I suspect that the virus/malware situation on Linux is pretty much what would be "normal", and that the virus/malware situation on Windows is a statistical freak, more of a "Dragon King" than a Black Swan.
Windows has an unusually baroque set of APIs, Win32, NT native API, on and on and on, and there have been some problems between them, like Win32 being basically an ASCII interface while NT native is Unicode. This has at least facilitated malware. As an example of a Rococo detail, think about the magic device file names, AUX, CON, LP that work in any directory.
The Windows native API has never really been documented, and this lack of documentation flows though to other things, such as: what set of file name extensions is for executable files? Why does the file name determine whether a file is executable or not? Didn't the NIMDA worm spread via some problem with ".eml" files, as an example. Nobody knew that .eml files were executable at the time.
Windows has no tradition of separation of privileges, indeed it has a tradition of single, root-user. Lots of applications still assume this. Windows has no tradition of separation of data from executables. I give you Word macros embedded in the .doc file as an example of un-separated data and instructions that have historically caused virus problems.
Linux has at least traditions opposite to all the above points: mildly effective discretionary access controls, simple enough to be applied on a day-to-day basis, yet comprehensive enough to keep traditional file-type viruses at bay. The system call interface is only moderately complicated, and since source code is freely available, multiple sources of documentation exist. Executables typically live in "bin" directories, and data lives in another. Each executable has its own configuration file, rather than sharing the big ol' Registry. Data files live in per-user directories, and almost never contain the kind of all-powerful macros that Word, etc, data files contain.
Also, "linux" doesn't really exist as "Windows" does. Hundreds of distros exist, each customizing almost every aspect of low-level details. Different compiler versions, different linux kernels, some all-modular, some without modules. That's true of virtually every software aspect of a system, from the kernel, to email clients. Where "Windows" users by-and-large use Outlook email clients, Linux users use an array of hundreds of different clients, each in tens of versions. There's no user base for any given version of any given piece of software: the user base is not just fractured, it's shattered. This makes it a lot harder to find a vulnerability on a suitable number of hosts, or to write an exploit that would work on a large enough number of instances of software.