The difference in design philosophy are rooted in their origins (the history).
Windows, is just a fancy shell on top of DOS. PC DOS was designed for standalone low power "Personal Computers". They were not networked, and did not run business software. Security was not only irrelevant, it was an unneeded BURDEN on the system and the user. Many years after DOS was designed, PCs went into business. They were still standalone, single user machines. Networking consisted of "sneaker-net" on 5 inch and 3 inch floppy disks. Eventually the business PC's were added to inhouse only networks.
Unix on the other hand started on (relatively) high power CPUs, multi-user networked environments. Security had to be built in from the ground up, from day one.
The argument that you can't use Windows in "user mode" just doesn't fly. I have never had admin access to my corporate PCs. I have never run my home PCs on a day to day basis in admin mode. I always use a "user" class ID (previously in XP, now Vista). Granted I need to know my Admin password, but other than that I get along just fine.
Sure you have to "train" your users, but they need training just to use the machine. Yes, training Mom, Pop and the Grandfolks can seem like an exercise in futility (teaching my 80 yr old father was/is 'painful'). But then again, constantly providing tech support for machines that get infected due to poor user knowledge really IS an exercise in futility! One of the definition of insanity is doing the same thing over and over and expecting a different outcome. Hmm, sounds like the average "uneducated" home user Windows experience.
I just read this year old post:
http://forensicir.blogspot.com/2009/11/why-limited-privileges-dont-matter.htmlIt suggests that using limited privilege, USER, accounts is losing it's benefit. The bad guys are adapting. It still limits the harm possible but it is no longer the ultimate panacea. I'd be interested to see any responses to that article.
