Windows security is fine in itself (I believe there are now more web servers around the world running on Windows servers than Linux, though I'm open to correction on that). But because of the ubiquity of Windows in the usage of unsophisticated users (meant as a simple observation, not a criticism), those are the systems most targetted by malware.
Most malware enters systems these days through simple social engineering, making the user invite the malware in and permit it to install - attachments on emails, tempting clicks on poorly administered websites (even QC gets the occasional dodgy advert that Jeph has to get blocked manually), and the like. Real-life security means having software to help you resist those ways in - decent virus checkers (the built-in Windows one is not adequate - I recommend Eset NOD32, though it's not free), and popup-blocking and ad-blocking in the browser are the main ones. And on top of that, vigilance and common sense: Can that deal really be that good? Do you really want that widget that you've lived your whole life without? Plus awareness of where the risks are most concentrated - porn sites and illegal torrent sites are prime places for your system to be bombarded with attacks.
On the whole, I suggest that if you are canny enough to handle a Linux system, you should be canny enough to keep a Windows system in good order. That's not a good reason to avoid Linux, though, if you want to use it anyway; but depending on what you use you computer for you may find, as I do, that there are simply too many essential programs that are not available on it.