Re: Windows security is like a heavily armoured gate...
You mean, like one of my favourite depictions of flawed security? :)
Security could be a lot better on Windows and other OS if program developers would actually manage to stick to some sane programming methods.
For example, why on earth does most software want to install for use by all users instead of giving the users the choice? Adobe is an exceptionally good example of that - if Adobe Reader and Flash were contained to one user, you could set up a safe user to use the Net and a Flash infection would not have too many rights to make a mess.
Instead, the very first thing an Adobe installer asks is admin rights, even before it has downloaded the actual program (because clearly we are not allowed to have any ability to virus check what comes down).
It may sound trivial, but that exact need to have admin rights when software has no business installing at that level is what annoys me. It's different if we talk about installing a driver or a kernel extension, but for normal user land software I think there is still FAR too much software on the market that is written in a way that needs far too many rights, which has as direct consequence that you already have a backdoor installed for whatever containment you seek to set up.
Do we need to educate users? Yes - always. But if we undo that education by making it a habit to grant admin rights to whatever install, then we shouldn't complain if they don't get suspicious if that new fancy toolbar they got from dodgy.com wants the same.
As I said at the beginning, this is not just a Windows issue. The choice to install at user level or system wide is one that belongs with the user, not with the software author - system wide installs of anything should IMHO be exception rather than rule.