I can't say if the infections themselves are real or staged, but they clearly and explicitly set the OS up for failure: they give it a public internet IP, enable file sharing, RDP, remote assistance, then disable the firewall for good measures. No modern OS would fare better in those circumstances.
Of course they would. Modern Linux, FreeBSD and macOS are totally fine connected to the internet directly with ssh enabled and no firewall. Sure; if you expose samba with write access and no password, you’re in for a world of hurt. But so long as your machine is kept up to date with security patches and has some form of authentication on all remote services, it should (generally) survive just fine on the open internet.
Of course defence in depth is still a good idea. But script kiddies aren’t using 0day attacks to portscan the open internet. But security vulnerabilities in network services get fixed.
I didn't test this with a virus check, but I have a bitcoin wallet with 0.1 BTC and without password on my HDD. Still there.