Microsoft put up a TechNet article in response to Steve Gibson's piece about why Windows XP was more likely to cause attackers to invoke dDoS storms upon websites. According to this article, UNIX, VMS, and Linux are just as likely to be used in dDoS attacks as Windows XP because they have the "Raw Sockets implementation."
The article also makes the point that software can be installed on existing Windows machines to cause IP address spoofing. The Internet Connection Firewall built into Windows XP, Outlook Express 6, Outlook 2000 Service Pack 2, and the Outlook included with Office XP will also prevent malicious code from running undetected on someone's machine. Furthermore, XP can be "configured" not to run certain types of code or script.
For more information read the full article
here.