Sigh. I was trying to be nice about "hey,
maybe that's not such a good idea," but apparently the dude wants to flail at me. I shall oblige.
I'm skipping over the "hurr what if you magically need a compiler on a system somewhere else," because the use of such in a
legitimate context is such a supercorner case that it's not even worth discussing. Not even a GenTool needs to compile software on the fly that often. It can wait until you get to a computer you have legitimate administrator access to in all but the rarest case--and let's be honest with ourselves, you don't do anything that falls into that case.
XCOPY deployment is the essence of flexibility and elegance.
Oh, so we learned a new term and have to shoehorn it in, huh?
This nonsense was barely desirable in 1996, because there were active
problems with the standard install process. They don't exist today--complaints about the registry are largely a joke, because the complainers cannot elucidate how the registry
works let alone the potential problems with it--and, uh, let's be honest--your toy programs don't work for shit compared to well-integrated software.
I mean, let's use your example. You crow about being able to compile code. That's great--if you're willing to throw out everything else that goes along with compiling software. I can attach my effectively integrated Visual Studio to my compiled software--trivially, not with the clusterfrag that is GDB--and find out exactly
what is going on. And even when VS isn't running, when something crashes, the Visual Studio
integration lets me go look at what caused it and actually see what's going on.
You can bawwww (and boy, do you) all you like about how big and how
oh god it has an installer all you like, but
you get more when you integrate with the system. This is not particularly arguable.
(And, to tie it back to the topic: the Microsoft toolchain is entirely free to use, thank you VS Express. If you're a programmer, it is full-stop the best freeware development toolkit you will find anywhere on any platform.)
Also, since you seem to care so much, look at the security model of linux, and likely many other computers: Even on an administrator account, you don't get administrator priveleges without specifically requesting them, as it prevents the spread of viruses to system-critical files.
Are you
really presuming to lecture me on this? Oh, that's good. That's great!
Wait. No. It's not.
You are factually incorrect regarding the Unix security model. If you have "an administrator account" (a root bit),
you have no checks whatsoever on your behavior. There is no "specific request" involved. If you have root bits,
you are God on that system. You can blow away any fine you like or rewrite absolutely anything (barring some hardcoded limits--rm -rf / is blocked on most systems, and anything with chattr +i will not let you modify it until you remove +i). Root
always has
all permissions to
everything.
Now, you have
sudo--which, by the way,is a giant gaping security hole, there's one on SecurityFocus that was only very recently patched--but that's not "an administrative account." A competent administrator can use sudo to run programs as users that do not have root access. Even under the default configuration on, like, Ubuntu, it doesn't work the way you think it does. Sudo will setuid your processes to the root user by default, which doesn't give them "requested" permissions. It gives them
all permissions to the system. It lacks something like Windows's mechanism for gradated permissioning (Group Policy and Active Directory).
Maybe
you are the one who should be looking at "the linux security model," not me. I seem to already understand it.
In fact, how can you possibly encourage the use of any version of internet explorer at all, if it only runs on systems with an inherent security hole whereby an administrator can run anything they want without excessive authorization to ensure that, yes, you *do* want to adjust advanced security settings or upgrade software.
Completely incorrect. Vista and Windows 7 both use UAC, a mechanism that acts similarly to
sudo (though without the same gaping failures--it's better engineered), which performs similar functions (although, again, with the benefit of things like Group Policy, which allow it to act like--you know--a modern operating system).
Furthermore, Internet Explorer 7 and 8 are the only browsers other than Google Chrome to leverage
Mandatory Integrity Control; the Internet Explorer "Isolated Mode" defaults it to a low IL and prevents it from interacting with processes at Medium or higher IL
and from interacting with system-level objects.
You can admit you don't quite get what you're talking about, dude. I'm honestly not trying to pile on--but
boy is it self-evident.