Neither the ELF format nor the Linux kernel by themselves prevent any malware from running.
But strict access control in a multi-user system (not only Linux) - prevents.
That is, one simple command, run as root, can completely destroy the installed operating system, along with the contents of all disks. But not a single competent Linux user (except for a kamikaze) will ever run any malware under root and will never leave root passwordless.

1) possible (Lion Worm etc ....)
2) the main source of programs in Linux are verified repositories, the probability of viruses getting into them is very small.

You are too disrespectful of the system under which you spend all your time. If you don't like "Venda", don't write.
All systems are approximately equally vulnerable. It's just that Windows turned out to be more accessible to the hand-assed population, more popular, so more malware was written for it.
And for example, the first network worm was not under Windows.

The correct answer has already been said here:
- in UNIX / Linux, any muck for any of its unauthorized activities must get root rights
- and it cannot even reveal the root password, because it is simply not stored in the system in any form (encrypted in any way)
- and in modern Linux there are even more (than root) thin systems of differentiation of powers, for example selinux.
The result of which (and not some other fairy tales) is the known number of all sorts of rubbish in Linux by 4 orders of magnitude less than in Windows.
PS And then they tell you all sorts of nonsense here, such as:

But in *nix in ancient times they often worked with root rights,