No, it's not true.
Both Windows & Linux have vulnerabilities that can be used to hack your server.
Once discovered Linux vulnerabilities tend to be fixed sooner, but Microsoft have been getting better at providing fixes to critical errors. The speed of producing patches is only a small part as in either case the fix won't help you until it is applied to your server and if you are renting space on someone else's server you are at the mercy of when they choose to update their software.
One thing that makes a big difference is the number of services installed and activated by defaut. Windows installs a large number of services on a default install. Some Linux distributions also default to installing quite a few services. The key thing to remember is that a service that's not installed can't be used to compromise your server. If you control the server, switch off every service you don't need to run, if reasonable, also uninstall that service. If you don't control the server, investigate what's running on it before renting hosting.
There's seldom a straight answer, it's usually "Which x is best for a purpose?" So I'd like to redefine the question as "Which operating system (OS) is best for your hosting requirements?"
The answer to this really depends on what you want to host, the cost of the different hosting options, and your level of comfort with the different options.
If you are planning to just have static html pages, Windows & Linux are both good at this and you can either opt for a low cost option or pick your host on any other criteria that seems reasonable to you.
If you are planning on running a pre-written package (e.g. a php forum script), check out the requirements for the package you'd like to run.
- If the package requires one operating system, that's your choice.
- If the package is written for one operating system but can be made to run on the other with a large list of tweaks, patches, and install steps you can still pick either OS, but you need to remember that every time there is an upgrade you'll need to repeat most of those fiddly steps again.
- If the package looks as easy to install on one OS as the other, then once again you are back to price / comfort.
If you are planning on developing a completely new package or application, there really isn't a choice. Any reasonable costing of your time is going to so greatly outweigh the cost of hosting that you should choose the environment where you will be most productive.
One of the features of the capitalist system is that over time the price of commodity goods falls to marginally more than the cost of producing those goods. Internet hosting has been undergoing this process recently and the price of hosting has dropped to the point where it is practically at cost. If Windows hosting is more expensive to buy than Linux hosting it's because it costs the hosting company more to provide it.
More important than the cost of the cheapest hosting you can find is to ask yourself
- What's the true cost of the hosting, including my time?
- How reliable will the hosting company be?
- How reliable will the hosting itself be?
- Will the server be badly overloaded?
- Can I smoothly change to a bigger hosting package as my business grows?
Best wishes