Everything. I mean literally everything. Every single sentence.
First of all.. calling NT 'not multi-user' is laughable. Anyone who knows anything about OS design knows that NT was designed from the ground up to be muti-user - with an extremely well thought out token/object security model that was hands down superior to any other general purpose mainstream OS at the time.
Secondly secureboot is not an active security model. It is a one-time validation of a chained-loading sequence from the uefi/bios to the OS kernel. It has nothing to do with "patching holes" in NT. NT is already a highly secure operating system. Infact, there have only been a very small amount of kernel vulnerabilities ever found in NT compared to most other widely used OSs.
Secure boot is also nothing new. They have been using something similar on the xbox 360 for years. In any case, Secure Boot is an OS agnostic general security 'best practice'. Many Linux distributions are also adopting it.
I wouldn't call NT security model hands down superior to any other general purpose mainstream OS at the time. Much more complex and fine-grained, yes. However, it is the same complexity that is killing it. Nobody has the time to learn it properly and secure the system appropriately.
So in the end, worse is better, because it is usable in practice by people with deadlines.
Similarly, in the Linux world, SELinux provides much better security. But then again, very few people know how it works and how to configure it, so even when it is enabled, it relies on policies supplied by OS vendor.
I don't agree with your comparison. NT's security model does not have to be exposed to every single end-user for it to be useful. For e.g. things like taking a process token and stripping its rights to adding a layer of security to the processes is much superior to a chroot type hack. Modern UNIXs have added apparmor, but then again I was comparing NT with the OS landscape in the early 90s. Also file system ACLs is another place where NT was superior. There was nothing comparable elsewhere at the time.
The problem is you're comparing two unequal things and calling it even. Linux clearly has had to deal with several challenges in improving its design due to its UNIX heritage (time-sharing OS, synchronous I/O, blocking syscalls, etc), while NT did not because it was a fresh design.
Frankly this type of discussion is more suited for a comparative analysis type paper than the comments section. Also, FWIW - I don't claim any special expertise or knowledge on OS design, its simply a topic of general interest of mine.
Everything. I mean literally everything. Every single sentence.
First of all.. calling NT 'not multi-user' is laughable. Anyone who knows anything about OS design knows that NT was designed from the ground up to be muti-user - with an extremely well thought out token/object security model that was hands down superior to any other general purpose mainstream OS at the time.
Secondly secureboot is not an active security model. It is a one-time validation of a chained-loading sequence from the uefi/bios to the OS kernel. It has nothing to do with "patching holes" in NT. NT is already a highly secure operating system. Infact, there have only been a very small amount of kernel vulnerabilities ever found in NT compared to most other widely used OSs.
Secure boot is also nothing new. They have been using something similar on the xbox 360 for years. In any case, Secure Boot is an OS agnostic general security 'best practice'. Many Linux distributions are also adopting it.