All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s
Well, it's not like there are that many alternatives. macOS is out of the price range for public service and most large companies, in addition to a lot of specialist software not being available for macOS.
Linux has it even worse regarding application compatibility on desktop - and no, WINE is not an option, because the kind of software used in public services comes with strict stipulations where you can run it, sometimes down to minor versions, and if you violate that, the vendor can and will refuse support. For a lot of FOSS software, there isn't even commercial support available so it gets automatically off the list because companies actually want to pay people so that they have someone to talk to when they get issues. And that's before you hit the cost wall that is employee (re)training.
IMHO, it would have been the role of our governments to mandate MS get their shit together first before diving into AI and advertising crap.
*nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked), but MS really doubled down on systematic improvements that Linux is only now going through.
See the recent CUPS fiasco, C-code from 1999 running as root, and the "stuck in the mud" mentality that Linux has because there isn't the appetite for consistent investment and wholesale overhauls.
It has to do with "activation energy" and "local maxima". Linux feels like it's reached the local maxima, and it's a pretty tall peak to start from, so we can't get over the hump to make a step-change or drop back to a hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0" (eg: take the loss for a decade or so in reduced functionality to end up on a more sane "other side" with better security principles and systematic depreciation of inefficient or insecure API-types).
There was a LWN article which talked about "permissions should be managed at the mount level, not the file level", and honestly that makes so much more sense, but it "loses" POSIX, and no one person is willing to "break linux" to admit to that mistake. Tons of other examples (eg: file race conditions, unprivileged by default, more protections on /usr than /home, etc)
Doesn't seem to have really worked for MS though, as evidenced by their many significant security lapses over the last several years.
The US Gov even officially called them out on it a few months ago, specifically singling out MS for their atrocious repeated security fuck ups.
https://www.itprotoday.com/attacks-breaches/the-story-behind...
https://www.microsoft.com/en-us/security/blog/2022/01/21/cel...
...while they may also (deservedly) be getting flack now, 20 years ago it was orders of magnitude worse.
Windows NT started as a multi-user, permissioned, and network-aware OS. The team that built NT came from DEC, not the MS-DOS team.
Windows Me was the last version of Windows that had any form of DOS underpinnings.