There is some truth to the idea of Windows vulnerability and some good reason
for this as well. The first reason is (as mentioned on other posts) Windows
users have the (bad) habit of running with elevated privileges (administrator in
W and root in L). Take a look at a common issue in Microsoft security
bullitens:

"This security update resolves a privately reported vulnerability in MPEG-4
codec. The vulnerability could allow remote code execution ... An attacker who
successfully exploited this vulnerability could gain the same user rights as the
local user. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights."

The Holy Grail of explotation is elevated privilege. Next Windows is a much
bigger target. Third is that Windows default tends to leave a lot of ports open
for numerous services widening what is called the threat surface. The more
applications available the more vulnerability. The common view of cyber threats
is that the OS is the primary target when in fact the Web Application is far
more vulnerable then the OS (and potentially more profitable). Currently there
are a lot of attacks by the Zeuss trojan on banks and this of course is profit
driven. The Stuxnet bug is presently attacking industrial systems by altering
PLC components. One of the most popular targets of hackers is presnetly hand
held devices such as cells. Linux is more resistant to attacks but not immune.
As the profit margin for Linux attacks go, there will be the scoundrel there
exploit it.