Except that mechanisms like DEP, ASLR, heap cookies, etc are being applied to all systems. Why? Because all of these OSes are vulnerable to the same classes of flaws.
Since XP SP2, Windows has led the way in protecting code itself. Linux is largely on par these days, with OS X trailing way behind (they're playing catch-up now).
As far as complexity, I strongly recommend you actually look at the protections in place. Those on Windows are significantly simpler (and more effective) than those on Linux, as of Windows Vista. The new heap, the simplified ASLR, etc all made things considerably simpler and harder to attack.
> all of these OSes are vulnerable to the same classes of flaws.
They are. It's an unavoidable fact of life for the kind of computer we use (read x86 PC). But don't confuse being potentially vulnerable to a type of attack to actually being vulnerable to a specific attack of this type. In order to be vulnerable, you not only have to, say, allow a user-mode program to write on a page marked as executable (something I remember some high-end processors from the late 80's could prevent) but you actually must have a buffer overflow to go with it. Unless both conditions are met, you are not at risk.
As far as actual complexity of the implementations are concerned, I can't evaluate Microsoft's, as the implementation is secret. I cannot, however, imagine how the Windows implementations can be simpler, for Windows is a much more complex operating system than either Linux or *BSDs. As alexandros pointed out, a larger surface means more to defend.
Since XP SP2, Windows has led the way in protecting code itself. Linux is largely on par these days, with OS X trailing way behind (they're playing catch-up now).
As far as complexity, I strongly recommend you actually look at the protections in place. Those on Windows are significantly simpler (and more effective) than those on Linux, as of Windows Vista. The new heap, the simplified ASLR, etc all made things considerably simpler and harder to attack.