Windows Flaws

Flaw 1 - Windows' Interactive Services
Like all Unix distributions, Mac OS X spawns background system processes, called daemons, to handle various tasks. When a user logs into Mac OS X, a special security context is created for that user. Any applications that user launches are started under that user's credentials. Background processes can respond to requests from user-level applications, but they can not initiate any contact with the user, nor present any graphical interface, because they operate in a separate security context.

This is an important security measure that is missing in Windows, which allows for "interactive services." Allowing system processes running as root ("Services running as LocalSystem" in Windows-speak) to present a graphic UI to a logged in user ("become interactive with the desktop") is, to quote an MSDN blogger, a "spectacularly bad idea that should never have been added to the system." (read the entire article by clicking on Flaw 1 above).

Flaw 2 - Windows' opaque and illogical file system presentation

Mac OS X applications and files are organized into clear, obvious security contexts. In Windows, the user, local and system contexts are muddied. Directories containing applications and settings are considered too confusing and dangerous to even display for users, so when a user tries to browse the file system, they are presented with: These files are hidden. This folder contains files that keep your system working properly. You should not modify its contents. /WINDOWS, but the directory is mingled with third party additions, the problem that the reserved /System directory solves on Mac OS X. Microsoft installs Windows into /WINDOWS, but the directory is mingled with third party additions, the problem that the reserved /System directory solves on Mac OS X. (read the entire article by clicking on Flaw 2 above).

Flaw 3 - 'Least privilege' is impractical and broken
In the classic Mac OS (as with DOS), there was no concept of users or security. Users launched applications that could do anything. The system couldn't prevent users from deleting or overwriting critical files, and any application could stuff the System Folder full of Extensions that directly modified the system. (read the entire article by clicking on Flaw 3 above).

Flaw 4 - No signal of privilege escalation
Not only is it excessively difficult to run Windows as anything but an administrator (as noted in the previous point), but once logged in as an administrator, Windows users are not prompted to authenticate when performing a root level administrative task.

Since everyone is running Windows as an administrator, malicious code has no problem getting installed, without Windows ever flagging the user that important security permissions have been handed out, particularly during an installation.

The result of multiplying flaws two, three, and four explains the current plague of viruses, adware, malware, spyware and other flavors of malicious code that are so easy for spam-based marketers to foist upon vulnerable Windows users. Unfortunately, these flaws are all deeply rooted both in Window's architecture and culture. (read the entire article by clicking on Flaw 4 above)

Flaw 5 - Windows' expensive processes
Another problem for Windows is that launching a new process is expensive. While Unix was designed to be very efficient at spawning new processes, Windows NT was designed to handle parallel processing using multiple threads within a single process.

Creating a new process in Windows takes a "non trivial amount of time to launch, and each process consumes a fair amount of system resources," so Windows frequently tries to pack multiple services into a single shared service process to skimp on the number of expensive processes that have to be launched and maintained. (read the entire article by clicking on Flaw 5 above).