep out more sophisticated bad actors would probably only be needed if you have something they might want.
Here are some suggestions for searching if actual security is your goal. Others can chime in with more things if they want. This is just some topics/programs you can read about to dip your toes in.
- nftables/Firewalld (common firewalls)
- wireguard/openvpn (vpn protocols)
- rootless containers (podman)
Best of luck!
I think it’s best to read the actual docs published by the research when available. News tells some, but I have seen it sensationalized a few times, where it only affects x kernel with y module before update z.
That being said, these are seemingly getting more and more frequent as previously noted.