badmojo wrote:I'd say that generally speaking, people just want their computer to work and be secure by default. That doesn't make them "stupid"
My comment about taking away user control "because users are stupid" was just a flippant way of characterizing the design philosophy behind modern OSes. I know most people aren't complete computer geeks and don't want to be, so they're happy to have somebody looking over their shoulder. For my own computer that type of design attitude bugs me though. For example, at one time I was trying to disable the UAC-style prompts in a recent Linux distro, and I couldn't believe how hard it was to find a straight answer on how to do it. Everybody who asked was just met with a chorus of lectures. When the answer was found, of course it was a cryptic process that wasn't exposed in the GUI, probably because they didn't want people doing it.
ZellSF wrote:
If you're surfing the internet on a Windows 98 computer for example using the latest patches getting infected is as simple as surfing the wrong page (maybe even just being connected to a network is enough too).
The 3 typical vulnerabilities on a home desktop PC are the web browser, an unfirewalled network, and careless installation of infected apps. But as long as those things are able to be addressed, then the underlying OS hardly matters. OS updates can rarely serve as a backstop for stuff that shouldn't get through in the first place, but that's about it.
Running as a restricted user can mitigate a lot, but I've only done that with kids.
Web browsers are definitely a security vulnerability, and if one can't secure the browser on their OS anymore, then that can be a problem. I've set up other people running Firefox with automatic updates.
For myself, I use an older version of PaleMoon with NoScript. The security problems with web browsers are a result of all the excessive scripting which every site has assumed the right to run freely on people's browsers. This is a situation which greatly annoys me, but 3/4 of the internet won't work anymore if you don't let them have free reign to run at least some of that junk. So when browsing sites I trust, I allow scripts, but I leave them blocked as much as possible.
It's a convenient problem for the software business. Turning the web browser into an ever expanding script processor maintains the need for everybody to keep upgrading just to use the internet, and to keep patching all the security vulnerabilities that will persist as a result of the complexity. This appears to mesh well with Microsoft's business model going forward.
I wouldn't mind browsing the web on 98 with an old version of Firefox as long as NoScript or an equivalent is installed. But I don't know how compatible any Win98 web browser is anymore with script-happy web sites.
I still use the internet with Firefox 5 on Win2k for some things, but it's not my casual machine so I only need it to be compatible with a few sites.