Yes? I don't use a single computer I own as root.

Few people do; "don't use root as your primary login" has been standard advice for decades. Do you ever use sudo or equivalent?

I've used sudo before, but I find that it is really difficult to type with the safety gloves on because I keep fatfingering the password and locking myself out.

My family recently got me a new computer setup that won't require sudo and other practices considered harmful. It even does shapes, colors, and animal sounds, which is good enough for my use case.

Oh wow, you got on the Windows 12 Preview somehow?

...you're clearly being sarcastic but I don't get the joke.

I read it as commentary on PCs being turned into these types of things: https://www.amazon.com/Fisher-Price-Classic-Farmer-Says/dp/B...

Ah, the vCenter Server Appliance web gui!

Every person I know who uses a Windows computer uses an account with Administrator privileges on their own computer.

I think that's just legacy holdover largely mitigated by some of the user account access control stuff introduced with Vista. Also, administrator isn't the same as root. That would be more like system level access which is not the default level for Windows accounts.

UAC is not a security boundary, it is instead considered a defense-in-depth feature (aka best effort but bypassable). This is officially documented by Microsoft in multiple places. [0] https://www.microsoft.com/en-us/msrc/windows-security-servic... [1] https://learn.microsoft.com/en-us/troubleshoot/windows-serve...

Administrator on windows has been severely restricted since at least the debut of windows 7 if not earlier.

It feels ontologically wrong to me to constantly beg my own computer for permissions to do things. I always use root on Linux, and my Gentoo machines don't even have a non-root account. (I get great satisfaction from compiling VLC to let me run it as root as well as patching Dolphin and other apps to not complain about it.) On Windows I always use an admin account and disable all UAC prompts. I've managed to have no incidents since I started this policy a decade ago by simply not downloading malware or using 123 as my password on an open SSH port. Go figure.

I mean, ok, but why?

The point of lowering application permission is not to prevent you from doing things. It’s to prevent the application to do things you don’t want.

That’s why people try to give apps as little permission as possible and only grant them when they are required.

Technically you are one vulnerability away from irremediably losing everything after opening a seemingly innocent file. I am actually convinced the sole reason it doesn’t happen is because it doesn’t make sense to target people doing that because they virtually don’t exist.

So you don't understand why seatbelts were invented and your evidence that they're unnecessary is that you personally haven't gotten into a car accident.

"Not downloading malware" is everyone's default stance, but no one can identify all of it.

And that's only a single vector out of many. Security flaws exist in even the best operating systems that make you vulnerable even when doing everything "right" (which you emphatically are not).

My problem with this argument is that my user data is by far the most valuable thing on my computer. Almost nothing that gets protected by “root” really matters much. What I really want is a way to protect all my user data from rogue programs, but I have no way to do that on modern computers. Any program I run with my regular user account can steal or delete all of my data already. When my data is so trivially at risk, who cares if a bad program can also wipe my OS or something? I can reinstall Linux. I can’t get my data back if someone steals it.

Check Fedora Silveblue, or Kinoite (or the Budgie edition) if you don't like neither KDE nor Gnome. Inmutable OS, it can be set to a rolling channel to get daily updates, you can rollback it from GRUB in case of disasters and, even better, everything non-desktop environment based it's installed from Flatpak and containerized.

That's why you run programs as different users. Background services like nginx or jellyfin get their own users. Have a separate `games` user if you play video games. If you're going to mess with untrustworthy code, make another user first. Don't give world permissions to your home directory.

That might help if nginx has a security vulnerability. But what about all the programs I run as a user? Nobody runs their IDE or “npm install” under separate user accounts. Nor should we have to in order to prevent a package from interacting with my filesystem outside of the project directory.

> What I really want is a way to protect all my user data from rogue programs, but I have no way to do that on modern computers

This is exactly why Qubes OS was created: https://qubes-os.org. My daily driver, can't recommend it enough.

macOS does ask you if you want to allow a program to access your files in $HOME. Not sure if it's a perfect solution, but still, it's something.

As a more additive approach than just giving up and running everything as root, I think in Linux you could do the same with (a fair amount of effort and) SELinux or AppArmor.

There's a difference between choosing to wear a seatbelt and being chained to the seat by the car manufacturer, who then refuses to release you "for your own safety".

The difference is that you can take off your seatbelt for a moment if you need to reach into glove compartment.

Also, you're statistically much more likely to die from a car crash than a malware attack.

> you're statistically much more likely to die from a car crash than a malware attack

That's true now, but I honestly don't think it'll be the case in twenty years.

I wear seatbelts (but I'm proud of my state for being the only one not to force adults to) because a car crash is much more likely than being victim to a zero-day vulnerability.

No but you can elevate to it when you need it. You can't on android.

That wasn't the question.