[eternityforest]

Pretty much anyone can avoid at least 90% of malware really easily these days.

You just don't install things from media sharing sites with full page ads, and if it doesn't have it's own subreddit and nobody blogs about it... never mind you're going to install cleanmyram.exe.deb anyway aren't you?

NPM supply chain attacks are slightly scary, but for now it seems to happen a lot less in popular apps than it does in the smaller stuff.

I think Linux probably will eventually pick a "Thing everyone uses", it will just have a significant minority that reject it, like with systemd or NetworkManager.