> Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"

Well I dunno if that's true, that's why I didn't say it. Linux _may_ be the best solution overall I am not sure. It is definitely not the best solution from a security perspective.

> Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users.

Just whitelisting packages isn't enough. ChromeOS effectively does this and their whitelist is extremely small, yet they are still only ok with that because they backed it up with the rest of the pieces needed to make a secure Linux desktop, including a fully vertically integrated stack.