Generally, open source OS's aren't targeted as for attacks. This doesn't mean they don't have vulnerabilities. There are a view AV programs that run cross platforms...but no where near as many that run on just Windows. Remember Windows is pretty much a standard, so it's targeted.
Again, most threats are posed through the internet...hacking into a network, denial of service attacks, etc. So it's important to have any OS that connects to the internet secured via firewalls.
Hope this helps!
I agree with Schmidtw, it is only a matter of time before viruses and spyware are a bigger problem for Open source O/S's than they are now. This Site has a version of the popular AVG antivirus for Linux desktops. There are not a lot of viruses for OS's like Linux, but as their popularity increases, they will become more of a target. This article discusses a few more aspects of Linux virus issues.
As stated above, firewalls like this one are crucial to a network's security.
Security is a wide term, and it can be implemented in different ways at different levels and components of the operating system, and it also needs to be implemented on applications that are not necessary part of the operating system itself, as web browsers, media players, etc.
On the other hand, "open source" does not identify some type of operating system. It only means, among other things, that the source code of the software is open and available for people to review it or modify it. That being said, two open source operating systems could be completely different, and implement security in different ways.
Security is usually described in three terms: <b>confidentiality, integrity and availability</b>. If the system is capable of reliably serving the user needs and meeting these three requirements for that user, then the system should be considered secure. If any one of the triad is failing, then the system should be considered insecure and that vulnerability repaired. There are many ways that the vulnerabilities can be repaired or mitigated as referenced above. Often it is not really the OS that is at fault but some service/application that is running on top of that OS that creates the risk.