[dayglored]

Windows security has improved a lot over the last decade, but it started so far behind, and had so many bad guys attacking it, it took time to catch up to Linux and MacOS. These days, IMO, they're all roughly equal, and as a result security is mainly about your browsing and email-reading habits, whether you're on Windows, Linux, or MacOS. Mistakes like clicking on bad links, or entering credentials into spoofed websites, can happen on any platform.

The vulnerability you posted in this thread is a good example of how platform-independent applications carry potential problems everywhere.

With regard to Windows, I have multiple Win7 instances, of which all but one are VMs; the exception is a dual-boot (BootCamp) on my Mac. They're for running Windows-only applications -- I don't use them for internet access other than updates. My internet work is done primarily on MacOS and Linux (CentOS and Ubuntu), but that's mostly because a lot of my real work is done at an SSH xterm, which are properly integrated into those platforms; none of the third-party bolt-on xterm/SSH solutions for Windows are nearly as handy for my work.

[Texas Fossil]

I largely disable SSH and use TLS only with full range of versions listed. Some websites don’t like that setting.

SSH is still not very secure and and there is no “fix”, but for that matter TLS is only slightly more secure.

Something better must be in the pipeline. But I haven’t seen it.