Modern operating systems are all far more secure than their historic counterparts, but which operating system is the safest? That somewhat depends on how you use it — no operating system is “safe” if you’re constantly visiting dodgy websites, not keeping your computer updated, or downloading risky unknown files. But there are some platforms that are less likely to be attacked, and those with greater scope for stiffer security measures.
Let’s take a look at the most common operating systems and which of them is the safest to use, assuming you do your best to stay safe online.
Want to improve your own security? Make sure you’re using a great password manager to keep your data safe, and consider using a VPN for safer web browsing.
Chrome OS
The safest
Chrome OS is arguably the safest of the mainstream operating systems. It was designed to be a more secure platform than others from day one, taking a more “walled garden” approach, whereby only sanctioned applications can be run easily. That’s partly why Chromebooks are so popular among students and children, because parents and caregivers can use parental controls in the Google Admin console to control what can be accessed by whom.
Built on top of a base Linux kernel, Chrome OS has a number of unique security features. Its operating system is read-only, and updates automatically in the background with no need for user interaction beyond rebooting when required. Since it uses the cloud for storage more than the local machine, it’s particularly hardened against ransomware, which just wouldn’t have much to encrypt if it gained hold.
ChromeOS uses sandboxing more vigorously than the other operating systems, too. Different segments of the platform, like the web browser, are silod so that if it comes under attack, it can’t spread to the rest of the machine.
ChromeOS has a hardened firewall that reduces the ways in which a system can be accessed remotely, further protecting it against malicious attacks. Its Verified Boot system ensures that the device will revert to an earlier version if it detects any unfamiliar code during startup.
The fact that Chrome OS only represents around 2.5% of all desktop and laptop devices, too, means it’s far less worthwhile for hackers and bad actors to write malware for it. It just wouldn’t get the same kind of reach, even if it were easy enough to spread and infect. Which it’s not.
Linux
The best for pro users
Linux has long been considered one of if not the most secure operating system you can use. However, it can’t quite compete with Chrome OS as to make the most of its security — and any aspect of Linux, really — you need to be more technically competent. That makes it easier to make mistakes, and raises the standard for user behavior as far as it impacts security, compared to the other platforms on offer.
But if you are able to make that technical leap and learn how it works and how best to use Linux, it can be locked down like almost nothing else. It’s great out of the proverbial box, too. It doesn’t give root-access to the user by default, requiring administrative approval for many tasks. If your system is infected, that malware can’t do much outside of the particular user account it attacked, rather than having systemwide access.
Linux code is open source, so it’s vigorously checked out by inquiring minds and white hat hackers who help maintain its digital defenses. There are also many versions, or distributions, of Linux that you can use, giving you access to more and less secure options, depending on your wants and needs.
As with Chrome OS, the fact that consumer Linux installs only account for around 3.9% of all devices, makes it a much less juicy target for malicious actors to go after.
macOS
A secure, traditional platform
Apple has used security as a cudgel to beat Windows over the head for decades, claiming that its platform is inherently more secure. Arguably, it is, but it’s not quite as cut and dry as Apple would have everyone believe. We’re a long way from the days of Mac versus PC adverts having any real relevance.
Still, modern macOS is a very secure platform, with a range of anti-malware, anti-ransomware, and anti-phishing technologies. These are all updated automatically so they are ready to thwart the latest threats as they are discovered. Apple’s operating system is also quite strict on what applications can run on the platform, preventing the user from running any potentially harmful apps with its Gatekeeper system. It’s quite difficult to run apps outside of the approved App Store, giving a level of security-minded curation to what you can use on macOS.
The latest versions of Apple’s devices with M-series processors also include a few hardware changes that help secure the platform. There’s a T2 security chip that handles encrypted storage and secure boot functions, and including the memory in the CPU itself can reduce the attack surface compared to traditional systems where the memory is more vulnerable to attack.
The way that Apple controls more of the ecosystem can mean it’s more secure, because Apple can place stricter guidelines on the hardware and the software its operating system runs on and with. But that lack of customization does make it harder for those more technically savvy to harden their security on macOS than they can on Windows or Linux.
As with just about any desktop-based system other than Windows, macOS is simply less popular, too. It has around a 14% share of the overall desktop and laptop market, which means it doesn’t attract the kind of attention Windows does. There is a lot of dedicated macOS malware out there, and some years are worse for Apple than others, but ultimately it’s still less likely to be attacked than Windows.
Windows
It’s not unsafe, but…
The Windows of today is far, far more secure than it’s ever been. So much so that if you’re careful about what you do online and are running the latest version of Windows 11, you can get away without any additional antivirus software. It will make you safer if you run it, but it’s not strictly necessary like it once was.
That’s because over successive versions of its flagship operating system, Microsoft has continued to improve Windows security by leaps and bounds. Windows 11 is the most locked-down Windows yet, providing protections against malware, phishing, ransomware, and a range of other attacks. It has built-in file encryption, a default Microsoft Defender anti-malware tool and SmartScreen for detecting malicious files.
Windows has the greatest breadth and depth of custom software options, too. If you want to use an app from a certain developer, you can. Whether it’s from an individual, a corporation, or anyone else besides. That does raise security concerns — and Windows features like SmartScreen can help prevent those pitfalls. But if you’re running the full version of Windows, you can just about do what you want with it, so it takes a little more user care to stay safe.
But that wide range of apps means you can customize your experience more than macOS. If you want to layer up on antivirus defenses, firewalls, restricted applications — you can. Parents and teachers can install robust parental controls and restrict app access by using Windows 11 in S mode.
The biggest downside to Windows’ security, though, is its popularity. With over 72% of devices in the desktop and laptop market running Windows, it is by far the most attractive for malware authors to target. It has the biggest list of potential targets, so it represents the potential for the greatest return on investment for any malicious actors.
It’s super safe, especially if you know how to stay safe yourself, but Windows is arguably the least secure operating system. Even if it is very secure by historical standards.