> I use linux VMs and containers for all my "hacking" where I need total control and customizability of the OS
> On my workstation and phone, where I do my banking and read emails, I'm willing to trade control and customizability for an extremely locked down high trust operating environment.
Excuse my French, but uh what? A browser accessing a bank in a Linux virtual machine running on bare metal is by far more secure than desktop MacOS running on bare metal.
At the end of the day, for the activity you described (browsing), what you must be able to defend against is the inherent insecurity of the browser. Linux provides all manners of process, network, etc isolation via CGroups and can be enhanced by SecComp to limit the usage of typical exotic syscalls used in kernel exploits.
MacOS has what for that? The best opportunity you have for defense is to run qemu so that you can run... Linux. The corporation you work for doesn't use Apple because of their stellar security posture, it uses Apple because they can buy mobile devices (phones, laptops) preconfigured with MDM which saves a lot of money.
> Excuse my French, but uh what? A browser accessing a bank in a Linux virtual machine running on bare metal is by far more secure than desktop MacOS running on bare metal.
Facts are most definitely not in evidence for this claim.
> On my workstation and phone, where I do my banking and read emails, I'm willing to trade control and customizability for an extremely locked down high trust operating environment.
Excuse my French, but uh what? A browser accessing a bank in a Linux virtual machine running on bare metal is by far more secure than desktop MacOS running on bare metal.
At the end of the day, for the activity you described (browsing), what you must be able to defend against is the inherent insecurity of the browser. Linux provides all manners of process, network, etc isolation via CGroups and can be enhanced by SecComp to limit the usage of typical exotic syscalls used in kernel exploits.
MacOS has what for that? The best opportunity you have for defense is to run qemu so that you can run... Linux. The corporation you work for doesn't use Apple because of their stellar security posture, it uses Apple because they can buy mobile devices (phones, laptops) preconfigured with MDM which saves a lot of money.