Misses half the point
Yes, it's true that you're exceedingly unlikely to get any malware on your computer if you're not using Windows. This is a given. Redmond apologists like to say that this is only because there are more Windows boxes than any other kind, and that if some other operating system were as popular as Windows then it would have the same problems; this is untrue for a number of reasons, many of which relate directly to the technical design decisions made in the early days of Windows, but that's neither here nor there.
Security folks often tend to look to the box for defense. Run antivirus software, the common wisdom is. Run firewalls. Good advice, to be sure, but the fact of the matter is that this will never provide an adequate defense. Malware changes too rapidly for AV vendors o keep up with, and firewalls defend against worms but not against malware that comes in from the browser or through email.
What I'd like to see is more attention focused on the supply side, not the demand side, so to speak. Where is the malware originating? Surprisingly often, from compromised Web sites (SQL injection attacks, anyone?), from compromised blogging and forum software hosted on Web sites (dear God, somebody, please make the insecure installations of phpBB go away!), and from sysadmins and ISPs that just don't give a toss.
Case in point: a free phpBB service called setbb. At any given time, this "service" has anywhere between 29,000 and 48,000 redirectors on it that lead the unwary to W32/Zlob droppers; as of last Friday, a rough estimate I've made suggests that 1 in every 4 forums hosted on setbb is infected with a redirector that leads visitors to malware droppers. I've spoken to the Web host for the site; their position is "Well, we're aware that there's a serious problem here, but technically they're not violating our AUP because technically they're not hosting copies of the malware, only redirectors to it. So we're not going to do anything."
Another classic example: news sites which use internal redirection scripts that are insecure and don't check referrers. I've seen people hijack these redirectors by seeding Google with popular keywords linked to a news redirector that leads to a malware site, something like
www.somenewscompany.com/redir/php?link=http://www.somemalwaresite.lv
Since Google recognizes "somenewscompany.com" as a news site, these redirectors appear in keyword searches within Google News. It's trivial to write redirector scripts that check the browser's referrer to prevent this sort of thing, but few sysadmins seem to do it.
I'd like to see a little more focus on the distribution side, not the desktop. If ISPs become more proactive about policing their systems (seriously, guys, it's not all that hard to do), if site owners were given a goose to keep their sites more secure (how about their host levying a fine on anyone who runs insecure software on their site if the software gets hijacked?), if people would guard against SQL injection (really, in this day and age, ANYONE who does not sanitize user input to guard against SQL injection needs to be taken out behind the chemical shed and shot!), wed do a lot more to solve the problem than this desperate rearguard "clean up the box after it's been pwnd" nonsense.