That's my point. No longer the case.
Leaving aside that a bit of work even on the 10-year-old Windows XP would secure the machine very well (which included changing permissions to %SystemRoot%, which we used to do) - provided some basic maintenance (App upgrades, mostlyu, as OS upgrades are typicaly scheduled and automatic -, today the problem you mention is just not there any longer. Which is why I don't consider Windows inherently less secure in this respect.


Assuming this is true, how is this speaking about how secure Windows is today? An afterthought does not necessarily mean "poor implementation". There have been excellent cases of afterthoughts in history of IT, and technology in general.
That's why I was asking for facts (papers, tech documentation) that shows where this inherent lack of security is.


And many others don't. Again, please don't think I am trying to prove you wrong. What I am saying is that as far as I am concerned there really is no final word, there; security of various current OSs in the market has been constantly increasing over time, and at each new release, version, patch, if we could scientifically and factually measure security, the winner cup would shift from one hand to the other continuously.
Claiming that Windows (or OSX, or Linux) is a "more/less secure" OS in such general terms, maybe just because of that OS specific history, or because we "like it better", is just not convincing at all, to me.


As to: http://sec.apotheon.org/articles/the-importance-of-privilege-separation
That article contatins opinions at most. Information on Windows is just wrong or inaccurate, possibly referring to the other DOS-Based Winodows (95/98/ME) which has nothing to do with current Windows and its predecessors (7/Vista/XP/2000/NT4.0). Mostly, it is all but factual.
Same goes for http://www.techrepublic.com/blog/security/bolted-on-security-features-arent-secure/376 , which clearly claims (again with not facts) that Windows evolved for DOS, so clearly the guy is referring to the other Windows, not the one most people use in 2012. And again, not factual. And they're both so old that the authors, clearly ignoring most basic facts of Windows in those years, would not even imagine what the years-to-come Windows 7 would be.


What makes you say that? I see hundreds of hotfixes every year that do exactly that: fixing. And they have nothing to do with the firewall. And, they don't break any existing code. Again, for years, we've adopted various update strategies, in various departments. Some machines (hundreds) where updated right away upon release, others were updated via the internal WU server after test and approvals by us. In either case, very, very few cases of incompatibility came up. Maybe 2 or 3 in 10 years. And with specific old applications. Saying that Microsoft updates "break" existing code is in my experience just a popular myth. But again: do we have any >>stat<< from a third party analyst that shows with actual data how MS updates broke existing code more or less frequently than any competitor, if there's any: MS Update service is possibly the largest and most complex in the world (but still); and, in a specific timeframe, possibly in the last 5 years, just to look at data that has any relevance today? not that I know of, but any hint is welcome.


I agree on this, in these terms:
I too think that Windows never successfully allowed generic user to work easily without using the Admin account. But thechnically it has always been possible and doable, in the past with most applications, today with virtually ALL current apps. And it was done, and it is being done, every day, successfully. Still, doing any such thing, in the past more than today, would require a more experienced user, at times a professional, to prepare the machine properly. Nothing that the average user would be able to. So, in homes, all use Windows as an Admin.
But this is why I do not consider this an >inherent< lack of security of the OS, but rather a User Experience Design fault. But this is just how we define "inherent", I suppose, so maybe I am wrong in the meaning I assign to the word itself.


Today, I simply believe that it is possible that Windows 7 64bits patched few days ago and OSX Lion patched and updated as well are one more secure than the other. And, whichever is the most secure, situation may change next month.
One thing is sure, I think: we'll see more and more viruses and torjans for OSX as it is now popular enough.