Could vast amounts of attck vectors be mitigated by moving off MS?
China's Volt Typhoon has been all over the news this morning.
Reading over the docs on these threats it looks like the majority of these vectors are isolated to MS infrastructure.
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_PRC_State_Sponsored_Cyber_Living_off_the_Land_v1.1.PDF
Depending on what your threat profile is, if you are being targeted by nation-state actors, you do not have the best chance of coming out the other side unscathed. I don't think that switching from MS to various open source infrastructure is going to help you, especially when you consider the fairly reasonable reality that most advanced state actors probably have multiple zero days in various software projects stored in case they need to use them.
I have a hunch that if you choose super legacy systems such as Novell the malware might not even recognize it.
Your best long term strategy is to switch to environments that don't use ambient authority as a foundation.