both.
your assertion that it should be easy to find holes in Free software is totally untrue by the way. if the source code is open to modification, and hundreds of people round the world are checking each others work, because they enjoy doing it, and they all have the opportunity to fix any problems that they see, then any holes in the code will be plugged very quickly, as opposed to having a few dozen guys (at most) who are paid to look for these holes nine to five, as well as doing a lot of other stuff, plus when a hole does get found out (usually by somebody breaking in through it) you have to wait for the company to get round to releasing a fix, which they might charge money for, then you can easily see which model will produce more secure software faster.
also, how do you think antivirus companies will make money if everybody starts using secure operating environments?