Everything has vulnerabilities -- theoretical and realized: firmware, operating systems, browsers (integrated or stand alone), drivers, applications, other edge devices you may use... The security design and model of Windows and * NIX operating systems have a few things in common, but are fundamentally different. The key thing working for Windows is 'security through obscurity' where most of the OS and nearly all the Kernel are closed source so 'theoretically' it's harder to hack... With from 1.7 to 2 million lines of kernel code, or in raw text volume this translates to something almost exactly the size of the Encyclopedia Britannica which is fine if you have a team the size of contributors, researchers, and writers that Britanica did at or about 4.500 for a combined over 200 years of man women hours of work -- but by ex-Microsoft Developer's accounting; virtually no one working on kernel development at Microsoft, the code is very poorly documented which makes it very difficult to support and patch against vulnerabilities, and things are getting worse not better. Linux by contrast is Open Source, while a default 'works on everything' kernel is larger than the Windows kernel, the source code is publically available, readable by anyone, and supported by billions of Contributors and Developers that include but aren't limited to: the core team of kernel Developers, businesses, governments, public and private security and forensic experts that audit the code for vulnerabilities, and Fans that want to build and test a pet wish idea for submission -- or some curious Enthusiast like the MDL contributors that found something, and is offering a feature or fix... The number of man/women hours needed to author, vet, audit as a percentage of the Linux kernel size from the pool of available contributors is absolutely overwhelming in terms of what can be accomplished per line of code and man/woman hours of available time compared to what Microsoft is willing to put to the task... Put another way, if you were having your house painted, Microsoft finds itself where it's core resource -- kernel Developers is a high school kid that shows up once a month to work on the job when he has time, but he's a hard worker, and gives a lot of attention to detail. Linux would be like you had an extended family of over 100, over 20 of whom did this sort of work for a living and directed an efficient, professional result and they all came over on a weekend to get the job done and everything cleaned up in two days -- and in this analogy because everyone did this for everyone else in the family, some of them would come over and do touch-ups every couple of months, and check weather stripping etc, and with everyone pitching in the process was very efficient and the whole process incentivizes everyone's proficiency because they too will be beneficiaries. Not a perfect analogy, but fair to scale and incentives. Linux has vulnerabilities too, but generally they are fewer and farther between because *NiX operating systems were built with security in mind, and monetizing the OS was never even a consideration, no less a primary consideration as is the case with Windows where the Marketing department directs development. When there are Linux exploits, generally they're found and fixed more quickly, as again, no one is trying to cover anything up or gloss anything over to sell something -- FOSS is all about transparency, which is why what you even see on MDL almost exclusively FOSS software projects for Windows.
I'll get into Linux during the upcoming holidays. Only this week I learned, with your guidance, that virtualization hacks have made my previous plan of Win 7 hosting to be suboptimal. I'll have to learn about Linux key tools to get it to secure-boot, but that shouldn't be too hard.
I was wondering how you would choose? Malwarebytes seemed to have more verbiage surrounding rootkits, although that may just be clever marketing. Which ones are better, and why?
It's an interesting concept. I do not maintain data on the PC that I want to keep secure and private. But I want to be sure I'm never infected with a malicious keyboard tracker. That's why I thought running system restore after every internet session is sufficient. It doesn't matter if they hack me during the current session, because there's nothing on my computer to take. I just want to be sure that system restore clears whatever malware they've placed on my computer during the current session, so I'll begin my next session with a restored system. Win 7 does this reliably. The relevance I see to the OP was the hope that a lite version of Win 11 might have a reliable system restore, but the more we talk about it the less optimistic I am of 11 working as well as 7 does.
I've encountered commercial websites that we're hacked. Running system restore after every internet session side-stepped those attacks.