They have it in massive air quotes. We continue to see cross-user privilege escalation and their separation model is complicated and full of holes and bugs. Part of that is terrible design, and part of it is a need to ensure backwards compatibility. They could have gone with UNIX's users model, but they didn't. The saving grace is that to this day virtually all windows machines are owned and used by a single person.

Remember, this is the company that, when faced with a choice between revoking certs that are being actively used for malware and not breaking old drivers, chooses to preserve the old drivers. They do insane things like https://devblogs.microsoft.com/oldne...15-00/?p=41043

Except Windows suck on desktops. It conquered it thanks to monopoly and bad practices.

Really? When was the last time you had to google how to enable browser video acceleration on Windows? When was your printer declared paperweight because the manufacturer didn't provide Windows drivers?
I mean, it's not perfect or anything like that, but pretending it's just a pile of crap is just childish.

you forgot windows "features":
more and more built in spying on you/data collect you tech.
forever license which are worthless because they will kill it and force you onto new version maybe through hardware ways.
i left one box running a job on the network, i come back later it was rebooted back to windows nothing running === what a feature.

I fail to see your point. Just because some things are messed up on Windows, I should pretend all of them are?

I agree with the video acceleration, but not with the printers. Many, even very expensive ones, died with the move to the 64bit Windows. They work in Linux fine (some companies e.g. use an RPi as the network interface to the printer).

My not so old Brother printer would like a word with you

When will Steam get a similar patch for Windows to secure multi-user machines? After all, unlike on Linux, Steam installs to Program Files but allows all members of the Users group to have Full Control, which is a much bigger issue than this git vulnerability!

They got a number of things wrong initially but to their credit, they attempted the virtually impossible: going from a singe-user cooperative multitasking system with no memory management to speak of and no concept of security to a full-blown modern preemptive multiuser OS with memory protection and access control, all the while maintaining very high backwards compatibility. This is known to be extremely hard. Apple was facing the exact same challenge (remember Project Copland?) and eventually gave up, bought out the NeXT OS instead and only offered backward compatibility through a VM and emulation. Microsoft did it, but of course not without massive pain along the way. They also initially believed that "more is better" when it came to security granularity which made the initial versions of NT very hard to manage.

BTW the UNIX user model is insane in its own way. In fact while Windows has learned some hard lessons, Linux is also moving beyond the UNIX multiuser model. With polkit, seats, cgroups and the more fine-grained privilege management built into systemd (the so-called and wrongly named "capabilities" are not a systemd feature, but systemd exposes them in a way that's finally practical and easy to use), it's becoming a lot more like Windows. They will probably meet somewhere in the middle.

I also wouldn't blame MS for the certificate issue. They only had two very bad options: preserve the old drivers and let malware spread, or revoke the cert and face the wrath of users whose drivers would stop working. There is no good solution there and for better or worse, MS chose to preserve backwards compatibility, which is something they always put very high in their priorities list.