The management decision to run Unix or Windows will certainly be biased toward the operating system your administrators are most familiar with. Next comes careful consideration of the role of the specific server. Will a Web server running on Windows provide the same features as a Web server running on Linux? Can you really serve files to Windows clients with a Unix-based Samba server? How easy is it to update software on your chosen server? Let's find out.
Web servers are very important, yet people tend to underestimate the security and performance issues associated with them. The number one vector of attack is through vulnerable Web servers. The popular Apache web server is constantly releasing security updates, but does this mean it's insecure? Well, no. Despite what some competitors want you to think, this means just the opposite. It does take a fair amount of time to maintain open source software, though. Compare that to the cost of running Microsoft's IIS server, and the cost-benefit tradeoff quickly becomes clear. With IIS you get updates periodically, an insecure default setup, and many reasons to increase your antacid intake.
There are always situations where people are locked into one vendor's product. If you're in that boat, this article probably isn't going to be interesting. If you do have a choice, consider this: If your Web server gets hacked on a Unix-based platform, then the user it runs as is compromised. If you're relatively up to date on patches, the malicious person who compromised your Web server won't get full root access. When IIS gets whacked, it means the entire operating system is compromised, along with all your user accounts.