I started my engineering career before IBM ever made a PC. I've seen too many of Microsoft's brain-dead security decisions for me to be comfortable trusting Windows. Microsoft thought it made sense to have an email client that would automatically execute Javascript emailed by strangers and to automatically run executable files on CDs upon insertion. They thought it made sense to have application installations write to system directories and to have a "registry" where any application could read and change any other application's registry settings. I know, it's so much better now. They fixed those things. Sorry, but I'm going to continue to exercise an abundance of caution.
I do have a Windows Server system for SMTP/POP3, FTP, and HTTP servers. It's been very reliable. It's headless, is never used for web surfing, email, or any other "desktop" functionality. The applications installed are the bare minimum needed to operate and administer it. I've tried to strip out every service and protocol that isn't actively in use. It's behind a pfSense firewall that is very tightly locked down (even down to blocking entire countries by geoIP lookup).