Linux definitely exists in a weird limbo. While it can be secured to an extreme degree, most people aren't using Linux that way on personal devices. Especially on a desktop. ChromeOS is quite secure since it is so locked down, but imagine getting the average Linux user to like it.
Curious as to your rationale for the security architecture of macOS being inferior. Is it because of the way the security features are implemented that you lean that way? macOS has its warts, but it also has plenty of security features I'm not aware of Windows/NT having.
> Linux definitely exists in a weird limbo. While it can be secured to an extreme degree, most people aren't using Linux that way on personal devices.v
For sure. I think my minimal Alpine desktop with well defined SELinux policies is better than Windows or macOS, but most people are using Ubuntu or similar which doesn't have anything like that (AppArmor helps somewhat), and doesn't really have any of the security innovations macOS or Windows have.
> Curious as to your rationale for the security architecture of macOS being inferior. Is it because of the way the security features are implemented that you lean that way? macOS has its warts, but it also has plenty of security features I'm not aware of Windows/NT having.
I will say I'm a little out of date on new features macOS may have introduced, but back in the day I remember them not even having a proper ASLR implementation, no form of MAC, nothing even close to things like Windows Secure Desktop[1] etc. Microsoft had a well deserved horrible reputation, but they really put in a lot of effort to turn things around, and I think they succeeded but without getting due credit from most techies. Whereas Apple it seemed like were coasting on the fact that macs were not nearly as targeted as a platform.
To be fair I'm horribly out of date on Windows too. Once they can ditch the worst of legacy support they'll have room to patch the holes that remain, that much I know. I'd like to see Microsoft implement something like TCC in Windows.
ASLR on macOS has gotten a lot better, with full randomization down to the kernel since El Capitan I think. Fixed page offsets (the worst offense imo) were also removed. The secure enclave brought CMAC and PAC soon after.
I think there is something equivalent to that, although I don't know that it's part of a specific framework.
There are privacy protections in place for accessing various hardware and permissions needs to be granted [1]. I think the rest of what that link covers is handled by UAC.
> ASLR on macOS has gotten a lot better, with full randomization down to the kernel since El Capitan I think. Fixed page offsets (the worst offense imo) were also removed.
Nice!
I do think Apple was lagging behind but these days I suppose there would be parity for what have become basic features. I still think macOS should have some sort of MAC implementation though, but maybe they just need a little more time ;)
Curious as to your rationale for the security architecture of macOS being inferior. Is it because of the way the security features are implemented that you lean that way? macOS has its warts, but it also has plenty of security features I'm not aware of Windows/NT having.