Indeed, but with the initial cost being $0, and the fact that you don't have to worry about viruses, trojans, or other assorted malware and the associated programs that you have pay for, install, configure and maintain, you'll end up way ahead with a Linux box.
Those security patches that are constantly flooding into you Linux box are because there are defects that can be exploited in the software. You are no further ahead with Linux than with Windows. Indeed, the attempts to make work-alike software are barely adequate in many cases. When I've had to purchase commercial Linux applications in place of the Windows versions, the price was higher...and the functionality wasn't as good. It's still a niche market for commercial (COTS) consumer software. It isn't supported at all by many of my vendors. The tools for embedded development distributed by Microchip are only available for Windows.
It's a poor strategy to cling to a given platform without consideration of your needs. I must have both Linux and Windows to get my job done. If a single platform is good enough for your needs, that reduces your maintenance efforts. I have to update 6 Windows platforms and 6 Linux platforms weekly. The Windows is a mix of Windows 2000, Windows XP Pro and Windows XP Home. Linux is a mix of Fedora Core 7 and Debian 4.0. In addition, the embedded Linux targets have to be updated with new shared libraries and executables in a completely manual effort. There is nothing automated for those very lean targets. Linux has its own flavor of "DLL Hell". I have to run "ldd" against every executable and ensure all the necessary shared libraries are present and correctly linked. It's easy to get it wrong.