[revelio]

Disagree, macOS is way ahead. Windows code signing is a half-implemented joke that doesn't do much and apps can easily tamper with each other at will (unless they're installed using MSIX which not much uses), whereas macOS code signing actually works and will stop apps tampering with each other completely.

The macOS app sandbox actually works. On Windows nothing uses the app sandbox due to serious bugs and performance regressions. Chrome rolls its own sandbox for example.

SIP successfully stops macOS getting screwed up. The number of Windows installs out there in some bizarre half-broken state is incredible. It's routinely the case that API calls which work on one Windows system don't work on others even at the same patch level for no clear reason at all, which trace back to weird configuration differences to the OS.

Windows still relies heavily on client side virus scanning. Apple do malware scanning server side and then lean on their code signing and integrity systems instead, which is one reason Macs have great battery life.

And then there's all the other more well known security things Apple do with secure processors and the like.

Windows is just so far behind and they're so drowning in tech debt it's unlikely they'll ever catch up.

[015a]

Its difficult to quantify something like this; so obviously treat this data with proper skepticism. But: CVE Database, just looking at 2022.

- Windows 11: 498 reported CVEs in 2022. [1] - MacOS: 379 CVEs [2] - iOS: 242 [3] - Android: 897 [4]

Linux isn't as well-comparable or categorized (especially given its just the kernel, and there are dozens of other "products" which make up an equivalent to what Microsoft would call "Windows 11"). Nonetheless: 306 [5]

You should check your preconceptions and susceptibility to Apple's marketing. No one is substantially far ahead or far behind (except maybe Android, but again, these are hard to compare apples-to-apples). Everyone still experiences roughly the same class and magnitude of vulnerabilities. But, everyone is also getting better at it.

[1] https://www.cvedetails.com/product/102217/Microsoft-Windows-...

[2] https://www.cvedetails.com/product/70318/Apple-Macos.html?ve...

[3] https://www.cvedetails.com/product/15556/Apple-Iphone-Os.htm...

[4] https://www.cvedetails.com/product/19997/Google-Android.html...

[5] https://www.cvedetails.com/product/47/Linux-Linux-Kernel.htm...

[revelio]

I'm not sure how that rebuts my point? macOS has a much lower number of CVEs than Windows. But there's a lot more to security than CVEs, and my post was about issues that CVEs don't track. BTW Apple marketing isn't what led to my views, they're based on direct experience with the security mechanisms of both operating systems up close and personal.

[015a]

Well, you know what they say about being too close to something to speak on it objectively. Which in this case means: there's the way these systems were designed to work, and how they actually work toward the end-goal of keeping the systems they secure, secure.

I'll believe that Apple's operating systems are significantly and measurably more secure when they can make it a few years without a maliciously formatted iMessage crashing the kernel. Until then; its arguing minutia. Everyone has security issues. Everyone is taking steps toward improving their security. No one is so far ahead that they're worth white knighting on HackerNews.

[seba_dos1]

> macOS has a much lower number of CVEs than Windows

More than 75% of Windows CVEs isn't exactly "a much lower number of CVEs", even without considering its actually much lower market share.

[gigel82]

You probably need to rebase that for usage stats (install base)

[mustache_kimono]

The CVEs / Install Base ratio is a pretty silly metric for determining the security of a product. A large number of CVEs could tell you that the users and developers of a particular product care a lot (or are paranoid or are simply security minded) about security, and want to give notice of issues to as many people as possible.

This is a live issue in the Rust community, which does appear to care a great deal about security, as to how to deal with minor/theoretical vulnerabilities perhaps unworthy of a CVE.

[amelius]

> Disagree, macOS is way ahead.

Apple is a consumer electronics company. For serious tools, use Windows.

[r0l1]

For serious privacy loss use Windows