It's not entirely virus and worm attacks that are the issue, though. It's the security issue in general. Code Red is a very nice non-destructive virus. The same technique could be used to log into foreign machines and wipe their hard drives clean as a whistle.

To further confound matters, nearly all Linux attacks are specifically attacks against Red Hat Linux, which is infamous for it's sloppy security defaults. If you really wanted to make your sales pitch have weight, compare Debian Linux security problems to Windows NT security problems. I bet you're looking at a ratio of 1000 to 1.

Bolot

Of course the real problem with most viruses is the bandwidth consumption, such as with those that automatically email themselves (and being distributed they are ignorant of where other copies of the virus had sent things, which piles up fast)

Hmmm....I'm not so sure about this. The two that come to my mind quickly, telnetd and bind, affected many different flavors of *nix, not just Red Hat. Red Hat, simply, has a large dispersion, it's in use many places. So, while there may have been a disproportionate number of Red Hat systems being hit, they certainly weren't alone. Red Hat installs a lot of stuff by default (such as telnetd and maybe ftp..can't remember) that is, by its nature, rather insecure.

Attacks against Windows Systems mainly are VBScript (or other Windows Scripting) attacks targeting sloppy scripting settings (what do I need the ability to automatically execute a script sent to me by EMail for? - when will we see so-called signed/certified content and a security model like Java's in Win32?)

Attacks against UNIX/LINUX Systems are mainly exploits in services (like buffer overflows, or other Denial of Service Type attacks). By their very nature they target all systems running a certain service.