Now it is much more nuanced than that, network based criminal activity has existed since the invention of the telegraph, but I would be willing to wager even on a per capita basis of Windows, Mac, UNIX, and 'other' users of the network, it stands out.
That said, those days are largely behind us (caveat Wannacry and poor update policies) and I consider properly patched operating systems from all of the major vendors to be credibly defended from exploitation. I reason to that point of view by using the price offered for 'zero days' as an indicator of the challenge of finding them.
It's really the IBM PC platform, IBM's willingness to sign a non-exclusive contract for the OS, and the success of the early clones (Compaq, AST, etc) making DOS so common that raised productivity so much. Whatever OS had shipped on them would have grabbed the market share DOS and Windows did.
which ones? forcing them or not forcing them?
1. Bundling them -- it should be trivial to turn off all non-security updates while still getting all security updates.
Counterpoint: There might be no unambiguous distinction between security update or non-security update.
2. Not having them. WannaCry was so bad because Microsoft stopped providing security updates for a system that's still widely used.
Counterpoint: It seems odd to insist Microsoft continue to provide updates to a fifteen-year-old system they end-of-lifed three years ago. Should we be able to force them to keep providing updates indefinitely by steadfastly refusing to upgrade?