I discovered ACLs on some flavor of UNIX in the 1990s and tried to play with ACLs for a while. What I found was that a granular approach to security simply does not work for anything but trivial scenarios because of the amount of state that needs to be understood and managed. It turned out that in order to manage ACLs efficiently I would need additional tools to keep track of all the state and to discover potential problems in the configuration. The tools that came with the OS were not much help. Also, it took quite a while to communicate how the ACLs were set up, and why, to my colleagues.
I've always found compartmentation to be a far better strategy than granular control. Mostly because it means you can reason about a system at a much higher level and you do not need to keep a lot of knowledge about state in your head while doing so.
In fact, on most well-run UNIX systems I have seen, compartmentation seems to be the dominant strategy for managing security. The simplest form of which is to assign different users to different subsystems and to restrict access to these users as much as possible. For instance, if you run a database, you create a user owning all the data files managed by the database. You then, very selectively expose only what is needed to interact with the database to other users. (Interestingly you usually do not let the database user own the binaries since there is no need for the database user to manage these files).
On various UNIXen, tools for offering compartmentation have been around for quite a while. Ranging from various forms of "jails" all the way to running virtual machines. I've even been involved in running a startup that sought to harden the Linux kernel in various ways to provide some tools to make compartmentation better (although this was never any sort of commercial success -- we ended up finding success in entirely different areas :-) )
My experience with operating systems and security is that it is extremely hard to make something that is both secure and user friendly. I do not expect operating systems that are appropriate for general consumer use to become particularly secure any time soon. We make security sacrifices because quite frankly we don't know how to reconcile these problems.
It is also my experience that anyone claiming that OS A is inherently more secure than OS B is usually full of shit. In particular, anyone claiming the opposite of what empirical knowledge suggests, is a moron. Empirical knowledge seems to suggest that there is more malware and more problems with malware on Windows than any other OS, thus the statement that Windows should somehow be more "secure" is pure nonsense. Yes, it may present a larger target and more effort may have gone into making windows more secure, but to claim that it IS effectively more secure is, to be quite frank, a little bit insulting since it is a departure from observable reality.
Note that I am not saying that Linux or OSX or FreeBSD is inherently more secure than Windows, but I will say that I think the traditional way of reasoning about security in UNIX environments is a lot simpler than in Windows environments.
And simplicity is extremely important in security.
I agree that this works well with isolated systems, but this becomes a problem in enterprise networks. A distinct advantage of ACLs in Windows is their integration with AD. While there are many problems with AD, there are also logistic problems with having 100 different users on 100 different servers with potentially 100 different passwords. This could easily lead to bad password policies.
I've always found compartmentation to be a far better strategy than granular control. Mostly because it means you can reason about a system at a much higher level and you do not need to keep a lot of knowledge about state in your head while doing so.
In fact, on most well-run UNIX systems I have seen, compartmentation seems to be the dominant strategy for managing security. The simplest form of which is to assign different users to different subsystems and to restrict access to these users as much as possible. For instance, if you run a database, you create a user owning all the data files managed by the database. You then, very selectively expose only what is needed to interact with the database to other users. (Interestingly you usually do not let the database user own the binaries since there is no need for the database user to manage these files).
On various UNIXen, tools for offering compartmentation have been around for quite a while. Ranging from various forms of "jails" all the way to running virtual machines. I've even been involved in running a startup that sought to harden the Linux kernel in various ways to provide some tools to make compartmentation better (although this was never any sort of commercial success -- we ended up finding success in entirely different areas :-) )
My experience with operating systems and security is that it is extremely hard to make something that is both secure and user friendly. I do not expect operating systems that are appropriate for general consumer use to become particularly secure any time soon. We make security sacrifices because quite frankly we don't know how to reconcile these problems.
It is also my experience that anyone claiming that OS A is inherently more secure than OS B is usually full of shit. In particular, anyone claiming the opposite of what empirical knowledge suggests, is a moron. Empirical knowledge seems to suggest that there is more malware and more problems with malware on Windows than any other OS, thus the statement that Windows should somehow be more "secure" is pure nonsense. Yes, it may present a larger target and more effort may have gone into making windows more secure, but to claim that it IS effectively more secure is, to be quite frank, a little bit insulting since it is a departure from observable reality.
Note that I am not saying that Linux or OSX or FreeBSD is inherently more secure than Windows, but I will say that I think the traditional way of reasoning about security in UNIX environments is a lot simpler than in Windows environments.
And simplicity is extremely important in security.