Re: This oculd be due to the popularity of windows...
"I don't know if you have a citation for that but in my experience nearly all the malware is either from the malware using a hole in an application that already has escalated privileges (every installed application on your system, eg Flash, Java etc) or can run from userland and doesn't need escalation - eg. cryptowall."
Not really. Spend some time on a warez site and you'll quickly discover just how much malware is delivered via simply asking the user to install it. Like those endless browser object malwares from the mid-2000s that often came bundled with legit software; you downloaded Java, don't untick the minuscule 'also install computer syphilis!' box, and then had to spend the following six weeks trying to peel it off the system. Oracle still haven't stopped shipping toolbars and hijackers with Java.
Besides, most breaches are now more of a combination anyway - there's a significant social engineering element to convince the user to allow the vector to be opened (faking a conference so that you can deliver a fake calendar invite that delivers your payload; metasploiting a fake website etc).
In the end, though, if you think that modern Windows is significantly less secure than Mac OSX, then that just means you don't understand how to configure a modern Windows box properly. Security pros don't see Windows as being any worse than Apple in terms of inherent security - in fact, many find Apple's walled garden deeply worrying because it runs counter to the 'assume you're already breached' philosophy which now dominates infosec (hence why Eugene Kaspersky claimed Apple were over a decade behind Microsoft in security terms in 2012 or so - they are literally working in a different paradigm from modern IT security, like if there was one cutting-edge science lab which insisted on still explaining everything in terms of Phlogiston and Aether).
Biting the hand that feeds IT
