I'd have to second the linux approach. I've run linux/unix for years now with 0 compromises. My web server has stood faithfully thru the countless number of viruses that ms servers have fallen to. I also REALLY like the price of linux. I just laugh when I see ms users paying to get infected.
One caveat, I do run a firewall as the first line of defense. BUT, I don't worry about opening a mail message or having my web server go zany because of weird http requests. Linux mail readers just don't fall prey to the freshman virus attack and well, what more can I say but Apache!