This is still a very sad state, but at least it is progressing on PC hardware (coreboot). I don't know anything similar for Macs
This is pretty easy to control on FreeBSD/Linux/Windows/MacOS, but you need to do it and apply it judiciously. And disable most of the "built-in" root/elevated acc level crap that comes by default on both and which are not needed (or at least sandbox them).
I'm currently dictated by by the SW I run, which runs on 1 platform only. Haven't tried hw / OS virtualization for that in years, so can't run what I'd like ideally for security. But I do secure the root, uninstall everything useless and sandbox stuff that isn't really needed to get access to the internet.
If I could, my first choices would be FreeBSD (PITA to set up, but ez of mind).
On Linux distros I'm not up-to-date, maybe Qubes OS
MacOS can be made secure (AFAIK), but again, you have to do it yourself.
There are people much more knowledgeable on this, if you're really interested, start digging.
On MacOS, ONLY if you actually do it (99% of MacOS users don't even know what it is, not to mention setting it up properly).
on iOS, no you can't. Apple controls that on firmware/boot level.
How do you get root on macOS? I treat it as a linux box and I’m pretty sure I have root.. maybe link an article?
Also What machines do you use or recommend?
MSFT and Intel ME control the firmware and boot level (ring 0, ring -1) on all PCs
Two things, good of you to separate them:
Boot level access
Root access at OS level
This is still a very sad state, but at least it is progressing on PC hardware (coreboot). I don't know anything similar for Macs
This is pretty easy to control on FreeBSD/Linux/Windows/MacOS, but you need to do it and apply it judiciously. And disable most of the "built-in" root/elevated acc level crap that comes by default on both and which are not needed (or at least sandbox them).
I'm currently dictated by by the SW I run, which runs on 1 platform only. Haven't tried hw / OS virtualization for that in years, so can't run what I'd like ideally for security. But I do secure the root, uninstall everything useless and sandbox stuff that isn't really needed to get access to the internet.
If I could, my first choices would be FreeBSD (PITA to set up, but ez of mind).
On Linux distros I'm not up-to-date, maybe Qubes OS
MacOS can be made secure (AFAIK), but again, you have to do it yourself.
There are people much more knowledgeable on this, if you're really interested, start digging.
Root on MacOS: https://support.apple.com/en-us/HT204012#:~:text=To%20enable%20the%20root%20user%2C%20choose%20Edit%20%3E%20Enable%20Root%20User,choose%20Edit%20%3E%20Disable%20Root%20User.