Well, here's my 2 cents: - Yes, it's unfortunate that firefox extensions are not in write-protected parts of the FS. - No, it's not worth eight paragraphs of ranting on this mailing list, use of all caps, or calling some piece of software "evil". - The sudo-like functionality present in Windows (and OSX, most of the time. And GUIs, generally) is a hack, not a "solution" as such, for reasons stated below. It'll help protect you from an enemy overwriting files (well.. a bit. They could still write a Word doc, or a PDF, or some other format that can cause unfortunate things to happen), but as soon as they get any kind of execution, they're already essentially admin. - Number of google results for "write xor execute": 3,550. Number of google results for "nx bit": 474,000. Use the term that is more accurate, more helpful for someone researching the topic, and more common. - I'm only speaking up because this conversation has gone on for a surprising number of posts. ## Why I'm against "sudo-like" functionality (but not sudo) With sudo-like functionality on an O/S like Windows is that there's nothing to prevent cross-application request forgery. If I can run code on a given system, I can run administrative code on that system by creating a window that vaguely resembles the one Windows pops up asking the user to perform an update (of, for example, a firefox extension) and enter their admin password. And now I have their admin password. That's a problem in OSX, it's a problem in Windows, and it's a problem in every operating system that I've seen running a GUI. If a part of the screen were reserved for security requests, wouldn't be an issue. But it is an issue. If you care about security, and you're entering admin creds into a GUI on the system, let alone running a browser, you're Doing It Wrong(TM). With sudo, you're explicitly asking to run a program with admin creds, but more importantly you're asking to be asked for creds. You know exactly what program is asking you for the password, and you know exactly why. With Windows, who the hell knows?
