Actually it doesn't. But is still a far cry from this recent exploit from Apple. Not even remotely the same. Dont pretend like they are. Windows 10 never had a exploit like the "root" exploit from Apple. Never.
“This is not a vulnerability but a method of bypassing a defense-in-depth feature – and it requires administrative privileges to work."
https://threatpost.com/latest-windows-uac-bypass-permits-code-execution/119887/
Why defend Apple on this? This is mind boggelling to me.
I'm not defending Apple on this bug, earlier in the thread, I call this a giant WTF on their part. It's also one of the worst Apple bugs in recent memory, as it can be automated more easily than most of the elevation bugs, which tended to be physical access elevation holes.
But the issue at play here is that you made a claim that Windows 10 is better here. It really isn't. The biggest issue that Windows has is that it is still relying on a security model that dates back to Windows XP. One where the default account is already root, and UAC was originally a full barrier between admin accounts and "root", but then gutted in Win 7 to not be that anymore. The statement above is basically an admission that on Windows, an admin account is effectively root, full stop. And unfortunately, they aren't taking steps to funnel users into safer configurations during setup of new machines or OS installs.
Meanwhile, Apple has been bolstering their security architecture. Root hasn't had permissions to write to much of the built-in parts of the OS since 10.11. Sandboxing is available to more developers than on Windows as a means to make it harder to turn a 3rd party exploit into an OS or user data exploit. Apple's architecture for securing biometric data is designed by a paranoid person. TPMs could learn a thing or two from the design.
Honestly, in a world where bugs are inevitable results of fallible human engineering, the security architecture is important as well. And it's something that Microsoft hasn't quite really taken to heart yet. Process-wise, Apple has
always been behind the curve. It's been a long-standing complaint for
years. Microsoft has endured the trial by fire on the importance of staying on top of security audits and patches. And yes, they've learned a lot.
Apple, on the other hand, hasn't really seemed to have learned the importance of security audits over the years. They have gotten slapped with more high profile bugs as a result, despite both platforms having the usual run of exploits found over the last couple years. But, the one thing Apple has been learning, is how to harden the architecture of their hardware and software. Something that Microsoft has been unwilling or unable to really attack on the same level.
How about the recent iOS 11.2? Another diaster. How many bug fixes since iOS 11 released? With Apple pay cash on 11.2 some people have it and some don't. Huh? Really? A multi-billion dollar company.
Nope, Apple's QA could use work, no doubt. Microsoft's isn't a golden goose in that regard either. With Windows 10, they've changed their cadence of patches, but speaking from experience, that doesn't mean the bugs don't exist.
That said, I do find it a bit funny that you throw in an issue with flighting a feature as a massive QA failure. Although I have seen a few high profile flighting gaffes in my time.
I'm also pretty jaded at this point. Only the younger naive version of me would expect bug-free software. I honestly laugh at the assertion that between Apple and Windows, the security one option provides is superior than the other. They both made certain investments, and they are taking their chances.
For now, the egg is on Apple's face. I'll just wait for the next high-profile gaffe on Microsoft's part.
