"Ah - so Windows' relative vulnerability to malware was proof of it being a flawed OS"
If you look at the webserver market (where you generally need full remote exploits to compromise a box), OSS / Linux based systems are about 4 times more likely to be hacked then Windows Servers after adjusting for market share.
Therefore when used as an internet facing server OS, Windows is apparently in practical use cases actually far more secure from remote attack.
Where Windows doesn't perform so well is with desktop software / user interaction - and that's largely due to legacy design decisions versus the requirements for backwards compatibility. And due to commonly installed Adobe and Oracle software.