Privilege management. As I said above, I feel that both systems have been taking small steps backwards here, perhaps with the rationale of making things easier for the end user. A security-savvy owner is forced to create administrative and non-administrative profiles in both systems in order to completely separate these tasks. From my point of view, this is a mistake that is going to haunt us in the future.
Still, Im going to give a slight nod here to Snow Leopard, because I can again get to the UNIX command line and run privileged operations easily via the sudo command, making it a bit easier for me to keep my administrative and production worlds separate.
Qualitative score: Snow Leopard gets a D+ while Windows 7 gets a D-.
Program management. Not much has changed here from previous versions of OS X or Windows. I still feel this is an area where OS X truly shines. Putting all of an applications files into a single bundle in the /Applications folder makes a world of sense to me. Removing unwanted apps; upgrading to new versions of apps; archiving apps; all of these basic functions become trivial in OS X and remain a nightmare for me in Windows.
I still dont feel I can remove a major application from a Windows system without leaving behind significant residue, be it directly in the file system in the form of remnant DLLs or in a registry hive somewhere that the uninstaller didnt clean up.
Qualitative score: Snow Leopard gets an A while Windows 7 gets a D.
Access controls. Not much has changed here. As I said, both systems install a default user with administrative access. The good news, though, is that the default read-write access settings on most system files is disabled on both systems.
As in the past, I was able to tweak my Snow Leopard installation so that my desktop user is unprivileged and only my administrative user has read/write control over applications. I still find myself sweeping through the system periodically to clean up the default access controls left behind by various application installers that leave /Applications and /Library/Application Support open to world read/write.
As for network access controls via the firewall, I find a lot to not like in both systems. I have essentially 3 settings in Snow Leopard: allow all, disallow all, and allow per-application. Once you learn how to work with these, theyre relatively simple, but the user interface isnt as smooth as it should be.
Windows similarly allows the user to adjust firewall settings. They have, however, two extremes to choose from. The basic settings are very simplistic for the end user. If you go into the advanced settings, on the other hand, the settings are hugely and overly complicated.
Qualitative score: OS X gets a C while Windows gets a C.
These certainly arent all the criteria that would be relevant to compare, but theyre important aspects of a systems security to the end user. A reasonably tech-savvy consumer can certainly find a lot to like and dislike in both operating systems. Windows 7 seems to me to have made great strides in making security choices simpler for the end user, but perhaps theyve taken that too far in some areassuch as firewall controls.
Ive become convinced that, in order to get security right, software must first and foremost be intuitive to the users. As a veteran of Windows, Linux, and Mac desktops, I firmly believe Apple is vastly ahead of its competition in this regard. Windows 7 has shown remarkable improvements, but still has miles and miles to go.
In the end, I believe neither system is drastically more secure than the other. They both offer a solid set of security capabilities, for sure. Even still, I remain a firm believer that Im safer on Snow Leopard than I would be on Windows 7.