Linux vs. Windows vs. macOS: Where Security Actually Differs Artwork

Plaintext with Rich

Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?

Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!

All Episodes

Plaintext with Rich

Linux vs. Windows vs. macOS: Where Security Actually Differs

March 27, 2026 • Rich Greene • Season 1 • Episode 18

0:00 | 7:58

People love to ask which operating system is the most secure. That's the wrong shape of question. Each one is designed for a different job, and that shapes how it gets attacked.

This episode clears up what Linux actually is, how it compares to Windows and macOS, and why the differences matter for security. It starts by explaining why Linux isn't one product but a family of systems built around a shared kernel, then covers how each OS handles permissions, software installation, and administrator access differently. The episode walks through why Windows attracts commodity malware at scale, why macOS trades flexibility for Apple's guardrails, and why Linux incidents usually start not with a dramatic virus but with quiet exposure: an open SSH service, default credentials, or a skipped patch. It busts three common myths (Linux doesn't get malware, open source means audited, macOS and Linux are the same thing) and closes with a five-step starter kit covering patching, attack surface reduction, least privilege, trusted software sources, and recovery planning.

Whether you're choosing an OS for your team, managing Linux servers for the first time, or just curious why your security team cares so much about configurations, Plaintext with Rich sorts it out.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

Setting The Frame: What Linux Is

SPEAKER_00 0:00

This episode isn't going to be a history lesson about Linux. There are plenty of those. This is about clearing up what Linux actually is, how it's different from Windows and say Mac OS, and why those differences matter when we talk about security. Because most of confusion isn't technical, it's conceptual. Welcome to Plain Text with Rich. Today we're talking about Linux and how it really differs from Windows and Mac OS. First, I think it helps to pin down the word Linux because it gets used in a fuzzy way. Linux is the core engine, the kernel. But what you actually install is usually a whole operating system built around it called a distribution or distro. Think Ubuntu, Debian, Fedora, Red Hat, Arch. Same engine, different build choices. And that's difference number one. Windows is one main product line from Microsoft. Mac OS is one main product line from Apple. Linux is a family of systems, one shared foundation, many, many variations. And that's why Linux shows up in places you don't notice: servers, cloud platforms, routers, Android phones, and embedded devices. Linux is often the thing underneath the thing. Now people love to argue which OS is most secure, Rich. And I have to say, I think that's the wrong shape of question. Now each one can be designed for a different job, and that shapes, well, how it gets attacked. If we think about it, Windows dominates desktops in many workplaces and homes, so it attracts huge volumes of commodity malware. Attackers get scale, so well, they build factories. Now, Mac OS is tightly controlled. Apple ships the hardware, the operating system, and a lot of the guardrails, like app signing and permission prompts. That trade-off is, you know, you live inside Apple's rules, and when a bug shows up, well, everyone waits on the same vendor. Linux is different again. It's open, modular, and everywhere. That makes it popular for servers, and servers are prizes. We know this. If you can control a Linux box in a cloud account, you can steal data, potentially mine crypto, or you know, jump deeper into an organization. So, really, Linux isn't safer by default. I really think Linux is powerful by default. Because when we really think about it, security depends on how you run it. Here's one of the biggest practical differences between Linux and Windows, and also a quiet similarity between Linux and Mac OS, and that's permissions. Linux and Mac OS come from the Unix tradition, which treats administrator power as something you step into briefly. On Linux, that all-powerful account is what we call root, and most sensible setups forced you to step into that power with sudo. Windows has strong permissions too, but it also carries decades of software that expected wide access. Modern Windows has improved massively, but compatibility pressure is a real tax. Now, another major difference is how software gets onto the machine. On Windows, the default habit is find an installer online, run it, move on. On Mac OS, it's often the App Store or a downloaded app that Mac OS then tries to verify and gatekeep. On Linux, the healthiest path is to install from your distro's repositories with a package manager. Now, that matters because random download plus admin privileges is a classic recipe for trouble. So a package manager is a centralized supply line, updates, dependencies, security fixes, all delivered in a consistent way. When people use Linux like Linux, they do less drive-by installing. Not saying it's not possible, it's just not as common. But Linux gives us freedom, and freedom creates choices, which means it also creates potential configuration risk. Most Linux incidents don't start with a dramatic virus, they start with exposure. An SSH service opened to the internet with password logins, a web dashboard left with default credentials, a server that didn't get patched because nobody wanted downtime, or a container image pulled from a sketchy registry because it was well fast. The punchline is boring. Linux fails when nobody owns it. So as always, let's do a starter kit that fits real life. Again, if you only change a few things, start here. First, if you're running Linux, patch like you mean it. On Linux, I'll update later turns into I'm potentially running known vulnerabilities. So you have to stay up to date. Enable automatic security updates when you can and track when your distro version stops receiving fixes. Second, you want to shrink the attack surface. If you don't need a service listening on the network, well, turn it off. You can use a basic firewall. Only expose the ports you can explain to another human in one sentence. Third, we really want to keep that admin power rare. Use normal user counts for normal daily stuff. Use sudo for specific tasks. You don't want to run random scripts as root just because they promise to set something up quickly. Fourth, we want to install from sources you trust. And this gets really sketchy nowadays, right? We really need to prefer or shoot for official repositories, but we have to be cautious with one-line install commands from some random blog post. Treat software supply like food supply. Providence matters. Fifth, keep a recovery path. Backups that restore and logs you can actually read. Linux can be fine while it's quietly being used for something you didn't approve. Now, I usually like to do this, but let's you know bust a few myths, right? Myth number one, Linux doesn't get malware. The reality is it gets less mass market desktop malware and more targeted abuse where it runs the world. Okay. Myth number two, open source equals audited. The reality is open source means the code is visible. Safety still depends on maintenance, review, and sane defaults. Myth number three, macOS and Linux are the same thing. The reality here is they share Unix DNA, but they're different systems with different update models and different guardrails. Here's the one idea to keep with you Linux is not a magic shield. It's a flexible platform that can be extremely safe or extremely exposed depending on the decisions around it. Windows, macOS, and Linux, they all have security. The difference is where the defaults point and who is responsible for the knobs. When we mess with Linux, we just get a lot of knobs. Keep it updated, expose less, use least privilege, know where your software comes from, and plan recovery. That's how Linux stays the quiet kind of strong. If something in security feels confusing or overhyped, let me know. Email me, DM me, or leave a comment. Bank tube systems encourage for dramatic effect. Every message gets read, and yes, I will respond. If this episode helped, please share it with someone who'd actually benefit. This has been Plain Text with Rich. 10 minutes or less, one topic, no panic. I'll see you next time.