I'm not so sure about that. Some malware installs itself by exploiting vulnerabilities. (Not all of it, though - there's plenty of Windows malware that gets installed by social-engineering the user.) But, in order to stay installed, most malware depends on other properties of the OS to conceal itself and stay installed. Windows makes this much easier for a programmer than Linux does.
I know that a lot of people say this, but I don't know a single professional security practitioner who --- when push comes to shove --- actually believes it. I'm not being glib or dismissive, but I'm also not going to argue the point anymore.
I'm not so sure about that. Some malware installs itself by exploiting vulnerabilities. (Not all of it, though - there's plenty of Windows malware that gets installed by social-engineering the user.) But, in order to stay installed, most malware depends on other properties of the OS to conceal itself and stay installed. Windows makes this much easier for a programmer than Linux does.