Considering the exploit record of Microsoft Windows, I'd say his paranoia is quite justified.
.
Indeed, if only Microsoft were as paranoid about people exploiting vulnerability vectors into Windows.......
As unpopular as my post is going to get on such an anti MS and pro Linux site I have to say MS really did do a good job after the security Memo from 2004 starting with Vista in terms of security. I would rank it as one of the most secure operating systems behind OpenBSD and MVS as number 3.
Modern Windows has all the apis go through ACL to prevent bypasses that explains UAC prompts in Vista. It also now randomizes data in the ram to prevent injections via ASLR. It has a signed bootloader to prevent rootkits. It can now accurately separate storage vs execution data to prevent buffer overflows. It has kernel level sandboxing with low-rights mode which Chrome and IE use for default which severely limit FS and services access. Windows Server can be powershell only which can limit 90% of the exploits with GDI and excess services that no longer need to be patched and so on.
All the exploits you read are from Adobe and Java which due to XP compatibility can't use modern features such as low-rights mode due to people not wanting to change.
I am not saying it is an amazing OS but it is not WIndows 98 anymore where pointers and crashes were all over and all you had to do was put your code in a ram address where a known pointer would look and BAM 0wned!