> Heck, windows PCs were regularly infected by browsing the wrong website. Or getting served a malicious advertisement. Can you honestly say that people are getting infected on Android regularly by surfing the internet?
I have used Windows for nearly 2 decades and I can't tell you the last time my system was infected. I do agree that browsers are the largest vector of attack but that also means browser vendors share some of the largest responsibility for creating secure systems.
Two decades ago was near the end of that Windows-malware peak. And really, if you were behind a NAT two decades ago, that would have stopped nearly all of it, so you might not have noticed how bad it was unless you were supporting a lot of Windows machines in varied environments.
There was a span of a few years when a Windows box connected directly to the Internet, using a public address, would reliably get pwned before long, even with nobody using it. But that was quite a while ago, and, again, just being behind a NATing router mostly solved the problem (assuming nothing infected ever connected to your local network).
I have used Windows for nearly 2 decades and I can't tell you the last time my system was infected. I do agree that browsers are the largest vector of attack but that also means browser vendors share some of the largest responsibility for creating secure systems.