Not OP but - Windows is being bombarded by malware every second of every day. Linux, with its 6% of desktop user market share - not so much. This kinda' guarantees Windows has a pretty good resilience (these days).

On top of that - in Linux you can change/break anything, which means bad actors could have you run malware by posting "helpful" comments on help threads. You know, "just run this .sh with sudo".

Then you have situations like Arch has been going through - DDOS attacks on official repos and malware injected into a couple of packages in AUR. Sure, it got caught - but how many users installed the malware? How many other packages are under less scrutiny and are still serving malware in AUR?

And, I'm certain, someone out there is reading this and preparing to write a hot take on how "AUR is what it is, you're not supposed to blindly install stuff from it" - but that's exactly the problem. Because 99% of users have no clue what they're doing.

Windows Defender monitors the entire system continuously

Windows is bad for privacy but security is a different matter.