The thing is, if Microsoft actually ever released a secure operating system, they couldn’t get away with the strategy of planned obsolescence wherein the chip and peripheral vendors they are in cahoots with quit making drivers for older Windows versions.
Without this inherent insecurity, one could buy copies of Windows and then pretty much use them forever because a few years of bug patches would fix the bugs, and since security patches wouldn’t be needed, so-called Microsoft support wouldn’t be needed either, and one could use a stable and secure Windows for decades, and vendors of new chips and peripherals would be willing to keep making new drivers.
This is the real reason Microsoft refuses to secure their operating systems, because it’s not really that difficult for them to do that, namely quit making all login ids superuser by default and forbidding the execution of software that hasn’t been installed by a superuser into a secured location, and perhaps setting and enforcing security (and crapware avoidance) standards for major software vendors.
Apparently whoever came up with Device Guard didn't get that memo.
Yeah, step off the ledge.
Nothing in the software world is secure. Not OSX not Linuux, not BSD. Some are more secure than others but the fact is when it comes down to it if someone wants into your system they will find a way.
If you wanted 100% security you would never log on, you would never buy new peripherals. Of course if the USA and the world went that way we would still be in the 80’s with computing power.
But thank G— luddites like you do not drive the software community.