I'd like to take issue with this statement:
linux is more secure. simple and easy choice
While *nix can be more easily made secure by an admin who knows what they're doing, there are plenty of Linux servers that are not as secure as they could be - often because the admins don't do a proper job configuring the server, or applying the various software patches. It's also true that while Windows can be configured to be both flexible and secure, people who really know how to make Windows sing and dance have likely paid several thousand dollars to go through one of Microsoft's certification programs - and even then, they may or may not be up on the latest tips and tricks. (Heck, Microsoft's own SQL servers were hit by a major worm because the admins hadn't stayed up to date with all the patches...and you can bet those folks had access to the proper training.) It's easier for someone to learn how to properly update a Linux server without having to pay lots and lots and LOTS of money; and as Linux/Unix has been around longer, there's more information about it on the web. It's not as easy for someone to find similar information about configuring Windows servers - Windows hasn't been around as long, and even then, Windows hasn't been used as a web server OS as much, so there's less information available. (There's also less *dis*information...but I digress.)
And, of course, once a nonsecure application is installed on a server, a brand new security variable is introduced - phpBB is very prone to exploits, yet it's extremely popular and widely used. And not all users are as good about keeping their installations updated. (phpBB will often let a hacker gain access to a particular account, but not necessarily the server.)
It would be nice if it were possible to say, "X is more secure than Y." and have that be a truism. However, it isn't. And I'd really like to agree with anything slamming Microsoft, just on principle. I strongly disapprove of their business ethics. They're more fond of expediency than producing a secure, robust product. They seem to count on user ignorance to continue selling their products, and they often use scare tactics to get people to buy into their latest scheme. I really, really, REALLY dislike like them, even though they have made some undeniable contributions to the world of computing. However, in this case, I have to point out the flaw in the logic.
Your server is only as secure as your sysadmin makes/keeps it. So much depends on the experience and expertise of the person configuring the server. If the admin doesn't keep up to date with what's going on with security problems, and doesn't keep their servers adequately patched, the server will not be as secure as it could be - regardless of what OS it's running.