To me it feels weird to use binaries from outside the repos, period. On Windows double clicking an exe file feels natural. On Linux "chmod +x something && ./something" is icky.
> On Windows double clicking an exe file feels natural.
Isn't that just because the system is less structured in general, so you've been beaten into submission?
After spending years on Linux pretty much everything on Windows feels like it's potentially spewing ick all over the place (registry, arbitrary folders, etc, not to mention the lack of reproducibility)!
It's an issue of familiarity. I still feel that everything installed by distros' package manager or via "make install" is spewing ick all over /etc, /usr, /var, and God knows where. On Windows, almost everything only ever sticks to a) its installation folder, and b) the registry.
Truth is, Windows is a mess when installing stuff also. Beside installation folder and registry, there is also user's AppData folder, \ProgramData in system drive, and then installers tend to leave some MSIs in \Windows\Installer, all the libraries in System32 and sometimes, they also place stuff in Program Files\Common files.
The best at isolation has historically been macis, and then again you have plenty of packages installing to /Library, kernel extensions, uninstallers being placed in Applications/Utilities, MS updater being placed in /System and so on
Windows is moving towards apps living only in their own little containers, nice little isolated folders that they can't write outside of, with the exception of their reserved folder in AppData.
In contrast, *nix bunches executables up en-masse into a handful of folders.
It likely comes down largely to what you are used to.
Also, it is actually quite trivial bypassing UAC prompt in Windows. It simply gives a false sense of security.
Something as simple as SilentCleanup [1] still works to this day. This will bypass UAC with little effort.
Even worse, following that, it is also trivial to get NT AUTHORITY\SYSTEM using Windows Management Instrumentation Event Subscription. [2]
I've done it as an exercise in Go out of all languages and it ended up fully undetected both on disk and during runtime.
So Windows simply provides a false sense of security. After all Microsoft themselves said [3]:
One important thing to know is that UAC
is not a security boundary. UAC helps people
be more secure, but it is not a cure all.
UAC helps most by being the prompt before
software is installed.
What difference does it make really. Running a program on linux as a regular user can access all of your files, record your screen, keylog you, grab your passwords from your browser, do basically anything. Run it with sudo and what more can it do? Mess up your grub config? If a malicious program was run as a regular user it could basically ruin everything you care about unless you happen to be sharing a computer with multiple people but even then it could just wait until you run something with sudo and keylog your password.
That's a good point! Maybe that's the source of it. I've gotten used to it for a couple of statically compiled long-lived binaries (games), but other than that even software I compile myself gets packaged before I install it.
You can run GPU accelerated apps in a container. You just need to install the same video driver and expose the x11 socket and card device. The app could still be evil and screen scrape or key log but at least it has no access to your filesystem and when the container is off it is truly off (assuming reasonable container security). There are several tutorials out there for at least browsers.
Isn't that just because the system is less structured in general, so you've been beaten into submission?
After spending years on Linux pretty much everything on Windows feels like it's potentially spewing ick all over the place (registry, arbitrary folders, etc, not to mention the lack of reproducibility)!