TLDR: While Linux is less susceptible to malware in some ways, it mostly boils down to Linux having a more technically minded userbase whereas Windows is a “mainstream” operating system.

Most Windows malware nowadays come from social engineering scams (complete this “captcha” by pressing Windows+R and pasting in this powershell script we conveniently put in your clipboard) or untrusted third party installers because Windows doesn’t natively have a package manager. Like others have said, the old school self-propagating worms and drive by downloads that activate just by clicking on a link aren’t really possible anymore (outside of state actors with unlimited budgets to buy zero days) unless your system or browser is horrifically outdated.

In terms of social engineering, Linux is not necessarily better at preventing it than Windows. In fact, sudo in Linux will unquestioningly delete the kernel and system software or make unlimited changes to them. Windows, for better or for worse (tbh more worse than better), uses TrustedInstaller to limit access to system files. Windows 11 won’t easily let you delete or modify System32 for example, even if you’re an admin. So it’s in theory easier to do more damage to your system on Linux if you don’t know what you’re doing. But if someone is using Linux full time, they’re most likely technical enough to not be fooled into running random untrusted bash commands.

The biggest thing is to be careful with those Linux terminal tutorial sites that have a “add to clipboard” button, they can put literally anything into your clipboard, including an enter key to run the script as soon as you put it in your terminal (though this may or may not be possible depending on your terminal app). Actually, they don’t even need you to use their copy button. They can just set an event listener for control-C anywhere on their site and automatically replace the clipboard content. Just double check everything you copy before running it, especially since there’s a lot of times where Linux users have to rely on obsecue tutorials hosted on untrusted websites.

You also don’t really need to run untrusted installers on Linux because almost everything you need is in a properly moderated software repository, be it your native package manager, Flatpak, or Snap. Everything is signed by the authors and has a ton of eyes from the open source community on it. The only things to look out for is compiling something from GitHub, random AppImages, Elf binaries, scripts, and last but not least third party repositories that can be added as an installation source to your package manager/Flatpak/Snap. Basically, Linux gets most of its “doesn’t get malware” reputation from the same place Mac does: you rarely have to manually download and run an executable from a random website, which is the norm on Windows. Add to the fact that even when that’s needed, the Linux userbase is more technical and is more able to discern which sources are reputable and which are suspicious.

Another major source of malware is pirated versions of Windows or untrusted “license activators” from the internet. This just isn’t a problem on Linux because there’s no license to activate and it’s free to begin with so there’s nothing to pirate. And again, if someone is running Linux, they’re probably technical enough to know not to run random pirated versions of paid software to begin with, helped by the fact that the vast majority of paid software is Windows only.