that windows is prone to malware because money can be made protecting it the underlying cause for it is horribly simple.
Windows was built around allow all, deny some from an authorisation point of view, nix based O/Ss are deny all allow some.

Once a fundameantal like that gets in your code base, inverting it is a truly extensive task. They seem to be working inwards, which is the only practical approach, but it's going to take a while.