alt Hacker News> Apple can (and has been) since it owns the whole stack, evidenced by the fact that they've been gradually hardening macOS software and hardware for two decades.
This is kind of an empty reply. Of course Apple can try and has been trying. The question is whether they can do it successfully, and I would argue it hasn't been successful.
> It's been gradual enough that most end users haven't noticed
This is not true at all. Users have definitely noticed all of the permissions dialogs and other related settings.
> The question is whether they can do it successfully, and I would argue it hasn't been successful.
Security has no finish line, unfortunately. But here are a few security-related things Sequoia has that Mac OS X 10.0 did not:
A firewall. VPN support. FileVault and FileVault 2. Secure Empty Trash. Increasingly-secure sandboxing. Library randomization. Address Space Layout Randomization. XProtect. Increasingly-secure versions of Gatekeeper. Increasingly-secure memory management. SIP. Kernel exploit mitigations. New update mechanisms for security patches. APFS and its associated security improvements. Notarization. Read-only system volume. Separation of user data and system files. Activation Lock. Improved system logging and auditing. Signed System Volume. Private Relay. Lockdown Mode. Visual indicators of mic/camera/location use. DriverKit to replace the use of kexts. Secure Enclave for hardware-based root of trust and secrets management.
I'm just someone who pays attention. I imagine actual security experts could list 20+ other improvements off the top of their head.