Just because Windows goes down first doesn't mean that Linux is more secure. It only means that it doesn't have a high enough market share to meaningfully exploit for a return on investment.
We should take the metric of "given a motivated party, how difficult would it be to exploit this machine" I have no doubt people are already sufficiently motivated to exploit Windows. But maybe only the NSA gives a shit about Linux- do we leave them unchecked?
Security without threat assessment is meaningless because security is about preventing a negative outcome. If the environment is perfectly safe then no security is needed, and if the environment is infinitely hostile then no amount of security will prevent a negative outcome.
Example: Being in an armored car in a war zone is still more risky than riding a bike in a peaceful country side, even if the bike has significant less security than an armored car. The Advice then is not to tell people in war zones to get bikes, nor is it to tell people to get rid of bikes in favor of armored cars. Security needs to match the need, which depends on the threat level.
In my above post I included "targeted attack" as the fourth test, named by security theory as an attack by a motivated party towards a specific resource. If a motivated party wants to attack a specific resource, then the defender needs to raise security above that of general security. Many government agencies have policies based on such threats, and neither a default Windows 10 or default Linux distribution would qualify for such environment. SELinux however was designed for that threat level and is thus common in military organizations, banks, and similar high risk environments.
You're ignoring that most Linux distros come with better defaults, i.e. no open ports. Reducing the attack surface is an important part in keeping the OS safe. Windows is remarkably bad in that regard.
Windows comes with its firewall turned on by default since XP SP2, most popular distros doesn't do that even today.
Windows 10 doesn't even respond to ping by default (which is a pita).
Not sure about other distros but opensuse comes with a pretty strict firewall out of the box. My logic says that this is probably common practice for many general-use distros.
I had a look at Windows 10, by default, assuming you clicked Private for the network connection, there are no ports that are open for any program to use. There are 33 rules for the All profile, 18 for the private profile, some duplicates, each of which specifies what local program is allowed to receive data:
9 connect to Modern Windows apps, 1 for ICMPv4, 12 for ICMPv6, 1 for IGMP, 1 for ISATAP, 12 for TCP, Cast to device, IPHTTPS, Network Discovery, WiDi. 15 UDP: 2 for Cast to device, 2 for DHCP, 1 for Teredo, 1 for Delivery Optimization, 1 for mDNS, 7 for network discovery, 1 for miracast.
We should take the metric of "given a motivated party, how difficult would it be to exploit this machine" I have no doubt people are already sufficiently motivated to exploit Windows. But maybe only the NSA gives a shit about Linux- do we leave them unchecked?