Dennis - my .02 and industrial security 101: You can create a secure network on either platform. With Windows this involves a lot of patching - something that scares a lot of Industrial Software vendors for compatibility reasons. Linux requires some, but less, and tends to be less vulnerable to the common malware going around. If these systems are rarely updated, which is far from ideal, but common in our industry, I would say Linux takes the advantage. Users are less likely to be able to tinker, but your support staff may not be familiar with it.
The key is to follow basic (IT) industry good security practices. First and foremost, let your IT department do their job - use the products and standards that they’re comfortable with. This will take you much farther than “magic bullet” products or ideas. Isolate your control network when possible, use VPNs for remote access, apply firewalls/IDS/IPS, have an antivirus/removable media policy, backup/recover plan, etc, etc. Your largest security vulnerability will likely come in the form of “legacy” - that old system running NT or Windows 2000, network accessible PCs running DCOM (OPC-DA) applications, reliance on software with hard coded passwords (like the worm exploits). Most likely you’ll have a few of these, just do your best to mitigate the vulnerabilities - use OPC tunnellers, put “high risk” machines in a DMZ and PLCs on a separate network, update your OS and antivirus signatures, etc. The game is balancing your operational requirements with risk to a point of acceptance.
Thin clients are a great strategy for HMI/SCADA clients in a controls network. Besides a lower initial price tag, they offer additional benefits in terms of total cost of ownership - the lifecycle is about 2 years longer than a standard PC, plus they require less IT effort to support. You can certainly achieve as secure a network as you need with Ignition - on whatever operating system and platform suits your environment.