Windows will: spy on you, serve you advertisements, reboot autonomously, destroying your open work, install software without consent, report your browsing behavior to advertisers, literally steal your email password, upload all your files to one drive without consent, forcibly change your default browser, insert aggressive ads for Edge in front of the Firefox download page, show you clickbait tabloid articles in the taskbar.

Honestly I'm not sure how you can consider any of that secure.

>spy on you, serve you advertisements

this, just like many other points is not security, sorry.

Security is about (among other) CVEs, not ads.

>reboot autonomously, destroying your open work,

bullshit

>upload all your files to one drive without consent

without consent? did onedrive magically figure out your MS credentials?

>steal your email password

what?

> Security is about CVEs, not ads

You have this very backwards, CVEs are about Security and not the other way around.

Consider why we care about security in the first place:

- We don't want our private data stolen

- We don't want a malicious program stealing our electricity and computing resources

- We don't want adware injecting advertising into our browser toolbar, homepage, email client, etc

- We want our family to be able to safely use our computers without having to worry about them falling for scams

- We want peace of mind

Unconsented advertising is absolutely a violation of security in the same way a salesmen breaking into your house to sell you things is. Don't miss the forest for the trees here.

Do not forget that the CVE system is fundamentally just a tool for tracking computer security vulnerabilities, a tool that unfortunately incentivises pedantic security researchers to fill it with garbage to pad their resumes, a tool who's authority is worshiped like a god by corporate IT departments despite it's inadequacies, but a tool nonetheless which just happens to be better than it's alternatives.

The fact that deliberate security violations enforced by the vendor are not tracked by the CVE system, is not evidence of Security, but simply a limitation of the system.

>Consider why we care about security in the first place:

>- We don't want our private data stolen

>- We don't want a malicious program stealing our electricity and computing resources

>- We don't want adware injecting advertising into our browser toolbar, homepage, email client, etc

>- We want our family to be able to safely use our computers without having to worry about them falling for scams

>- We want peace of mind

Almost all those points are basically the same thing repeated differently:

We don't want somebody else mess with our computer, but that "somebody else" almost always is 3rd party - so not you (user) and not Microsoft (vendor).

Ads from vendor aren't considered as a security issue (unless very edge cases).

They are annoying, but in the principle they aren't security defect (unless badly implemented)

Please define security in a way that excludes all possible classes of "third party doing things on your machine without your knowledge or consent"

> what?

Probably referring to this https://news.ycombinator.com/item?id=38212453

Check the recent headlines. Windows is pushing user files to one drive and stealing email passwords to proxy your email account on Microsoft servers.

>>reboot autonomously, destroying your open work,

>bullshit

Honestly baffled how you can deny this. Windows rebooting on its own is one of the most defining features.

>this, just like many other points is not security, sorry.

Bullshit.

>Honestly baffled how you can deny this. Windows rebooting on its own is one of the most defining features.

There's only scenario where I can imagine Windows rebooting ""on its own""

You've scheduled an update or you're delaying update for long peroid of time?

>>this, just like many other points is not security, sorry. >Bullshit.

How so? in the principle ads aren't security issues (unless badly implemented)

>Check the recent headlines. Windows is pushing user files to one drive and stealing email passwords to proxy your email account on Microsoft servers.

I've literally googled: "windows stealing email passwords"

and the very first thing is article from 2016 and the other are about Malware/Scam, so how what article are you talking about?

Android and chromeos are Linux based, so it's very interesting that 2 of your 4 most secure operating systems are linux.

But this is a perfect example of how the premise itself is fundemntally clickbait. The problem of insecurity is unrelated to Linux, but the execution and privilege model of userspace.

I meant that Linux-based systems other than Android, ChromeOS and Qubes are the least secure of the common OS options.

Except they're not. They're the most permissive by default, maybe. But they're not the least secure.

If you put an assa abloy on your door, and then elect not to lock it. That doesn't mean assa abloy is the least secure lock.

Windows has a reputation for being insecure because if you try to keep someone out, they can still get in. This article was written on the idea that Linux is insecure, because when you don't try to keep someone out, they can get in.

Not quite, you can secure and lock down Windows too, the problem is that it isn't secure by default. And 90% of Admins don't bother with securing it other than sprinkling anti-virus on top.

Android, ChromeOS and Qubes are secure by default. Though I wouldn't trust a novice user with QubesOS.

Android and ChromeOS use the Linux kernel, they aren't GNU/Linux, as the termux folks are certainly aware.

For that reason, TFA said Desktop Linux, in order to avoid "pedanticism [sic]".

except chromeos is also desktop linux... unless desktop has a different definition than the one I know?