All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s
*nix started from a better _initial_ posture as it was multi-user, permissioned, and network-aware from the start (vs. corporate MS-DOS => single user => GUI => networked), but MS really doubled down on systematic improvements that Linux is only now going through.
See the recent CUPS fiasco, C-code from 1999 running as root, and the "stuck in the mud" mentality that Linux has because there isn't the appetite for consistent investment and wholesale overhauls.
It has to do with "activation energy" and "local maxima". Linux feels like it's reached the local maxima, and it's a pretty tall peak to start from, so we can't get over the hump to make a step-change or drop back to a hypothetical "POSIX 0.5" so we can pivot to a "POSIX 2.0" (eg: take the loss for a decade or so in reduced functionality to end up on a more sane "other side" with better security principles and systematic depreciation of inefficient or insecure API-types).
There was a LWN article which talked about "permissions should be managed at the mount level, not the file level", and honestly that makes so much more sense, but it "loses" POSIX, and no one person is willing to "break linux" to admit to that mistake. Tons of other examples (eg: file race conditions, unprivileged by default, more protections on /usr than /home, etc)
Doesn't seem to have really worked for MS though, as evidenced by their many significant security lapses over the last several years.
The US Gov even officially called them out on it a few months ago, specifically singling out MS for their atrocious repeated security fuck ups.
https://www.itprotoday.com/attacks-breaches/the-story-behind...
https://www.microsoft.com/en-us/security/blog/2022/01/21/cel...
...while they may also (deservedly) be getting flack now, 20 years ago it was orders of magnitude worse.