Sure, a Windows host with no malware is about as secure as a Linux host, but I think you are downplaying the difference. Most people will be running Whonix on a Windows host that they use for other purposes. If they can spare a computer for SR activities only, why would they run Whonix on Windows anyway? They have all the more freedom to install Linux and run Whonix on it, or turn that computer into a Whonix Workstation with physical isolation (using Tor on the router or a middle box as the Gateway). No part of SR requires Windows. So it is extremely likely that anyone running Whonix on Windows will be using Windows for other reasons, like normal activities tied to their real identities. It's also a fact that Windows is a bigger target of malware and exploits by two or three orders of magnitude over Linux. In the 5+ years that I've been using Linux, I've never heard of Linux-specific malware in the wild. There have been a few cross-platform Java exploits, which were easy enough to protect against (don't install Java). Under what I predict to be the normal use case, I consider that setup to be insecure. I should also point out that my cut off is a bit arbitrary. Tails or Whonix on a Linux host can also be exploited, but I think the difference between #7 and setups below it, in terms of the probability of that happening, is much bigger than the difference between #5 through #7, so I drew the line there (the difference between any setup that uses physical isolation and any setup that doesn't is probably also very big). Since posting that guide, people have told me that they feel insecure because they are using Tails, because it's so far down the list. I think Tails with bridges is fine for the average SR user if they are incapable of setting up something higher on the list. There is no magic cut off line that makes you "secure enough", although the probability of getting pwned decreases as you go up the list.