Craig Sanders <cas@taz.net.au> wrote:
the difference between windows and linux in this context is that it's far too easy for malware to get root / admin privs by exploiting one of the many security holes, and (until W7) it was pretty much the default for users to run as admin, or for their "account" (such as it is, MS has seemingly only recently discovered the idea of multiple users and priviledge separation) to have admin privs so everything the user ran automatically had admin privs without even needing to exploit a security hole.
That's very lax indeed - thank you for educating me on the subject. The Windows NT kernel was designed by former Vax VMS developers, whom I would have expected to implement privilege separation from the beginning. Apparently, given the above, this wasn't a priority despite the widespread use of networking at the time. I think what Craig is describing can be seen as a larger trend to try to design products that are resistant to the ignorance and incompetence of users. At some point I discovered that much of GUI design exists purely to solve this "problem", i.e., to enable people who haven't learned shell syntax or even how to type properly to use the software, even if not very efficiently. I quickly realized that this entire issue simply wasn't relevant to me - I'm not part of that target audience and therefore not affected by the issue which is supposed to be addressed. Obviously, not all GUI design is concerned with this problem - exploiting the presentational capabilities of graphical displays is fundamentally necessary and important, regardless of the knowledge that users can be assumed to have; and certain applications such as graphics editors really do have to be highly visual. One of my many reasons for using Linux is that I can choose software for which I am in the target audience, i.e., it matches my skills, needs and preferences.