[sirjaz]

Windows has a lot of legacy code, it is backwards compatible and has many more installs on-prem than Linux or MacOS. Thus, there is a larger incentive to find exploits. Look at Android, a Linux kernel based OS that has as much malicious code running on it as Windows, if not more. It is harder to secure it than it is windows.

[whydid]

Microsoft's refusal to deprecate old APIs is definitely a reason for many of their security problems. However, the old theory that "windows has a bigger install base, therefore it's a bigger target" seems logical but is disproven with several other popular examples- Apache vs. IIS was a common counter-argument in the early 2000s.

I've worked at companies with 100s of thousands of Linux servers, and only 10s of thousands of Windows desktops and servers. The quantity of security problems these companies had with their Windows systems compared to their Linux systems was astounding.

[rickdeckard]

I don't think you can compare metrics of Linux servers against Windows Servers AND Desktops.

At least on Windows Desktops I'd say most of security incidents today are initiated by the end-user in front of that Desktop, which creates an entirely different attack-surface than a unattended server maintained by someone working almost always in the field of IT.

[hulitu]

> At least on Windows Desktops I'd say most of security incidents today are initiated by the end-user in front of that Desktop

To install programs on my work PC i need admin account. Except for (rolling drums) Teams.

[tracker1]

You need an admin account to install programs for "all users" odds are the teams install (and others) are local-account installs. Not that it's much better. You can disable execution on user profiles from the directory level.

[vips7L]

Have you looked into using scoop? It installs everything into the user profile and won’t require elevation.

[jmau111]

I've tried to analyze the situation with objective arguments, but it seems to make me appear as a Windows/Microsoft advocate or fan boy, which is a bit ironic.

Many security news worried about actively exploited 0-days, but many of these vulnerabilities are addressed or mitigated. It's not perfect at all but talented people have budgets to work on it.

I wonder if the figures you mentioned are that relevant. Cybercriminals usually attack juicy flaws, and windows systems might be more attractive.

[ShredKazoo]

>The quantity of security problems these companies had with their Windows systems compared to their Linux systems was astounding.

In which direction?

[agloeregrets]

Additionally, you have the value perspective. Get into a Windows machine and you might get some info about a person. Break into a Linux server and you might get an entire DB.