Historically, a lot of the problems were due to poor decisions on the part of Microsoft.
For example—you open a Word document that someone emailed you—and it would go off and execute any script that was attached to it. So just opening an email would be enough to get you infected.
Most of those things have been fixed now—so life is better.
So these days it’s more down to the mentality of the malware authors.