The answer involves a number of ways that windows differs from Linux or bsd based Mac OS 10.
A) Root access:
Unix was from the start a multiuser OS. Software is written assuming that the user has limited rights. By comparison, windows began as a single user non-networked OS. It is common for a user to run as a root user with full access to the system. Any program running this way will have write access to the system. In linux, you could use "sudo" to run the package manager as root, for example, and never have to actually log in as root. Ubuntu goes even farther by disabling all root logins.
B) Executable bit vs various executable extensions.
Unix uses an execute permission bit. Even if you downloaded malware in an email attachment, you would still need to manually change the permissions on the file before you could execute it. This makes it harder for a virus or other malware to be executed. It needs to be executed to be able to drop its payloads. Windows uses a number of file name extensions to determine whether a file is an executable. Since the filename extension is a feature of the source and not of the target, the author of the virus gets to determine if the file is executable.
C) Opaqueness of the windows OS:
Windows uses a registry which is an opaque database. There are a number of keys that the virus can use to make sure that the system starts it automatically.
D) Population density:
There are more windows computers. This and the previous defects I've noted make them not only a more popular targets, but the low hanging fruit. Remember how real viruses replicate. One infected person needs to come in contact with a person who isn't immune before the virus can replicate. It isn't just that there are more windows computers. It's also that it is more likely that an infected computer can reach another susceptible computer. This aids in the infection rate. Even if 80 % of windows computers are immune (secured) against this virus, that leaves millions that aren't and allows the virus to propagate. Add to this that the motive of todays malware writers is to own your computer and sell that control to the mob (usually Russian mobsters. This could mean Chechen terrorists, the hackers could care less if anyone gets killed due to their actions). They want to have a large bot army so that they can get a higher bid.
E) Tight Coupling: On windows the GUI is tightly coupled to the OS. Even internet explorer and outlook are tightly coupled to the OS. This makes it easier to compromise iexplorer or outlook and thus compromise the system. Microsoft even lowered the barrier in memory between kernel and user resources on the Windows IIs web server in order to improve performance. This is somehow ironic. The windows kernel is a micro kernel, supposedly, one layer communicates with another layer using a server/client model. However this effects performance, and so shortcuts were made bypassing this. So instead of a highly structured heirarchal os, they ended up with with spaghetti
while this isn't an example of the kernel, take a look at the differences between a Windows IIs and Linux Apache server serving up a web page: http://www.visualcomplexity.com/vc/p...id=392&domain=
F) COM: Documents can contain COM components. They cause binary (compiled) code to run inside a document. ( ActiveX you may have heard of in iexplorer is another word for a COM component in a web document.) If the com control isn't installed on the local machine, it will get it from another computer on the network. Running code in a document is bad enough. Even scripting can be dangerous. Running binary code is even harder to control. Here you are running code that is installed on a 3rd party computer that might be compromised, even if yours isn't.
G) One eye vs many, or Open Source vs freeware or shareware: Consider the difference in the software running on Windows vs Linux. In windows, it is common to browse the web looking for an application that will do something like mass renaming of files, or installing a codec to play xvid files. The windows application will have a binary installer. You almost always need to be root to install it, but you really don't know if you can trust it. Steve Gibson discovered and coined the term "Spy Ware". He installed some shareware software from a seemingly reputable source, but it turned out that it was dialing home. Look at the Sony root kit debacle. A root kit is far worse than most traditional viruses because it completely disappears from the system. Typically on Linux you install Open Source packages. You might get them from sourceforge or you might use a debian or rpm package supplied by your distro. Because the source is in the open, it can be vetted. Even if you can't understand the code, there are plenty of people who can. Also because Open Source is written by a collaboration of users it is less likely that any one user will get away with inserting something harmful.
This isn't to say that running Linux is worry free. The term virus is almost an obsolete term. It might describe a virus or worm that is attached to an email. This is the type that windows is vulnerable to. However another threat is from exploiting applications. Hackers will bang on an application and see if they can get it to crash. Usually this is due to the application not checking its input. Such as a video player downloading and playing a video on the web. Or an mp3 player playing a song. The hacker will try to create a file that will crash the program and overflow the stack. If done correctly the stack pointer will start running a program contained in the file. Once this is done, the program has to escalate itself to root. A windows user will often run as the root user, so the job is done. Both windows and linux users need to keep there systems updated to patch any known vulnerabilities that would allow a program to escalate to root.
Another defense is to start programs at random locations. Linux has been doing this for a long time. Windows Vista does it as well. This means that if a program has a stack overflow vulnerability that the hacker has to depend on luck in deciding the location of the code in the file.
The single best thing you can do to secure your computer is use a NAT router. You still want to regularly update your computer, be careful which websites you visit, never click on links in emails, hover over links before clicking on them on webpages. And avoid stupid things like downloading screensavers ( a screen saver is a program, about 66% of them are viruses.)