"1: You do not normally have to use Windows. There are more secure alternatives."
As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists (which version of Windows is another worry). So it's not as simple as that. However there should be proper network segmentation to protect these.
OTOH plain vanilla desktop office/mail/web machines could well be shifted to other platforms. However this would buy time, not complete protection. A booby-trapped email will inevitably find a supply of boobies if it's widely spammed.
What's needed is a better architecture that doesn't allow some random application to save or update whatever file it wants.