"if you have two products on the shelf, both good, and one is cheaper - which one do you buy?"
If you're one of the many ignorant PHBs, you override the techies and force the purchase of the one which has more advertising. It has more advertising not because it's better, but because more people (MCSEs, MCPs, VARs, OEMs, etc) are dependent on the income from the (MS) ecosystem. Sometimes the cheaper one is actually better, because all these MCSEs etc want to take their cut of the money along the way somewhere, and so the price has to be high enough to enable that.
You're making yourself (and your employer?) look silly. Come back when (1) sneakernet isn't a valid propagation vector for Windows viruses (2) there are no more PHBs who prefer "widely advertised" and allegedly "cheap" to "good".
The PLC programs are developed and documented in one environment and deployed in another. Even if there's a DMZ or firewall or even airgap between the two environments, the programs have to be periodically transferred between development environment and deployment environment. Sometimes data goes the other way too. Sometimes it's via a cable, sometimes it's sneakernet. There's *always* data transfer in this kind of setup, even if it's not there all the time.
In host/target environment days before Windows, when the hosts were mostly Unix (or VMS) boxes and the targets were mostly VME crates with dedicated OSes, there was no such security problem although there was still a need for data transfer. The security problem only arrived with Windows.
These days, routine electronics lab stuff like logic analyser and oscilloscopes comes with a fair chance of having Windows Embedded as its OS. The same probably applies in the automation environment; what used to be "programming panels" are now Windows laptops. In factories, kit that used to be VME (or even PDP11!) is now CompactPCI stuff, likely with Windows Embedded in it. Same in smart kit in hospitals, and doubtless other places too.
All this kit is probably not networked and the IT department probably either don't know it exists or don't know what to do with it because it's not a PC. Those who are responsible for it don't know what to do with the Windows side of things. So these Window boxes will be vulnerable, unpatched, and probably without an up to date AV. Nice. But people use sneakernet to get data on and off these boxes, and because they run Windows they're vulnerable, and not only are these boxes at risk, they put other Windows-based kit at risk too.
Anyone who says this kind of thing doesn't happen is kidding themselves.
Anyone who says this kind of thing doesn't happen in environments where it matters is kidding themselves. And it's a lot closer to home than Iran.
Windows simply does not belong in this kind of non-desktop kit. This kind of kit does not generally need data interchange with Windows beyond simple virus-proof file transfer. It does not need GUI compatibility with any of the (various, incompatible) incarnations of the Windows GUI. It does not need Word or Excel or Outlook. For these boxes, there are plenty of alternatives, be they commercial, free, or open.
This kind of kit does not need Windows. End of story.