Debian, RedHat, Mandrake, SUSE and Mandrake have released a Joint Statement about GNU/Linux Security in response to a report on Linux security. Basically it points to flaws in the original reports methodology (considering every vulnerabilty as having the same danger), and says that closer investigation of the reports conclusions should conducted.
This has always been one of the problems with examining security between Windows and Linux (or any different OS)... high profile or low profile, root exploits, local, remote, etc all come into play, and you rarely see a comparision where all these factors are taken into account.
My way of looking at it is how comfortable would I be putting a box of either type connected directly to the internet without a (separate) firewall? Hint. Not windows :)