Windows Server 2008 is not secure. Who is right?

Is this really how people think of Windows Servers? Shouldn't Microsoft do something to change this? I mean, the guy ( gladier ) thinks Windows Server 2008 is not secure even with the windows firewall closing all ports but WWW / FTP / RDP. It almost seems like he is claiming it's a bad idéa to have ASP.NET/IIS running *lol*

...Who is right? I would love to hear your opinion on this issue.

[07:46] <AloneInTheDark> My PC is connected directly to the Internet. Win2k8, in the "Network and Sharing Center", I can "Customize" the network "Public" / "Private" , which one should I choose ?
[07:53] <gladier> do you have an external ip address?
[07:53] <AloneInTheDark> yes
[07:53] <gladier> ie: you have exposed windows to an external up?
[07:54] <AloneInTheDark> the Internet comes from my "wall" and I connect this PC directly to it, no router inbetween
[07:55] <AloneInTheDark> My router can't get IP from the ISP somewhy so I attached the PC "directly" to the Internet.
[07:55] <AloneInTheDark> Now, I think I should choose "Public", right?
[07:55] <gladier> yea
[07:55] <gladier> but two things
[07:55] <gladier> a) this isn't the windows vista support room
[07:56] <AloneInTheDark> No, I said win2k8
[07:56] <AloneInTheDark> it's a server
[07:56] <gladier> oh
[07:56] <gladier> lol
[07:56] <AloneInTheDark>
[07:56] <gladier> my mistake
[07:56] <gladier> second ... so you are supplied ethernet?
[07:56] <AloneInTheDark> yes
[07:56] <gladier> wth ... is this in a datacentre?
[07:56] <AloneInTheDark> a "hole in the wall"
[07:56] <AloneInTheDark> no, my home
[07:56] <AloneInTheDark> 100/100
[07:56] <AloneInTheDark> :o
[07:57] <gladier> ah k
[07:57] <gladier> my head is in another place lol
[07:57] <gladier> either way
[07:57] <gladier> windows server on public ip address = soon to become owned
[07:58] <AloneInTheDark> no
[07:58] <AloneInTheDark> why?
[07:58] <AloneInTheDark> that's a weird thing to say
[07:58] <gladier> experience
[07:59] <AloneInTheDark> I have had my win2k3 server since, well 2k3 on the internet, no problems.
[07:59] <AloneInTheDark> It has a firewall
[07:59] <gladier> it has a windows firewall?
[07:59] <AloneInTheDark> yepp
[07:59] <gladier> fail
[07:59] <AloneInTheDark> Explain
[08:00] <AloneInTheDark> want my IP? lets have a go at it, see if u can break in
[08:00] <gladier> seriously ... every windows server that i have seen - no matter how patched or whatever, that is on a public ip gets owned
[08:01] <AloneInTheDark> well, that's a lot of bs imho =)
[08:01] <AloneInTheDark> but that's me.
[08:01] <gladier> meh
[08:01] <gladier> my experience differs from yours
[08:01] <AloneInTheDark> 1.1.1.1
[08:01] <AloneInTheDark> come'on in =)
[08:02] <AloneInTheDark> u r talking crap I'm afraid if u mean u can break in.
[08:02] <AloneInTheDark> DDoS on the other hand, that's another matter.
[08:02] <gladier> lol i never said i could break in
[08:02] <AloneInTheDark> or whoever
[08:02] <AloneInTheDark> windows firewall closes all ports but those which I choose to open.
[08:02] <gladier> i said that all windows servers that i have seen on a public ip with no firewall other than the windows one - gets rootkitted or whatever else
[08:03] <AloneInTheDark> Now, unless u can show me some hard facts how this machine could be owned, I call ur bs
[08:03] <AloneInTheDark> How?
[08:03] <AloneInTheDark> that isn't possible.
[08:03] <AloneInTheDark> rootkit is not magic from god, it's an application.
[08:03] <gladier> lol
[08:03] <AloneInTheDark> I got RDP, WWW, FTP opened.
[08:04] <AloneInTheDark> and u r full of crap
[08:04] <AloneInTheDark> give me hard, technical facts... or forever hold your ...
[08:05] <AloneInTheDark> heck, I can even give u an FTP account and u won't be able to break this thing.
[08:05] <AloneInTheDark> lol
[08:05] <AloneInTheDark> win2k getting owned, I can undrestand.
[08:07] <gladier> dude ... you're running IIS with asp.net enabled
[08:08] <AloneInTheDark> oh noes
[08:08] <AloneInTheDark> yes, SO?
[08:08] <AloneInTheDark> IT'S A SERVER.