At least macos has file access permissions.

p_ing · 2026-02-09T01:35:33 1770600933

You're referring to [Sandboxing] Mandatory Access Controls [0]. Windows doesn't implement MAC in the same way, instead using Mandatory Integrity Controls [1].

[0] https://developer.apple.com/library/archive/documentation/Se...

[1] https://learn.microsoft.com/en-us/windows/win32/secauthz/man...

Windows implements ACLs in a far more granular way than macOS and most other Unicies, however (with the exception of Slowaris).

nusl · 2026-02-09T12:24:17 1770639857

Windows can implement these things as much as they like, but if you paste a command into CMD.exe, it can access your files with no popup like MacOS gives you.

p_ing · 2026-02-09T13:07:25 1770642445

Yes, same thing will happen on macOS.

nusl · 2026-02-10T08:13:08 1770711188

macOS does prompt for permissions when e.g. Terminal tries to access Documents.

TiredOfLife · 2026-02-09T07:27:11 1770622031

https://learn.microsoft.com/en-us/defender-endpoint/enable-c...

zx8080 · 2026-02-08T23:35:32 1770593732

Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.

retired · 2026-02-08T23:39:54 1770593994

I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?

zx8080 · 2026-02-09T04:33:49 1770611629

In Win, access to files are controlled by ACL when NTFS is used (dating back to NT 3.1 with NTFS). So it depends on which user runs a process.

Basic hygiene is very simple: never run as Administrator. Create and use a regular user or poweruser group user. It's similar to a regular linux practice. Use Administrator account when needed only.

trinix912 · 2026-02-09T10:50:25 1770634225

GP is talking about isolation inside the current user. Recent macOS versions ask before allowing a program to access files inside Documents, Desktop, etc. Whether that helps or not is debatable, but it’s not quite the same as what Windows ACLs do out of the box. To achieve the same on Windows, one would have to run the program as a different user to which they’d selectively grant access to the folders inside their profile.

jeroenhd · 2026-02-09T12:19:14 1770639554

You can enable controlled folders on Windows: https://learn.microsoft.com/en-us/defender-endpoint/controll...

It's not enabled by default, though. Enabling it by default would probably break just about every Windows program out there and like UAC on Vista, everyone would turn it off immediately.

p_ing · 2026-02-09T10:48:22 1770634102

You can create a separate user, but even a user in the administrators group doesn't have an admin token until elevation.

If you trust yourself to not blindly click OK on every UAC prompt, a single user account in the admin group is fine.

halapro · 2026-02-09T14:35:41 1770647741

> never run as Administrator.

Computer asks for password. I type in password.

Admin access prompts are honestly a joke even on macOS. The source is completely opaque.

Asmod4n · 2026-02-09T11:36:01 1770636961

Win32 Apps can access anything you can access and also read out some text fields from apps you have running, via accessibility APIs.

tokyobreakfast · 2026-02-09T00:07:24 1770595644

What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.

emmelaich · 2026-02-09T00:56:10 1770598570

It's referring to the fact that Terminal doesn't have free access to all your files and folders, despite what the traditional file access perms say.

tokyobreakfast · 2026-02-09T02:03:40 1770602620

Windows has this too, but it's off by default. I forgot what it's called, that's how often it gets used.

tcoff91 · 2026-02-09T00:48:17 1770598097

He’s talking about sandboxing and permissions prompts