windows has had ACLs and security descriptors for 20+ years. Linux is a super user model.

Windows Store installs, so about 75% of installs, install sandboxed and no longer need escalation.

The remaining privileged installs that prompt with UAC modal are guarded by MS Defender for malicious patterns.

Comparing sudo <bash script> to any Windows install is 30+ years out of date. sudo can access almost all memory, raw device access, and anywhere on disk.

▲

eredengrin a day ago | parent [-]

> Comparing sudo <bash script> to any Windows install is 30+ years out of date. sudo can access almost all memory, raw device access, and anywhere on disk.

They didn't say anything about sudo, so assuming global filesystem/memory/device/etc access is not really a fair comparison. Many installers that come as bash scripts don't require root. There are definitely times I examine installer scripts before running them, and sudo is a pretty big determining factor in how much examination an installer will get from me (other factors include the reputation of the project, past personal experience with it, whether I'm running it in a vm or container already, how I feel on the day, etc).

	▲	tonymet 21 hours ago \| parent [-]
		Even comparing non sudo / non-privileged, Windows OS & Defender have many more protections. Controlled Folder Access restricts access to most of the home directory . And Defender Real-time is running during install and run. Windows stores secrets in TPM, which isn’t used on Linux desktop. The surface area of malicious code is much smaller. A bash script is only guarded by file system permissions. All the sensitive content in the home directory is vulnerable. And running sudo embedded would mostly succeed.