GP is talking about isolation inside the current user. Recent macOS versions ask before allowing a program to access files inside Documents, Desktop, etc. Whether that helps or not is debatable, but it’s not quite the same as what Windows ACLs do out of the box. To achieve the same on Windows, one would have to run the program as a different user to which they’d selectively grant access to the folders inside their profile.

You can enable controlled folders on Windows: https://learn.microsoft.com/en-us/defender-endpoint/controll...

It's not enabled by default, though. Enabling it by default would probably break just about every Windows program out there and like UAC on Vista, everyone would turn it off immediately.

You can create a separate user, but even a user in the administrators group doesn't have an admin token until elevation.

If you trust yourself to not blindly click OK on every UAC prompt, a single user account in the admin group is fine.

> never run as Administrator.

Computer asks for password. I type in password.

Admin access prompts are honestly a joke even on macOS. The source is completely opaque.