No, popular Linux distros, with default configuration, is considerably more secure than Windows, and probably more secure than MacOS. This is universally accepted and basic infosec ken. You thought very wrong, fix your ken.
'app sandboxing' is one part, of a small part, of a subsection of a general thread model, why would you pick that when you talk about 'secure'? And LOL no, Linux has SELinux, apparmor, firejail, flatpak, snap, docker, lxc, and various hypervisors for 'app sandboxing', Linux does not have 'basically none', it has arguably to many.
AFAIK the default config on Windows to install a program is still downloading an executable installer on Windows.
On Linux, the default config is you install most programs from the "trusted" distribution's repositories. Flatpaks and Snaps are increasingly used for apps that are not in the repository. They are not perfect, but they are improving.
I don't know how it works for macOS. You'd download a program image but I don't know what the program can do and if there's a sandbox.
I thought this was the working assumption.