I've read through your reply, and I think that you are still not clear on what exactly I mean with spyware. Spyware to me are malignant browser extensions which take advantage of bugs in the browser to make sure you visit sites or see advertisements you normally would avoid. In addition, some spyware might track what you are doing in order to establish a user profile.
I'm quite familiar with what you mean. My point is that if the browser is to blame, don't rap on the OS. Use another browser and you'll be better off. If Linux were to run IE, you'd have the same problems. Also, UNIX security stops at the user-level, so if something gets into your browser (through a plugin, or an e-mail script), it may not be able to touch the system, but it has full authority to wipe out your whole user account. In my opintion, that's not better security than Windows, because an OS can always be re-installed. Your only hope to restore user files is to make a backup (how many Linux people actually make backups, BTW, or do they feel invincible behind the UNIX wall?)
The point I'm really trying to make here is that all operating systems I know of rely on applications to handle security on their own. The OS really doesn't do anything but cover its OWN behind. Rather than hailing UNIX and slamming Windows, it may be more procuctive to fix the real problem: applications shouldn't be able to modify any file in your account at will. I'd really like to attach my download manager to a particular download folder, and tell the browser to stay within its containing folder. Of course, current OS and browser architecture doesn't allow that. Applications have their files sprawled out all over the place. I still see windows applications that write their config files directly into "C:/", and tons of INI files into the System folder. When will they ever learn? What if Microsoft cracked down on this behavior and locked out the System folder to ANY write requests? Do you know exactly how many apps would die overnight? Linux doesn't allow you to write to the system folder, but it has plenty of its own problems, such as, any app can read the config file of any other app. How will that prevent a spyware app from reading sensitive information and broadcasting it to a collection server? What if the app is smart enough to keep quiet if you have a firewall, and attack the next time you log in as root?
Over and over again, I see people praise an OS because it's better than Windows. If you're better than the worst, that's hardly a valid acclaim. Linux and UNIX have *LOTS* of security problems, and the only reason why things don't go wrong more often is because those people tend to be more tech savvy. Put an ordinary person behind the wheel, and see how easy it is to reduce it to rubble. Seeing how a majority of people are not computer experts, this should be a very big concern if people want to bring Linux to the desktop market. Personally, I don't think Linux will ever be a desktop OS unless someone builds a whole new desktop running on a modified Linux kernel.
That's what I was really hoping OS4 would be: a Linux system with a brand new Workbench, not this proprietary, native PPC, bare-platform crap.
Tightening security and improving compatibility doesn't start with the applications or the kernel. It's the desktop. At the OS level, Windows and UNIX/Linux really don't look all that different to hackers and spyware. You have to do a lot to harden a raw UN*X machine.
Spybot Search and Destroy + CWShredder + AdAware6 = no more hijacking.
Funny, I don't use those and I still have no problems. I think all this spyware crap is due to ActiveX, which I have disabled on my machine (it's only good for Flash, anyway).
ActiveX is basicly an IE plug-in handler that runs code right off the Internet, and was used extensively before Java and .NET became more commonplace. ActiveX is probably the worst idea ever -- worse than the system registry.
Either disable it right away, or use a non-MS browser. With ActiveX disabled, I've never seen a system get infected with trash when just using IE and Outlook.
Slapping two words together and feeding them to Google's search engine does not mean that the pages turned up have relevant information on them.
No problem, here! Move along citizens!
Sure, we can't guarentee accurate information in the midst of the information age, but vulnerability denial is a serious issue. Sorry, there is *NO* such thing as a fully secured computer. I'm quite familiar with PHP and Perl right now, and it absolutely shocks me how easy it is to exploit security holes in any kind of script. No wonder so many ISPs don't like it when you add scripting to your websites.
Some people are stupid, and/or don't realise the danger that the web browser is to system security.
More naiive than stupid. People come to me all the time with broken computers, and when I point out security holes to them, the are very surprised any software developer would be so stupid as to offer feature X, option Y, etc.
Stop blaming users. Hell, today's computers have enough storage space to hold millions of pages of documentation, but many developers can't even be bothered to spell-check their own instructions! I can't tell you how many times I've lost data due to a gramatical error. "Far Cry", for example, has a button that says "Load Save Game" (note capitalization.) I thought it was a unified button that would take me to an interface that would let me load OR save the game. I found out later that Far Cry doesn't let you save games at all. What it should have said was, "Load saved game".
My dad rolled his eyes and told me I was thinking too deep about a stupid button. The problem is, this time it resulted in me loading a game I didn't want to load. Next time, it may trash my documents folder.