However: Micro$oft deserves _massive_ credit for biting the bullet and systematically improving their security posture post like IE7.

*nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked), but MS really doubled down on systematic improvements that Linux is only now going through.

See the recent CUPS fiasco, C-code from 1999 running as root, and the "stuck in the mud" mentality that Linux has because there isn't the appetite for consistent investment and wholesale overhauls.

It has to do with "activation energy" and "local maxima". Linux feels like it's reached the local maxima, and it's a pretty tall peak to start from, so we can't get over the hump to make a step-change or drop back to a hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0" (eg: take the loss for a decade or so in reduced functionality to end up on a more sane "other side" with better security principles and systematic depreciation of inefficient or insecure API-types).

There was a LWN article which talked about "permissions should be managed at the mount level, not the file level", and honestly that makes so much more sense, but it "loses" POSIX, and no one person is willing to "break linux" to admit to that mistake. Tons of other examples (eg: file race conditions, unprivileged by default, more protections on /usr than /home, etc)