[chongli]

Especially for non-technical users, they've practically implemented a system where Apple decides what software you are and aren't allowed to run on your own computer.

For non-technical users the choice is simple: either Apple decides what is allowed to run on their computer or cybercriminals do. After years of getting burned, non-technical users made their choice. I think it was the right one but the jury's still out for the future.

Perhaps one day these users will get squeezed out of computing entirely. That will be a terrible shame. The same thing is playing out with everything else though. Look at cars and household appliances.

[willtemperley]

It’s still perfectly possible to run whatever you like on Mac via virtualisation, which Apple have tried to make easy with a reasonably decent API

[simonask]

Also, let's not fool ourselves. I'm not sure even most technical people running macOS or Linux would know if they had malware running. I probably wouldn't. It's not like antivirus is commonplace on those platforms.

The notion that you can reasonably have knowledge of and control over all the software that is actually running on your machine has not been realistic for decades.

[AStonesThrow]

My router was pwned, not once but possibly 3 times, and the major compromise I only discovered due to the third-party DNS filtering service I'd set up on it. It is practically impossible for any consumer to detect a compromised router, due to their embedded systems and lack of meaningful logging or diagnostics. Therefore I concluded that consumer routers are the weakest link in anyone's home network, and I was pleased as punch to begin renting one that my ISP manages. Peace of mind indeed.

My Windows 10 box became so bogged down that I was convinced it was running some undetectable malware. AV detected nothing, but after a critical look at open ports I just decided to wipe and go to Windows 11.

Here are some of the biggest risks today. Running third-party apps at all, unless they are absolutely necessary. I try to do everything possible with Google-provided apps within the Google ecosystem on my Android phone and the other devices as well, which limits the third-party attack surfaces. My Windows machine runs practically nothing outside of MS or Google. I don't need to.

Other big threats are beyond personal devices at this point. Connecting third-party SaaS to your accounts is a real problem. Facebook, Google Workspace, Slack, GitHub, any service that acts as a platform and runs third-party integrations, that's where you'll get bitten nowadays, and your local AV scans are powerless to shield you from footguns. Just to use HP printer features, HP wanted full, unscoped, read/write/delete access to my Google Drive!

Everyone's "hacked Facebook account" has really been just some stupid game that went rogue. Supply-chain attacks through browser extensions and the rest. Extremely difficult to police from the end-user's position, but deadly and dangerous, because they're out on the net and in the cloud.