Let us discuss some of the things I have noticed that make macOS or GNU Linux more secure by default. This is a very subjective topic and this post is my personal opinion based on my daily observations.
The thing is, Windows is more vulnerable because of the backdoors that these companies have to implement for the agencies, you know, the Big Brother. And then they get leaked and create more attack surface with very little effort. It has also happened in some free software projects where lead developers are asked to implement a backdoor.
As you can see, backdoors or loopholes intended for the good guys are also widely available to the bad guys.
I can't resist quoting the words of Trevor Timm (executive director of the Freedom of the Press Foundation in 2015) in response to President Obama's comments on China, which raised the issue of Chinese tech companies installing backdoors in their products.
Obama’s comments were dripping with hypocrisy, says Trevor Timm. Don’t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on — now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won’t he order the FBI and NSA to stop pushing for it as well?
Poor implementation of Encryption
Another is poor implementation of security stuff. For example, if you know companies like Google, they never implement quality client-side or end-to-end encryption in their products like webmail, because they are asked not to, I think. Other than that, I don't think Protonmail's engineers have any prerogative on webmail encryption technology. Google can probably do it much better. It's just that they don't know how to use the PGP/GnuPG libraries for the programming languages they use. If not, they could just Google it, right? Pun intended. One such popular example in Microsoft world is how Microsoft deliberately makes their disk encryption program and its recovery options very simple, making them vulnerable. And sometimes not even available to regular home edition users or those with incompatible hardware. Have you recently encountered similar problems on macOS or GNU Linux distributions? I don't think so.
A functional App Store, it matters!
Another reason why macOS is generally safer than Windows OS is that, unlike the Windows App Store, its App Store is actually used by its users for applications. So unless you are downloading from random sources, or from a link on your favourite blog, or from a new website offering you 75% off a popular piece of software, the chances of your system being infected are slim.
The popularity of the macOS App Store can be judged by the fact that the popular free/libre VPN software's client called WireGuard is only available through the App Store on macOS, just as it is on iOS. I am sure that Mr Jason or other members of the WireGuard team have thought about this.
This is exactly why GNU Linux distributions shine, because most home users do not even know how to download and install a piece of software or a package from a random package file. So for the majority of home users, the source is the official repo or things like flatpak or snap and so on. These sources are, of course, thoroughly checked for bugs and are less likely to invite or let malware into your system.
Another big reason is software piracy on Windows platforms. What happens is that you yourself invite some of the strangest packaged stuff onto your Windows system, assuming you have tricked the publishers into bypassing the licensing costs.
Especially the youth or beginners - with their video games and cheat codes and licence crackers and whatnot. On top of that, most of these guys end up getting a free VPN to overcome privacy or connection problems with the local ISP while downloading stuff or playing a game. The free VPN takes absolute control of your online traffic, so you don't know what's happening, you can't even ask an FBI agent to investigate what a European VPN node you just connected to, run by some random offshore company, was sending while you were enjoying the pirated stuff. Because that kind of serious investigation might fall under the jurisdiction of the CIA. Not your parents, not the local police, not anyone else.
So if you invite malware onto your PC with open arms, where the malicious party can relax because there's no immediate repercussions, you can't blame Microsoft or the hackers who target their OS. The real culprit is you. Of course, stupid DRM and licensing costs can be a nuisance when you can't afford all the stuff you need. But my recommendation is to find free software substitutes.
Although it is true that Microsoft Windows is the most popular desktop operating system by hook or by crook, this makes it the most attacked OS on the planet. Let us not assume that hackers are working overtime to break into Windows systems, or that Microsoft's budget is too low to write quality code that gives its users great operational security. Targetted hacks and penetration can happen to GNU Linux systems or BSD servers as well. It is just a series of things that we as home users need to be aware of.