This is not entirely true with reverse shell attacks. In fact, all it takes is to visit or load a resource from a website (as this requires the user to establish an outgoing connection to it) and the vulnerability becomes opened.
Who ever thought it was a good idea to give a web browser this kind of power? Let me guess: "it's so convenient"....Paranoid as I am, I run my Tor browser as a separate user. It's an easy way to separate access for different programs, but it's annoying when I need to access a downloaded file in another program. Qubes OS takes it a step further, separating everything into it's own desktop environment.
I haven't used Windows in a while, so I don't know if it's possible to use different programs running as different users at the same time.
Quote
You are totally right. The general assumption is that "Linux is unknown and therefore I will not know how to use it" however this is far from the case. Most distributions are entirely usable and their layout is quite similar to that of Windows.
First: I'm biased 
Second: just compare online installation instructions. Windows: "download, pay for access, install, click here, click there, click click click". Linux: "copy this text, press Enter"
I know which one I find easier.