Replies

Equivalent security at rest is possible on windows with TPM. The bitlocker decryption key is stored in hardware with a simple short PIN to secure it since the hash is not accessible and guessing is hardware limited. If you fail (e.g. exceed the guess limit) you need your bitlocker recovery key to get to your hard disk content. That will be probably be printed on paper locked in a drawer.

I don't think anyone really should have issues with security at rest (e.g. leave your laptop or phone on the train) but certainly having recent apple products or windows with TPM will keep your data safe. The problem is more about how to stay safe while the computer is active and you are running programs. In that case the cluttered kernel on Windows is a detriment, still processing attacker-controlled data. In particular windows systems support all kinds of third party hardware with crappy drivers.

That's not the case with Apple or Linux, in Apple's case it's Apple's hardware and drivers, and in Linux there is not much support except open source which can be vetted. Further as Swordmaker pointed out Apple now has System Integrity Protection so critical files cannot be altered by root. (one minor point, generally most Linuxes also disable root by default, but that's obviously not enough).