Yeah sadly, there's heaps of them. People who connect their Windows machine to the internet by establishing the PPPoE session from the machine, for one. People who rent a VM from a cloud provider and just get a straight up Windows box with no firewall, for two. If you think there's not a lot of those, believe me, there are. We run a cloud computing company and we frequently (ok, by frequently I mean a few times a year, I suppose - but we're just one company) get requests for people to have a Windows box with no firewall (other than the Windows one) because "it gets in the way", etc.
As a service provider, I am not sure how to handle this because, technically, it's "their server". I mean, I can provide them all the advice I want but making them listen is another thing altogether.
In one case, I showed the guy that I could map a drive to his server, over the public internet and that he needed to deny all ports other than the one he needed open (443) but it's like speaking to a child. They don't understand why it's a problem and they just want what they think they want and they want it, now.
So I am not really sure how to handle this. Wherever I can, I don't give them the choice - I just enforce an upstream firewall but at the end of the day, if someone wants to pay money to own a VM and they're not (yet) causing any problems for anyone other than themselves...I can't be in business if I keep saying no to everyone. So yeah - there are plenty of Windows people out there who expose everything to the world.