Crowdstrike/falcon use is not by any means limited to Windows. Plenty of Linux heavy companies mandate it on all infrastructure (although I hope that changes after this incident).
It’s mandated because someone believes Linux is as bad as Windows in that regard.
And, quite frankly, a well configured and properly locked down Windows would be as secure as a locked down Linux install. It’d also be a pain to use, but that’s a different question.
Critical systems should run a limited set of applications precisely to reduce attack surface.
