A very long time ago, Windows normalized the absolute worst security practices ever. This was never meaningfully addressed/punished publicly and we just kind of drifted to today -- where we're stuck with absurdities like the fact that you can't use a USB key literally as intended. No other product is this bad in terms of security; bread will not destroy your toaster the way a USB key can your computer.
Windows being inherently insecure hasn't been the issue since at least mid-XP. It's also a completely moot point, because nearly any security breach since then could have been conducted over snail mail, because it has nothing to do with how computers are programmed. While everyone was complaining about windows security, stuff like shellshock sat in the open for decades, including on all the servers that were supposedly so secure.
Every organization that does internal phishing testing still fails every time. Any modern discussion about information security that doesn't deal with that is a red herring, and provides zero utility to anyone who isn't the enemy of a nation-state. Focusing on the remaining few buffer-overflows that take a chain of ten other exploits to even reach in the first place while everyone's data and info is leaked daily because the CEO clicks everything in an email is a dereliction of duty. It's like investing in StarWars and magic lasers that can't work while placing nukes on Moscow's door step.
"Security Researches" keep looking for the buffer overflows because that's fun and they don't want to admit that the real problem is a social one because that's hard and boring and doesn't let them play with the newest fuzzer or get them a $100k bounty.
I get what you mean here, but I still can't help but think that the Windows "make everything run really easy" mentality still crept in and stuck around,and to this day prevents software from implementing better ideas of "who or what really needs to run executable code?"
Like Javascript? Sure, it's VERY versatile, but "just download arbitrary code and run it in the browser?" That should have never happened in the way it has.
A very long time ago, Windows normalized the absolute worst security practices ever. This was never meaningfully addressed/punished publicly and we just kind of drifted to today -- where we're stuck with absurdities like the fact that you can't use a USB key literally as intended. No other product is this bad in terms of security; bread will not destroy your toaster the way a USB key can your computer.
You can't JUST put this on market share.