*For instance, 2 windows servers in a 100 server environment will readily eat 20% of a sysadmin's time

*Not so sure about that. My brother is the senior sysadmin of a mixed server environment - several Windows servers, several Linux servers, plus a couple of HP UX machines.

When it comes to patching security leaks, HP UX is easy. The patch is on the HP site. Windows is easy. The patch is on Windows Update. Linux - my brother has had to track down some specific patches for a leak in Apache, then he foud out that this particular patch required another patch, he had to hunt down that one too, he had to make sure he had the correct patch for the distro he's running. in short, it took almost a day before he had patched the Linux servers, while the Windows and UX machines were patched in minutes. 

Oh, and Mac patches are easy too, of course.

I've run a Windows server OS permanently connected to the Internet for over 5 years now. My logs tell me they're regularly scanned, and sometimes an automatic attack is tried. Nothing has ever broken through. 
Then again, nobody will really spend time to break into a simple home network. If your defenses are good enough to withstand automated attacks, you're fine.

Big companies is another matter, of course. Hackers WILL spend time and effort to break in, so you need better defenses.

The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter

My gallery   My freestuff