The kind of malware the average user is concerned about is the one that will break into their accounts by logging their keypresses, or lock them out of their own computer for a ransom. Neither of those things are likely to come from windows, so whether it technically fits some definition of malware is beyond the point.
> or lock them out of their own computer for a ransom.
True enough; Windows has never asked me for a ransom – though it has shown me the dreaded Bitlocker Blue Screen because my "hardware configuration changed" after a software update.
