* It is $0
* It is multi-platform
* MS is known to have severe security issues more frequently than *nix systems.
* computer virus risks.
The other thing to keep in mind is, you can use PHP in either platform, and it will work to the optimum performance. Windows has security risks, yes, but as any network engineer will tell you, if you have someone behind the server that KNOWS WHAT HE IS DOING, he can make it as secure as any linux/unix box imaginable. Again, that is if he knows more about winblows other then setting up user accounts, and directory restrictions.
You really have to get into the fact that you are building a box that can defend attacks. While *nix systems make this easier, it's usually a good way to go ( since you really won't be doing much work at all on the unix side, other then setting up the network, and uploading files to it for read/write ). So going from windows is neither good or bad, since you really won't ( or at least shouldn't ) be using the server itself for anything other then routing, security, permissions, user management, etc...
I think that your ASP guy will come around, if you can just get him to sit down for 2 days, and play around with php. After he does this, I can almost promise that he will get excited enough that he will want to develop in this platform then ASP. However, if he does not keep an open mind going into it, and hating php before he even gets started, then it will be a task that will result in null. That's about the best way to explain it I guess...