Security portal Zone-H, which documents attacks on and defacements of Web pages, has compiled statistics about the attacks within the last year. Apparently, Linux servers were successfully defaced twice as often as Windows servers. Apache servers were defaced three times as often as Microsoft's IIS. Zone-H registered a total of just under 500,000 defacements in 2007.
Operating system attacks in 2007:• Linux 306,076 • Windows 139,503 • FreeBSD 18,542 • Mac OS X 1,488
And why is that? It has nothing to do with which one is "better" that the other one! And yes, I know, it's not normalized, not in comparison to the absolute number of installationes. But does it matter? This is not my point, but how often do I hear: I do not have to patch my systems, because they are not Windows! Malware and vulnerabilities are a problem of Windows systems only...
Software updates are a fact of life! Windows administrators had to learn that the hard way. However, from a criminal's perspective, in most cases, the operating system of the compromised system doesn't matter. But, it's a lot easier to attack unpatched systems - it's about the low hanging fruits!
From Roger's blog post: http://blogs.technet.com/rhalbheer/archive/2008/03/19/sun-and-apple-update-a-sheer-nuisance.aspx