I can't really say for windows because I dont know much about it, but Linux (and all the BSDs to be fair) do better at security imo.
Yes, nothing is perfect in this world. Everything, even Linux, has its flaws, and a fair share of exploits. But fixing nd patching is way easier and faster with it. You have the code, if you do understand what's wrong with it, you can patch the kernel, without depending on Upstream.
The file systems usually (except a few ofcourse) offer better permissions, access controls, and attributes for file manipulation. It's harder on Linux file systems to somehow manipulate a file you dont have permissions for, but I'll not say its impossible. Possibly there could be a way you could use the kernel to gain privs and do it, but fundamentally, Linux's implementation looks better.
There are things like kernel hardening with agressive ASLR, grsec, SELinux and other kernel subsystems to keep a watch and restrict the userspace to less capabilities. SELinux wont even let you use the kvm kernel module as long as it is in the enforcing state. Ofcourse, when you're root, you can do pretty much anything with the system, but hardening features can restrict root too, if they're configured that way (yes, with kernel subsystems).
Linux is also just the kernel, so we'll get that out of the way now.
The userspace is certainly something that should be ideally associated with Linux and its security, but technically, the kernel is different, and the userspace is different. Sure, there are vulnerabilities for software you run in your userspace, but there's this thing called namespace sandboxing some things already implement (chromium), so the applications are confined in a restricted namespace with limited features to theur disposal. Soon, everything will run in its own container on Linux desktops. Namespaces would be a better word. That certainly helps. All they can do is get rid of your home directory. (but hey, anything can do that right? perhaps use something like btrfs or ZFS, and do snapshots/backups regularly.)
So, those were my thoughts on why Linux does better at security, and has some exciting plans to make things better in the future.