Unpopular opinion: "regular users" are, by their very nature, incapable of using any networked operating system with a 100% certainty of not infecting themselves with malware.
They're not qualified to only make safe decisions during their computing because they're not educated enough to understand what makes any given action safe or unsafe.
Using a computer is fundamentally not like using a car. Using a car, by and large, does not change. The only major exceptions are when the user fails to properly maintain it, altering weather conditions, and altering traffic conditions.
Once a driver has driven in any given permutation of traffic condition and weather condition, as long as they've maintained their vehicle, the driver's experience will be almost identical when they find themselves in that same permutation of conditions again.
This consistency allows drivers to build experience in adjusting their driving to operate in those conditions, which makes them better at it in those same conditions in the future.
We let laypeople drive, even those who haven't the slightest idea of how their braking system works mechanically, because there is an extremely limited range of outcomes from pressing the brake pedal at a given pressure in a given set of conditions provided it's maintained.
The scope of inputs we give drivers is ultimately tiny.
Computers are not like this. The safety habits you learned in 1995 are not going to cover every threat you encounter in 2005, the safety habits you learn in 2005 won't cover every threat in 2015, and likewise from 2015 to 2025.
As long as we give users a broad range of possible inputs, they will find ways to screw themselves with their own incompetence.
The reason iPhones and Mac OS computers are perceived by the layperson to be more secure isn't that they're inherently less hackable, it's because they treat the average user like the moron that the average user actually is by substantially restricting the input freedoms of that user. How many millions of iPhone users didn't get hacked because the developer denied them the freedom to sideload aribtrary unsigned IPA's
With great freedom comes an increased responsibility to understand the consequences of one's own actions. Users are lazy. Many are stupid. They do not read very much of anything. They do not understand the systems they are using and they don't want to.
As a technologist, I love having the freedom of an unbridled OS that lets me do whatever I want, including deleting the whole file system. That kind of freedom just isn't optimal for a typical user's security.
This may sound misanthropic to you, but look no further than the scores of people who microwaved or soaked their iphones because 4chan made spoofed ads that looked like real apple ads promising software updates that made it possible to charge one's iphone by microwaving it or a software update enabling waterproofing.
Users really are that stupid, and will ultimately find ways to harm themselves and their devices any way you allow them to, so long as there's a competent adversary trying to get them to do it.
> Unpopular opinion: "regular users" are, by their very nature, incapable of using any networked operating system with a 100% certainty of not infecting themselves with malware.
Unpopular? I'd go so far as to say it's a given, and go so far as to so even an "expert user" isn't going to be able to reach 100% certainty while still using the system for it's purpose in almost all cases, unless it's air gapped or they've had their permissions reduced to the point they can't do certain things (which might help the regular user as well).
> Using a computer is fundamentally not like using a car. Using a car, by and large, does not change.
Except in the way that it's exactly like using a car. That is, in that it's someone operating a complex piece of machinery within narrow bounds that make it generally safe, but sometimes things happen either from the operator stepping outside of those bounds for convenience or inattentiveness or because of outside actions that make it unsafe.
> We let laypeople drive, even those who haven't the slightest idea of how their braking system works mechanically, because there is an extremely limited range of outcomes from pressing the brake pedal at a given pressure in a given set of conditions provided it's maintained.
I would say it's more because "normal" operation of a car only requires being trained to a specific level on specific capabilities. A professional driver that races may use the controls of the car very differently and achieve a much different outcome (the e-brake is just for when parked? Says you...).
We do tend to only legally allow specific types of car use in specific contexts though, so that's food for thought.
> Users really are that stupid, and will ultimately find ways to harm themselves and their devices any way you allow them to, so long as there's a competent adversary trying to get them to do it.
I totally agree. I just don't think that Linux is particularly worse than windows these days with regard to the trouble you can get into (you can run powershell scripts to do installs to, and I've seen the powershell equivalent to curl | bash.
There's a whole host of behaviors that people view as different when the context changes that aren't really different in practice. Running random executables on Windows is generally unsafe, and most people develop that sense after a while (either from being told or the hard way). Doing the same on Linux is unsafe in many ways too (except that often there's some additional trust we layer on some of the places we're getting the executables from), and running random shell commands isn't really any different, but people feel like it is because it's no longer in the context of Windows. That doesn't really make it better, it just makes people feel better about it.
If you want to be safe, you either stick with a vetted source you trust such as the package repo for the OS or software originating at a company you trust (which might just mean they're someone possible to track down and sue, so they're less likely to go rogue), or that has a reputation they don't want to screw up and a mechanism is in place that you're fairly sure you're using code from them (e.g. github and a trusted author or project). Other than things fundamentally like that, you're just rolling the dice. Which happens, and we've all done it, usually without problem. Which makes up complacent.
They're not qualified to only make safe decisions during their computing because they're not educated enough to understand what makes any given action safe or unsafe.
Using a computer is fundamentally not like using a car. Using a car, by and large, does not change. The only major exceptions are when the user fails to properly maintain it, altering weather conditions, and altering traffic conditions.
Once a driver has driven in any given permutation of traffic condition and weather condition, as long as they've maintained their vehicle, the driver's experience will be almost identical when they find themselves in that same permutation of conditions again.
This consistency allows drivers to build experience in adjusting their driving to operate in those conditions, which makes them better at it in those same conditions in the future.
We let laypeople drive, even those who haven't the slightest idea of how their braking system works mechanically, because there is an extremely limited range of outcomes from pressing the brake pedal at a given pressure in a given set of conditions provided it's maintained.
The scope of inputs we give drivers is ultimately tiny.
Computers are not like this. The safety habits you learned in 1995 are not going to cover every threat you encounter in 2005, the safety habits you learn in 2005 won't cover every threat in 2015, and likewise from 2015 to 2025.
As long as we give users a broad range of possible inputs, they will find ways to screw themselves with their own incompetence.
The reason iPhones and Mac OS computers are perceived by the layperson to be more secure isn't that they're inherently less hackable, it's because they treat the average user like the moron that the average user actually is by substantially restricting the input freedoms of that user. How many millions of iPhone users didn't get hacked because the developer denied them the freedom to sideload aribtrary unsigned IPA's
With great freedom comes an increased responsibility to understand the consequences of one's own actions. Users are lazy. Many are stupid. They do not read very much of anything. They do not understand the systems they are using and they don't want to.
As a technologist, I love having the freedom of an unbridled OS that lets me do whatever I want, including deleting the whole file system. That kind of freedom just isn't optimal for a typical user's security.
This may sound misanthropic to you, but look no further than the scores of people who microwaved or soaked their iphones because 4chan made spoofed ads that looked like real apple ads promising software updates that made it possible to charge one's iphone by microwaving it or a software update enabling waterproofing.
Users really are that stupid, and will ultimately find ways to harm themselves and their devices any way you allow them to, so long as there's a competent adversary trying to get them to do it.