Windows was designed to be easily owned. It’s part of the ease of use feature. You can run a program from the email client. You are handing an idiot the means of his undoing.
Not only that, you encourage the user of the box to run it as root.
No such thing as root on a Windows machine.
You also have to realize that the operating system is made for the Home User, a person that isn’t going to utilize permissions and more than likely wouldn’t know how to.
Microsoft really doesn’t have a choice, could you imagine a person who really hasn’t used a computer trying to open a terminal window and using sudo or su to run an install as root?
They have to make the machine easy to use, they have to make it so people can install software easily.
Linux doesn’t have that burden, then again, that’s one of the reasons that Linux hasn’t taken off as a real competitor to MS in the home user market.
So no matter what, it’s always going to be the user that is the biggest security risk in Windows and any other computer operating system.