You and Ballmer seem to have this same problem. Maybe it's all that time under his desk?
Apache 2.0.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Not critical
Microsoft Internet Information Services (IIS) 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical
My, my. Look at all that red ink.
But wait, it gets worse.
The vast majority of Windows web servers are not running IIS 6.0! They're still running IIS 5.x. So let's take a look at the stats there:
Microsoft Internet Information Services (IIS) 5.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical
And yes, Apache 2.x isn't the most used web server, it's Apache 1.3.x. So let's look at those stats:
The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Apache 1.3.x.
Hey! No red ink at all!
Find a better source for your FUD. I'm on the Secunia site every day. I do security for a living, and no matter how much you and Stevie try to spin it otherwise, Microsoft routinely comes in dead last when it comes to security.
Speed-to-patch, stablity of patches, zero-day exploits, external access to or bypass of system permissions, you name it, Microsoft sucks at it.