I bought the Hacking Exposed books.... they were enlightening: Linux isn't really 'safer' than Windows; it just has a different set of vulnerable points (fewer of 'em, but penetrating deeper into the system and more likely to persist across versions). If you want true security, run Netware.
The patching system may be the real culprit, tho: It's been pointed out that when a Windows version becomes "unsupported" there's an abrupt cessation of newly-found vulnerabilities. Why? Because the bad guys discover the holes mostly (perhaps entirely) by reverse-engineering the official patches ... which with Windows, tend to be monofocused on a single bug, making the hole fairly easy to ID, and thereby paint a handy target on unpatched machines. Conversely linux updates are, to my grok, more likely to address a bunch of stuff at once, making any single hole harder to identify. Likewise, Windows service packs (which address a bunch of stuff at once) have not typically been followed by a rash of newly-found vulnerabilities.