I was looking at Information Security Magazine's November 2004 and noticed the following stat that they obtained from ISC/SANS:

The average time from connection to the Internet before an unpatched, unprotected Windows PC is infected by malware is 20 minutes, down from 40 minutes in 2003
It would have been interesting however to see what "malware" specifically constitutes and would have been worthwhile to see if there are any other OS comparisons.

It'd also be interesting to see how long before someone (rather than a something) goes after a machine (that is, how many "attackers" are actually actively looking for a machine to compromise because of a vulnerability that OS has rather than because it's a final target like Microsoft itself -- it makes me think of Lance Spitzner's first experience with building a honeypot).