Linux, I believe, has 1 less problem: Windows has undocumented things call outbound to undocumented MS places. Whereas Linux daemons behaviours are documented and do not make undocumented calls outbound to unknown places. Those Windows things calling outbound creates firewall state. And statefullness allows returning traffic. Attackers spoof these MS places, exploit statefullness, and reach into your Windows at will.
The solution for this Windows problem is here: Setup Idea - Default Deny Windows Firewall setup How To
The solution for this Windows problem is here: Setup Idea - Default Deny Windows Firewall setup How To
