Bingo. In Windows and even MacOS, it is normalized behavior to download and run software with your web browser. Want VLC? Google for VLC then maybe end up on a website like sourcef*rge that adds malware to the installer. On Linux, this sort of workflow is possible and permitted, but not encouraged. Instead users are encouraged to only install software through their package manager.

I can leave my dad with a Xubuntu install and trust him to not download malware because I taught him how to use the package manager, and warned him against trying to download software with his browser as though he were using Windows. 15 years like this and he still hasn't messed it up. With Windows he had new malware every week. Downloading and running strange software off the web is normal windows culture and windows scarcely even provides a better alternative to it.

(The "Windows Store" is an improvement to this situation I guess, but from what I understand most software available through it isn't free. This means windows users are incentivized to fall back on old habits and go scrounging around on the web for free binaries to blindly run.)