This is a little rant about those people who feel the need to jump on every announcement of a security issue with Linux or Windows, and claim their favourite operating system is more secure. These days such rants are little more than fanboyism, and childish at that.
I'm an old Unix guy (and thus am into Linux rather than Windows), and in the past did used to ramble on about how insecure Windows was. And Windows used to be a complete disaster area when it came to security.
But that has changed. Whilst I'm still not a big Windows fan, the security of Windows itself has improved to the point where it's not too bad.
Of course there are plenty of software vendors out there who are completely clueless when it comes to security, so any time you add some piece of cool corporate software to a Linux or Windows server you're running a big risk.
But back to the haters.
The most irritating thing about the whole 'my operating system is more secure than your operating system' is a simplistic comparison of Linux and Windows. They are not directly comparible. – simply counting the number of security vulnerabilities in "Linux" and "Windows" is an overly simplistic comparson.
First of all, Linux has many more components than Windows; partally because Linux tends to throw in the kitchen sink, and partially because of a different philosophy – the "Unix way" is to build many small tools rather than one big tool. But just because Linux includes tons of stuff, doesn't make insecurities in all that stuff a problem on your server – for example, none of my web servers have a web browser installed so all those hundreds of web browser bugs are irrelevant to my servers.
Windows itself has caught onto the trick that has been standard practice for decades – only install the stuff you actually need. Whilst there are popular Linux distributions that do the same thing (Debian, and Ubuntu amonst others), there are still some that tend to install far too much (RedHat, SLES, etc.).
Secondly the number of vulnerabliities does not take into account how serious each vulnerability is. Ten privilege escalation vulnerabilities comes nowhere close to a shellshock.
When you come down to it, the choice of which operating system to run has less of an effect on how vulmerable your server is than who runs your server. A tightly controlled Windows server that is patched often and well configured is far more secure than a Linux server that is patched when installed (if then!) and then left alone by an administrator who assumes that "out of the box" configurations are suitable.