M$ reports that 5% of PCs running that other OS are infected. M$ found 70% of the infected machines had an exploit of Java running. That information could be interpreted different ways. Since the vulnerabilities were patched years ago, I think M$ is at fault for producing a system where an ordinary person has to be a system administrator for ever more complex computer systems. It does not happen. People may turn on “autoupdate” but on that other OS that does nothing for Java and other applications that may develop exploits.
see Network World
GNU/Linux on the other hand has package management that covers the operating system, the utiliies, the libraries, configurations and applications. Everything gets updated to the latest security patches with a few clicks or periodically if that option is chosen. It’s just a better way to do IT.