Incorrect. I repair computers for a living, macintoshes, and the guy sitting behind me repairs windows boxes for a living. On average, we see 1 computer in 3 that has only a single account on it. On the average, most machines we see have two accounts on them. We occasionally see machines with five or more accounts.
I would be quite willing to bet those machines are, primarily, used by one person - ie: only one of those accounts is used most of the time.
In windows, almost without exception, everyone has elevated privledges.
Indeed. But your assertion was that Windows was incapable of separating privileges, which is false.
Worse yet, they have them at all times, not just after they have authenticated. (as is the case in OS X) This means once the virus gets running, it has run of your entire machine, unrestricted. As far as windows is concerned, you double clicked it (or it THOUGHT you double clicked it... see "spyware") so it's running with your privs, without authentication or confirmation. This is a problem!
On the typical home-user desktop, with the aforementioned one primary user, it's a much overstated problem. Privilege separation, outside of multiuser machines, offers bugger-all additional protection.
Educating the user is part of Microsoft's responsibility.
If the user actually bothers to look into it, all documentation recommends creating a limited user account.
The problem with defaulting to a regular user account, is that lots of poorly written software that plagues the consumer market simply wouldn't work. Since the typical developer reaction is not going to be an issued patch to fix the problem, but instead a "FAQ" that tells the user how to put their account into the Administrators group, defaulting to a non-Admin user when so much commonly used software was still broken was largely a pointless exercise.
They are setting up the consumer for a fall, they know it, and they really don't care so long as people keep shelling out the money for more product.
Then why are they changing it, if they don't care ?
I blame the user when they do *obviously* stupid things and fall for *obvious* scams. A disturbingly large number fall into this segment.
I blame the developers for writing bad software that doesn't work with non-Admin accounts. Although, if they had, the situation wouldn't be much different, the typical piece of malware would simply have been written to take into account that the user wasn't an admin.
Not sure what you by "properly setup", but 'tedious'?
"Properly setup" meaning it's not full of gaping holes. Like being able to 'sudo bash', for example, to drop into a root shell. A marginally more subtle hole is the ability to run 'sudo vi'.
And, as an aside, anyone who has a 'root' account even enabled, gets what they deserve.
If you can run 'sudo', chances are extremely high you're only a few seconds away from the ability to run anything you want to as root.
This sort of thing is, largely, not relevant to a typical single-user desktop. But on a typical single-user desktop, privilege separation is largely not relevant in the first place.
The point I'm trying to make here is that 'sudo' isn't even close to a magic bullet and cofiguring it properly - ie: securely - is an extremely difficult and tedious exercise, requiring extensive in-depth knowledge and experience. This is largely due to the fact 'root' exists in the first place.
I'm saying that so-called "illegal" installations of OS X are a delusion.
You're trying to say there isn't a single copy of OS X out there installed in contravention to its EULA. I'd have to say you're the one that's deluded.
You're completely on the honor system.
Lots of things are "completely on the honour system". That doesn't make unauthorised copies of them any less a copyright violation.
I've never installed more than maybe two or three, but it's pretty common. If a friend is having trouble, I'll go over with my disks and may end up reinstalling a system. No "authentication" or any such thing.
This does not change the fact those copies are illegal.
When they came out with a "Family Pack" recently, I was stunned to learn there was a limitation.
I find that difficult to believe. Apart from the EULA, it's not like making (and distributing, according to you) multiple copies of software is something commonly allowed.
I've never gone beyond what I think of a "fair use," and there is absolutely no problem with installing an update on a friend's computer. I urge them to get their own copy in case they need the Disk Utilities or a new installation.
That's an interesting take on fair use. Somehow I doubt, say, Adobe would consider you grabbing the latest version of Photoshop to "update" your old copy as "fair use".
Of course, MS makes nothing but virus facilitators, DRM and copy restrictions, so their business model is to watch you closely and make sure you get one of the seven (!) rumored levels for Vista.
Ah, and here I was thinking you were interested in rational conversion. Such a shame.
Firstly, anyone these days who thinks copyright is anything more than an economic tool is off with the fairies. It's been a long, long time since copyright was meant to "promote the progress [...]".
Secondly, I don't see anything in your quote suggesting how DRM is a "bastardisation" of copyright. Indeed, if anything it does the complete opposite, as DRM allows "authors" greater abilities to control their temporary monopoly.
So what you're saying, essentially, is that if a musician wants to make money he needs to perform it while you have the "right" to record, copy and redistribute at will?
I'm saying the artist doesn't have the "right" to stop me. Any more than he has the "right" to stop me remembering the song in my head, or singing it to someone else.
if that's the case they won't make much from concerts either as their live recordings will be spread world wide before he can even get to his second gig!
Most CDs cost less than tickets to live performances. In direct conflict with your theory, the cheaper availability of the music does not reduce the popularity of live performances.
Or, to put it another way, if what you say were true, live performances would have died out decades ago.
you'd make professional music profitless and you'd have a fine selection of garage bands but quality music would diminish if not die out.
IME the vast majority of "professional" musicians are not producing high quality music - and I'm *far* from a music snob. Personally I'd much rather have a bunch of "garage bands" who were creating music because they enjoyed it, than a handful of superstars making cookie-cutter music to get rich.
Lack of profitability is not going to stop good musicians, because good musicians aren't in it for the money.
yes, copyright. the DRM'ed version that MSFt and RIAA promote is a bastardization of the real version and harmful to the concept.
Eh ? "Renting music" is just a logical technological progression, fully in line with the concept of copyright.
(As is charging you everytime you remember a tune in your head, which is where the RIAA and co would like to eventualy be.)
How on Earth is DRM a "bastardisation" of copyright ? All it's doing is giving the "creator" more control over their content, which is the whole point of copyright in the first place.
I must say I find the people who say "yes, I support the concept of copyright - but only in the crippled form that previous technology has been capable of" to be rather disingenuous. The problem here is that copyright itself is broken - DRM and modern technology are just making that brokenness more obvious.
If you could elaborate on this, I'd really appreciate it. How many users?
Most of them, in my experience.
And for what sorts of applications?
Pretty much anything they might potentially get sent via IM. So, screen savers, little utility programs ("convert.exe"), flash games, etc, etc.
Really, transferring files via IM is simply a crude form of P2P - and we all know P2P has been oen of the driving forces behind internet popularity since Napster.
I've been saying for some time that today's computer security nightmare could be largely solved, at the cost of denying those users this thing they "want to do".
Of course they could. But if the end result is that no-one "can" use computers, it would be a bit of a pyrrhic victory:).
But I don't know how many users we're talking about, or what other alternatives they might have.
There are plenty of alternatives. The problem is none of them are anywhere near as convenient as just dragging a file onto an IM window.
So if you used Windows on a daily basis, you would not run a virus scanner or a spyware scanner?
Not only "wouldn't" I, but I don't.
I do, occasionally (maybe once every 6 months) run the online scanners over my PC. Thus far, no infection has ever been detected.
You would rely solely on your personal computing prowess to prevent and/or remove all infections?
I rely on common sense and the security facilities of my OS to avoid infection in the first place. In particular, I don't execute code I can't verify the source of, I don't run as a high-privilege user for day to day tasks and I filter inbound network connections to my computers.
I will also point out that these are the exact same procedures I follow on *all* the OSes I use.
If you say yes, first I'll call bullshit.
I don't really care what you "call". Ten years of Windows use without a single exploit from malicious code is enough evidence for me that my methods work the majority of the time.
Then I'll ask how you can expect this kind of tech savvy from your average user.
Most malware - or, more accurately, the vector it uses - doesn't require even the slightest level of "tech savviness" to identify. How many people, if someone knocked on their door and said they were from their bank, would hand over a blank cheque and signature specimen for "verification purposes" ? Compare that to how many are happy to hand over their banking usernames and passwords to email and web based banking scams.
One of the fundamental problem, IMHO, is many people are still working under the impression that stuff on the "internet" isn't "real", and that actions online can have genuine consequences out in the real world. My guess is they figure that since Word has an undo button, then everything else they do with the computer can be similarly easily "undone". Malware is going a long way towards rectifying this attitude (one of its few upsides).
Now, with all that said I certainly wouldn't recommend most people go without anti-virus and anti-spyware tools. Particularly since most "normal users", IME, are primarily using the internet for inherently high-risk behaviour (swapping software, documents and other data). However, the simple fact is that neither anti-spyware, nor anti-virus software, is there to protect the user from flaws in the OS (although it may do this as a side effect). It's there to protect the user from flaws in their behaviour. No level of OS security known can protect from the user deliberately executing malicious code.
(I use the word "flaws" here in the context of safe computing practices, not behaviour in general. I don't think for a second people *shouldn't* be doing the things they do with computers that typically lead to malware infection.)
I was, reluctantly, willing to accept that line for the Mini in the context of the home entertainment center... where good 2d performance was the goal.
I'm not quite sure why you think the Mini is targeting a much different market to the MacBook. Nor am I seeing why so many people see the Mini as a 'home entertainment centre'. It's just a very cheap Mac desktop.
Not to mention, everything running OS X is running 3D, not 2D.
But a consumer laptop is a personal computer, and I bloody well DO expect it to be "more than barely adequate" for playing games.
Why ? None of its contemporaries are.
A MacBook is not meant to be a computer for playing games. Nor was an iBook. Even the "Power" Books and MacBook "Pros" have never been particularly well endowed from a gaming GPU perspective.
Games are - in the realm of non-professional software - the most hardware-intensive software the average person will ever use. Why on earth would anyone think a low-end general-purpose computer would be capable of running such high-end, specific software well ?
It's like buying a Honda Civic and then complaining that it sucks on the racetrack. Or buying a low-end Dell Optiplex and wondering why it sucks as an Oracle machine serving a 200G database to a thousand clients.
If you want to play games, either buy a computer meant for playing games, or buy one high-end enough that it can play games as a side effect. Just don't be surprised when your screwdriver isn't very good at hammering in nails.
I realize there are some nifty-keen things that can be done with executable attachments, and that some people have become dependent on them for various reasons. I'm sorry, but those people need to lose this argument. Losing the ability to easily run untrustworthy content is the price we really do have to pay for any kind of reasonable security.
It's not going to happen, because for a lot of people (most, these days, I'd wager) the ability to receive and execute "untrustworthy content" is one of (if not "the") the most important things their computer does.
(How many people do you know who only use computers to write documents, send email and browse the web ? Of those, how many of them primarily use email and the web for silly little flash games and the like, or sending documents back and forth ?)
Not to mention, unless you *completely* remove the ability to _ever_ execute "untrustworthy content" (which is to say, you would never be able to execute something that wasn't signed by some centralised authority, and implement it at the hardware level) then effectively all you're doing is putting more layers of "are you sure" prompts in the way.
Umm... the local Windows Administrator account (or any account in the local "Administrators Group") is not bound by ACLs.
Yes, it is. There are many things an "Administrator" cannot do.
It can force ownership upon itself when it's not able to automaticly override.
This is a different thing to "not being bound by ACLs".
The unix 'root' user effectively bypasses the entire unix security system. That is, security restrictions simply are not applied if UID=0. The Administrator user can (and does) not do this. Indeed, no account in Windows can do this, as it has no concept of a "superuser".
If you understand multiuser security, you understand Windows security. It's basically the same as the Unix model, with a few twists
ACLs are applied to more than just the filesystem and Registry. They apply to all OS "objects". This includes things like threads, processes, hardware devices, etc. Access to pretty much all aspects of the OS are governed by ACLs.
Technically speaking, Windows NT is much more of a multiuser OS than the typical unix.
U*X (and VMS and...) was developed in a networked multi-user context of universities and research labls. Windows was developed to make one computer do one thing for one user. "Multi-user" is an afterthought. Network security is an afterthought.
Not to put too fine a point on it, but both "mulituser" and "network security" were "afterthoughts" for unix.
The difference is, unix has had thirty years to refine those "afterthoughts" and close most of the holes, either via kludges like su/sudo or accepted practices like user dotfiles. It still can't escape the inherent security hole of a superuser, however.
Sudo gives you root privileges. And I'm not convinced that it leads to any greater security than plain old su.
Properly setup, it does (although it still can't escape the inherent security hole presented by a superuser account).
However, properly setting up sudo is tedious, involved business that requires a great deal of site-specific knowledge. It's extremely rare to find a properly setup sudo environment.
However, I think that it also underlines a serious flaw in the Windows security model. Almost everybody runs with administrator privileges because too many things just don't work otherwise.
This is not in any way, shape or form a flaw in the Windows security model. It is a flaw in the competency of people who write Windows software the needlessly requires elevated privileges.
What's particularly backwards are those people who blame "running as Admin" on the "flawed Windows security model", but have no problem with all those unix daemons that either run as root or require root to start then drop to a regular user.
However, another thing to understand is that there is no control of the number of installations you do with your retail disk.
Certainly, but if you're going to venture into the realms of "illegal" installations, then any attempts to compare pricing are pointless, as both OS X and Windows can be easily downloaded from any number of warez sites.
This might change, I suppose, but the fact is, well into the '90s, when a new OS was announced, you basically paid for the floppy disks and the manual. I can't remember the price, but it certainly wasn't $129. Or, you could go to your local retailer with floppies and get them to copy it for you, for free.
I wasn't much of a Mac user in the Classic days (too slow, too expensive, too unstable), but I find this very difficult to believe (at least, if you're saying it was done with Apple's blessing). Although, given the even higher price premium of Macs back then, I suposed they could consider it part of the deal. I suspect the real policy however, was that Apple would replace your copy of MacOS if you lost it (bad disks, etc) at "no charge" (something Microsoft will/would also do with Windows/DOS). So, if you walk into your Apple dealer and tell him your $LATEST_VERSION disks were corrupt, he was ok to make a copy for you.
Even assuming that is true, it is still possible to design an OS where legitimate software works and spyware doesn't. It's called the principle of least authority.
So how do you propose to identify what code is "spyware" and what code isn't so you can actually apply that principle (not to mention, what "authority" do you think spyware needs that non-spyware doesn't) ?
I would be quite willing to bet those machines are, primarily, used by one person - ie: only one of those accounts is used most of the time.
In windows, almost without exception, everyone has elevated privledges.
Indeed. But your assertion was that Windows was incapable of separating privileges, which is false.
Worse yet, they have them at all times, not just after they have authenticated. (as is the case in OS X) This means once the virus gets running, it has run of your entire machine, unrestricted. As far as windows is concerned, you double clicked it (or it THOUGHT you double clicked it... see "spyware") so it's running with your privs, without authentication or confirmation. This is a problem!
On the typical home-user desktop, with the aforementioned one primary user, it's a much overstated problem. Privilege separation, outside of multiuser machines, offers bugger-all additional protection.
Educating the user is part of Microsoft's responsibility.
If the user actually bothers to look into it, all documentation recommends creating a limited user account.
The problem with defaulting to a regular user account, is that lots of poorly written software that plagues the consumer market simply wouldn't work. Since the typical developer reaction is not going to be an issued patch to fix the problem, but instead a "FAQ" that tells the user how to put their account into the Administrators group, defaulting to a non-Admin user when so much commonly used software was still broken was largely a pointless exercise.
They are setting up the consumer for a fall, they know it, and they really don't care so long as people keep shelling out the money for more product.
Then why are they changing it, if they don't care ?
I blame the user when they do *obviously* stupid things and fall for *obvious* scams. A disturbingly large number fall into this segment.
I blame the developers for writing bad software that doesn't work with non-Admin accounts. Although, if they had, the situation wouldn't be much different, the typical piece of malware would simply have been written to take into account that the user wasn't an admin.
"Properly setup" meaning it's not full of gaping holes. Like being able to 'sudo bash', for example, to drop into a root shell. A marginally more subtle hole is the ability to run 'sudo vi'.
And, as an aside, anyone who has a 'root' account even enabled, gets what they deserve.
If you can run 'sudo', chances are extremely high you're only a few seconds away from the ability to run anything you want to as root.
This sort of thing is, largely, not relevant to a typical single-user desktop. But on a typical single-user desktop, privilege separation is largely not relevant in the first place.
The point I'm trying to make here is that 'sudo' isn't even close to a magic bullet and cofiguring it properly - ie: securely - is an extremely difficult and tedious exercise, requiring extensive in-depth knowledge and experience. This is largely due to the fact 'root' exists in the first place.
You're trying to say there isn't a single copy of OS X out there installed in contravention to its EULA. I'd have to say you're the one that's deluded.
You're completely on the honor system.
Lots of things are "completely on the honour system". That doesn't make unauthorised copies of them any less a copyright violation.
I've never installed more than maybe two or three, but it's pretty common. If a friend is having trouble, I'll go over with my disks and may end up reinstalling a system. No "authentication" or any such thing.
This does not change the fact those copies are illegal.
When they came out with a "Family Pack" recently, I was stunned to learn there was a limitation.
I find that difficult to believe. Apart from the EULA, it's not like making (and distributing, according to you) multiple copies of software is something commonly allowed.
I've never gone beyond what I think of a "fair use," and there is absolutely no problem with installing an update on a friend's computer. I urge them to get their own copy in case they need the Disk Utilities or a new installation.
That's an interesting take on fair use. Somehow I doubt, say, Adobe would consider you grabbing the latest version of Photoshop to "update" your old copy as "fair use".
Of course, MS makes nothing but virus facilitators, DRM and copy restrictions, so their business model is to watch you closely and make sure you get one of the seven (!) rumored levels for Vista.
Ah, and here I was thinking you were interested in rational conversion. Such a shame.
Firstly, anyone these days who thinks copyright is anything more than an economic tool is off with the fairies. It's been a long, long time since copyright was meant to "promote the progress [...]".
Secondly, I don't see anything in your quote suggesting how DRM is a "bastardisation" of copyright. Indeed, if anything it does the complete opposite, as DRM allows "authors" greater abilities to control their temporary monopoly.
I'm saying the artist doesn't have the "right" to stop me. Any more than he has the "right" to stop me remembering the song in my head, or singing it to someone else.
if that's the case they won't make much from concerts either as their live recordings will be spread world wide before he can even get to his second gig!
Most CDs cost less than tickets to live performances. In direct conflict with your theory, the cheaper availability of the music does not reduce the popularity of live performances.
Or, to put it another way, if what you say were true, live performances would have died out decades ago.
you'd make professional music profitless and you'd have a fine selection of garage bands but quality music would diminish if not die out.
IME the vast majority of "professional" musicians are not producing high quality music - and I'm *far* from a music snob. Personally I'd much rather have a bunch of "garage bands" who were creating music because they enjoyed it, than a handful of superstars making cookie-cutter music to get rich.
Lack of profitability is not going to stop good musicians, because good musicians aren't in it for the money.
Eh ? "Renting music" is just a logical technological progression, fully in line with the concept of copyright.
(As is charging you everytime you remember a tune in your head, which is where the RIAA and co would like to eventualy be.)
How on Earth is DRM a "bastardisation" of copyright ? All it's doing is giving the "creator" more control over their content, which is the whole point of copyright in the first place.
I must say I find the people who say "yes, I support the concept of copyright - but only in the crippled form that previous technology has been capable of" to be rather disingenuous. The problem here is that copyright itself is broken - DRM and modern technology are just making that brokenness more obvious.
Most of them, in my experience.
And for what sorts of applications?
Pretty much anything they might potentially get sent via IM. So, screen savers, little utility programs ("convert.exe"), flash games, etc, etc.
Really, transferring files via IM is simply a crude form of P2P - and we all know P2P has been oen of the driving forces behind internet popularity since Napster.
I've been saying for some time that today's computer security nightmare could be largely solved, at the cost of denying those users this thing they "want to do".
Of course they could. But if the end result is that no-one "can" use computers, it would be a bit of a pyrrhic victory :).
But I don't know how many users we're talking about, or what other alternatives they might have.
There are plenty of alternatives. The problem is none of them are anywhere near as convenient as just dragging a file onto an IM window.
Not only "wouldn't" I, but I don't.
I do, occasionally (maybe once every 6 months) run the online scanners over my PC. Thus far, no infection has ever been detected.
You would rely solely on your personal computing prowess to prevent and/or remove all infections?
I rely on common sense and the security facilities of my OS to avoid infection in the first place. In particular, I don't execute code I can't verify the source of, I don't run as a high-privilege user for day to day tasks and I filter inbound network connections to my computers.
I will also point out that these are the exact same procedures I follow on *all* the OSes I use.
If you say yes, first I'll call bullshit.
I don't really care what you "call". Ten years of Windows use without a single exploit from malicious code is enough evidence for me that my methods work the majority of the time.
Then I'll ask how you can expect this kind of tech savvy from your average user.
Most malware - or, more accurately, the vector it uses - doesn't require even the slightest level of "tech savviness" to identify. How many people, if someone knocked on their door and said they were from their bank, would hand over a blank cheque and signature specimen for "verification purposes" ? Compare that to how many are happy to hand over their banking usernames and passwords to email and web based banking scams.
One of the fundamental problem, IMHO, is many people are still working under the impression that stuff on the "internet" isn't "real", and that actions online can have genuine consequences out in the real world. My guess is they figure that since Word has an undo button, then everything else they do with the computer can be similarly easily "undone". Malware is going a long way towards rectifying this attitude (one of its few upsides).
Now, with all that said I certainly wouldn't recommend most people go without anti-virus and anti-spyware tools. Particularly since most "normal users", IME, are primarily using the internet for inherently high-risk behaviour (swapping software, documents and other data). However, the simple fact is that neither anti-spyware, nor anti-virus software, is there to protect the user from flaws in the OS (although it may do this as a side effect). It's there to protect the user from flaws in their behaviour. No level of OS security known can protect from the user deliberately executing malicious code.
(I use the word "flaws" here in the context of safe computing practices, not behaviour in general. I don't think for a second people *shouldn't* be doing the things they do with computers that typically lead to malware infection.)
I'm not quite sure why you think the Mini is targeting a much different market to the MacBook. Nor am I seeing why so many people see the Mini as a 'home entertainment centre'. It's just a very cheap Mac desktop.
Not to mention, everything running OS X is running 3D, not 2D.
But a consumer laptop is a personal computer, and I bloody well DO expect it to be "more than barely adequate" for playing games.
Why ? None of its contemporaries are.
A MacBook is not meant to be a computer for playing games. Nor was an iBook. Even the "Power" Books and MacBook "Pros" have never been particularly well endowed from a gaming GPU perspective.
Games are - in the realm of non-professional software - the most hardware-intensive software the average person will ever use. Why on earth would anyone think a low-end general-purpose computer would be capable of running such high-end, specific software well ?
It's like buying a Honda Civic and then complaining that it sucks on the racetrack. Or buying a low-end Dell Optiplex and wondering why it sucks as an Oracle machine serving a 200G database to a thousand clients.
If you want to play games, either buy a computer meant for playing games, or buy one high-end enough that it can play games as a side effect. Just don't be surprised when your screwdriver isn't very good at hammering in nails.
It's not going to happen, because for a lot of people (most, these days, I'd wager) the ability to receive and execute "untrustworthy content" is one of (if not "the") the most important things their computer does.
(How many people do you know who only use computers to write documents, send email and browse the web ? Of those, how many of them primarily use email and the web for silly little flash games and the like, or sending documents back and forth ?)
Not to mention, unless you *completely* remove the ability to _ever_ execute "untrustworthy content" (which is to say, you would never be able to execute something that wasn't signed by some centralised authority, and implement it at the hardware level) then effectively all you're doing is putting more layers of "are you sure" prompts in the way.
Because it's something users want to do.
Of course it can. Just set the appropriate executables to only be executable by specific users (or denied to specific users).
Yes, it is. There are many things an "Administrator" cannot do.
It can force ownership upon itself when it's not able to automaticly override.
This is a different thing to "not being bound by ACLs".
The unix 'root' user effectively bypasses the entire unix security system. That is, security restrictions simply are not applied if UID=0. The Administrator user can (and does) not do this. Indeed, no account in Windows can do this, as it has no concept of a "superuser".
ACLs are applied to more than just the filesystem and Registry. They apply to all OS "objects". This includes things like threads, processes, hardware devices, etc. Access to pretty much all aspects of the OS are governed by ACLs.
Technically speaking, Windows NT is much more of a multiuser OS than the typical unix.
Not to put too fine a point on it, but both "mulituser" and "network security" were "afterthoughts" for unix.
The difference is, unix has had thirty years to refine those "afterthoughts" and close most of the holes, either via kludges like su/sudo or accepted practices like user dotfiles. It still can't escape the inherent security hole of a superuser, however.
The vast, vast majority of machines out there are only used by one person, or used for the majority of the time by one person.
This indicates the problem isn't merely the existance of the viruses, but the system's complete inability to restrict them.
No, it means an infection has come via an account with elevated privileges, or all the accounts have been infected individually.
You cannot blame viruses on virus writers, you really have to blame it on Windows.
Windows has just as many - more, if anything - facilities to restrict users as the typical unix. The *technical* problem is not with Windows.
Shortly thereafter, they rise again as malware writers target those same ignorant users with OS X malware...
Properly setup, it does (although it still can't escape the inherent security hole presented by a superuser account).
However, properly setting up sudo is tedious, involved business that requires a great deal of site-specific knowledge. It's extremely rare to find a properly setup sudo environment.
This is not in any way, shape or form a flaw in the Windows security model. It is a flaw in the competency of people who write Windows software the needlessly requires elevated privileges.
What's particularly backwards are those people who blame "running as Admin" on the "flawed Windows security model", but have no problem with all those unix daemons that either run as root or require root to start then drop to a regular user.
No, they weren't. Neither IIS nor Internet Explorer were ever "sold".
Anti-spyware software is little more than a fix for Microsoft's crappy security model that's included in its OS and default browser.
No, anti-spyware software is there to prevent and repair end user mistakes, same as anti-virus software.
OS-level security cannot protect you against 99% of the things spyware does (nor viruses).
Certainly, but if you're going to venture into the realms of "illegal" installations, then any attempts to compare pricing are pointless, as both OS X and Windows can be easily downloaded from any number of warez sites.
This might change, I suppose, but the fact is, well into the '90s, when a new OS was announced, you basically paid for the floppy disks and the manual. I can't remember the price, but it certainly wasn't $129. Or, you could go to your local retailer with floppies and get them to copy it for you, for free.
I wasn't much of a Mac user in the Classic days (too slow, too expensive, too unstable), but I find this very difficult to believe (at least, if you're saying it was done with Apple's blessing). Although, given the even higher price premium of Macs back then, I suposed they could consider it part of the deal. I suspect the real policy however, was that Apple would replace your copy of MacOS if you lost it (bad disks, etc) at "no charge" (something Microsoft will/would also do with Windows/DOS). So, if you walk into your Apple dealer and tell him your $LATEST_VERSION disks were corrupt, he was ok to make a copy for you.
Because they can't control who their end users are.
Spyware manufacturers also make money off of Microsofts mistakes.
Spyware manufacturers pretty much all make money off of *user's* mistakes.
So how do you propose to identify what code is "spyware" and what code isn't so you can actually apply that principle (not to mention, what "authority" do you think spyware needs that non-spyware doesn't) ?
So... which OSes are you thinking of that aren't "flawed" ?
Not to mention, how is it a flaw in the first place ? How is the OS supposed to know that the monitoring *isn't* "without the user's knowledge" ?
Just like it's "easy" to be a heart surgeon but "extremely difficult" to be a brain surgeon...