Or are we just presuming we’re all immune from the bad guys targeting Windows?

Kind of, yes. You can install Microsoft Endpoint Security on managed devices, but most Linux people don’t run any decently capable antivirus. They just assume they’re technically skilled enough not to fall for common virus infections, and pretend the execute bit will protect them from all malware.

Firewalls are common, though. Almost always, they’re configured to allow all outgoing traffic and limit incoming traffic, but there are tools that will also restrict outgoing traffic that are packaged with various distros.

Luckily, almost nobody uses Linux, so the common malware doesn’t really target Linux users. There is some malware that targets developers (often through dependency management tools like npm/pip/cargo) and I don’t think many Linux developers bother to protect against them.