The author is talking about the server use-case here but it’s not any better for desktops either. I think it boils down to the fact that neither of these operating systems are designed for a single-user world like Android (or any other modern mobile OS) and so these security solutions are shoehorned into a world where they don’t really fit into. Because those (server or desktop) programmes have different set of expectations about what’s available to them, than say, an Android app that knows that it has to ask for permission first.
Interesting! What’s the book’s name?