|I just noticed a really obviously stupid thing about operating system design, mostly Windows but partly true in others as well. There's the concept of the "administrator account", that enables installing software, to prevent things from secretly installing malicious software. But here's the problem - every time we intentionally install something, we give someone's arbitrary program the permission to run as an administrator.|
So basically every piece of software we ever use, at the very first point in its life cycle has administrator privilege. At that point, what good is that barrier even doing? I suppose it's useful for preventing buffer overflows and things from giving system-invading access, but those things are a tiny minority of infections - the usual vector is people installing something that has a malicious thing piggybacked on it. That malicious thing now has administrator privileges if it wants them, because it can grant itself them during the install!
It would make much more sense to have a single operating-system-owned "installer" program, and only install packages, globs of files with coded installation instructions. There would still be an annoying "are you sure you want to install this?" popup, and there would still be the possibility of installing malicious software that you might run at the user level, but there would only be an "are you sure you want to give an arbitrary thing administrator privileges?" warning if the installation package was specifically requesting that. The installer program could also have a separate warning for "are you sure you want to install a thing that will run at startup / immediately?" which would vastly reduce the risk of malicious software infections, since there isn't a lot malicious software can do if you have to actively elect to run it every time.
As an added bonus, this would warn you about Adobe and Sun's auto-updaters being jerks before you installed them, too.