The thing is, Linux servers run 90% of the internet, and they don't find it necessary to lock down browsers. They don't find it necessary to have the complex user management that Microsoft has devised over the last decade to improve its security compliance. All Unix-based systems were designed from the ground up as multi-user systems, whereas Windows was designed as a single-user system, and as a result has taken along a lot of crud as it evolves into a multi-user system... which, by the way, it still isn't. They still find it necessary to perform file locking, which is simply not necessary. Why is it still not possible to remote desktop multiple sessions into Windows (well non-server ones)? Unnecessary constraints due to bad architecture. They need to start over.
Unfortunately, whlie Linux servers may run 90% of the Internet, 90+% of the systems users use in their homes and offices every day are running Windows, which makes them an easy target for malware, especially when users just don't know any better than to click on that link or to provide their personal information to
http://www.paypal.com.ru/... In this regard, with reference to my previous statement about amateur admins being drafted into service in their places of employment, Microsoft's decision to cut down the amount of damage that a user can do by browsing the Internet is justified and understandable. Besides, IE restricted mode is easy enough to disable; it's just enabled by default.
Windows XP and Vista will run just fine for a user without administrative privileges; however, the software vendors are just now realizing that they need to write applications that don't require administrative privileges to run. The worst example that I have personal experience with is QuickBooks from Intuit, which required administrative rights (full access to HKEY_CLASSES_ROOT and
all subkeys...) in order to
run. What makes me laugh are the people who say, "Oh, we're going to pass on Vista and wait for Windows 7 (or whatever the final name of the next version of Windows will be)", which is ludicrous since Windows 7 is just going to be more of the same. The question is do you want to ease into running with regular user (non-admin) rights by going to Vista, or just swallow the pill dry and wait for Windows 7?
As far as Windows being single-user oriented or multi-user oriented... I run a Windows Terminal Services server that dozens of users use every day and I haven't really run into issues. Yes, the workstation version of Windows isn't designed to run as a Terminal Services Server, but, that's understandable as it isn't a server operating system... Windows XP and Vista do, however, support multiple users logged on via Command Prompt, as the Secondary Logon service provides that option, which I've used without any problems in XP or Vista. The programs you invoke as User1 run with User1's security access; the programs you invoke as User2 run with User2's security access.
If anything, for as vaunted as the multi-user capabilities in UNIX are, its group security scheme is a hoary mess, and I'm not even sure if you can do some of the things in UNIX that you can do via the GUI and CLI in Windows XP/Vista/Server 2003/2008 in conjunction with NTFS permissions. Being "multi-user" without much mind to groups is fine if you have a couple of dozen users or if each user only needs to be able to access the same resources, but I have 500+ in my domain, and I can't imagine setting users' permissions for
each and
every user on
each and
every resource in my domain...