[BitMastro]

1) Linux and other unixes were created with the idea of privilege separation and permission baked in. Windows had to add it later, while keeping compatibility

2) Linux has a variety of kernels and libraries versions across its base, making it difficult to exploit it uniformly

3) MS is indeed capable of making secure OSes, I don't deny it, but you should not use Xbox, Windows Phone and RT as examples, since all three of them can ONLY install approved software (less for RT, but it's not used by end users in the same way)

4) MS could have used the same approach used by Linux and Android (and partially OSX): have a central approved and monitored repository of software, but giving the possibility to add external software by jumping a few hoops, i.e. inserting a password, or checking a couple of checkboxes before allowing untrusted installations.

5) To prove the point, Android has malware almost exclusively outside of the google play store. Never heard of someone getting malware by using android, while I know an handful of people getting malware on windows (this is anecdotal experience, but I don't have any other data)

6) The shitstorm was raised because on some Secure Boot implementations it was impossible to disable it

[wfjackson]

1) IIRC, The Windows NT family had more granular level permissions than Linux. Granted before XP Windows was quite insecure, as I said in my original comment

2) Still we do see a lot of bugs and exploits that affect large swathes of Linux machines.

3) My entire point is that popular OSes that are used by nontechnical users that allow third party installs

4) Even OS X got a lot of burn for sanboxing apps and making third party apps difficult to install. They tried difficult UAC with Vista and it didn't go so well.

There isn't much stopping Linux malware in repos if the Linux desktop gets more popular. http://www.zdnet.com/blog/hardware/how-much-more-malware-is-...

Heck, even kernel.org was rooted and they still haven't revealed what happened. Not to mention other distros which were also compromised at some point.

5) http://www.pcworld.com/article/2099421/report-malwareinfecte...

6) Which ones? (apart from RT ARM machines that were a total flop in the marketplace and are like iPads)

[BitMastro]

I agree in general with all your point, apart from 4 and 5.

Malware in linux repositories is "practically" impossible. Software is most of the times peer reviewed and patched in different ways by different distros. And if a particular software becomes more popular it also comes under scrutiny by more people that want to change the source to add their own features. All the packages are checksummed and repositories have cryptographic keys to establish authenticity.

Of course bugs and security vulnerabilities exist, but the same applies to other OSes as well. And I do understand that UAC is obnoxious for users, but they didn't care about creating problems for legitimate users with the no-ip case since it was posing danger.

That android report makes two assumption: a very wide definition or malware (also installing java should be considered a malware because toolbar), and the fact that a malware doesn't usually last more than a day before being removed automatically.