[acdha]

> My windows box will still happily run unsigned binaries, so I don't see how code-signing would help it there. Unless you were not referring to regular windows/linux as modern

Close: it's not the OS flavor so much as the security configuration. All of the major operating systems can be configured to restrict execution – whether that's mandatory code-signing, only running code from white-listed restricted directories, etc. this can be used by a security-aware admin to prevent whole classes of attacks or escalation for successful attacks.

That's the default on OS X but can also be enabled if you're willing to break with tradition on most other operating systems. That certainly has a compatibility cost but much of that cost is born by users who don't benefit from it.

> With regard to the ad-ware like toolbars, is that really reason enough to lock everyone into a walled garden?

First, the nakedesecurity writer used a click-bait headline to troll for clicks but that hinges on a redefinition for the accepted meaning of “walled garden”. It's highly misleading since Mozilla isn't charging for signatures or deciding which companies are allowed to publish add-ons.

Second, millions of people are affected by dishonest software. I'm not terribly enthusiastic about needing to sign things now but I'm not cavalier enough to dismiss the argument that a minor inconvenience for a few developers is worth more than improving the average user’s experience. Any time I look at my front-end JavaScript logs, I'm reminded of just how many people are browsing the web with untrustworthy code injected into every page.