That’s because your mind is still stuck in the Windows paradigm.
Microsoft Windows started its life as a single-user graphical interface on top of MS-DOS, a 16-bit single-user, single-tasking operating system that ran all of its code with full hardware access. Basically, MS-DOS was more of an application loader than an actual operating system. When DOS loaded an application into memory, from that moment on, the application had full control of the machine, and it could do anything it wanted.
MS-DOS also had a very limited memory address space to work with, courtesy of having been developed for the 16-bit Intel i8086 and i8088 processor family, and their successor, the short-lived i80186.
This is why when more powerful processors came along — i.e. the i80286, and then later the 32-bit i80386 and i80486 processors — Windows also started including a DOS memory extender and a primitive cooperative multitasking system. But it was still only a single-user layer on top of a single-user operating system.
Cutting a long story short, somewhere along the line, IBM and Microsoft joined forces to create a successor for MS-DOS, named OS/2, and the plan was devised to start developing a joint platform of which the IBM version would carry the OS/2 interface and an API for OS/2 applications, while the Microsoft version would carry the Windows interface and an API for Windows applications, and while both of them would be compatible with earlier 16-bit software written for MS-DOS, for the 3.xx version of Windows (which ran on top of DOS), and for the 16-bit version of OS/2.
Then things went sour between IBM and Microsoft. Bill Gates broke his agreement with IBM, and with the help of VMS developer Dave Cutler, all of the code that Microsoft had written for the next generation of OS/2 was cannibalized, converted to Windows code, and crudely bolted onto a VMS-like kernel. This kernel is multi-user-capable, but other than that the Windows code was ported to run on that kernel, Windows itself continued to essentially be a single-user environment that was initially developed for an operating system that didn’t even have any networking abilities.
Even today, Windows is still Windows. It may have a slick-looking user interface — or, well, at least in the opinion of certain people — but underneath, it’s still a mess of duct tape with crude bolts and nuts. And that’s because unlike what Steve Jobs did at Apple when he in turn decided to replace Classic Mac OS by a more modern and UNIX-based foundation, Bill Gates absolutely did not want to change anything about the basic internal design of Windows.
Because of Windows’ legacy as a layer on top of MS-DOS, Windows still regards a file as executable solely based upon the filename suffix, i.e. .exe
, .com
, .bat
and friends. By consequence, in Windows, open()
still equals execute()
, just like in MS-DOS.
Furthermore, also just as in MS-DOS — which, remember, was a single-user operating system for non-networked computers, and which approaches storage as individual volumes, each with their own root directory and subdirectories — the user has write access to everything, with the exception of C:\WINDOWS
and C:\WINDOWS\SYSTEM
(or whatever it’s called these days).
And so as to make things even worse, Microsoft’s philosophy has also always been one of aiming for commercial and proprietary application software, if not from Microsoft itself, then from Microsoft’s partners. And security was only an afterthought, because first and foremost, they wanted the user to have the same ease of use as with the non-networked MS-DOS, while security precautions were perceived as standing in the way of Microsoft’s idea of “user-friendliness”.
On top of all that, whenever Microsoft releases something as production-ready, it still contains tens of thousands of bugs. It is in fact what every serious software developer would consider beta-grade software, not even release-candidate material yet. And then they gradually fix things over time by way of so-called service packs.
The bottom line is that Microsoft Windows is full of holes, both because of coding errors — which is normal, although Microsoft in particular is quite known for letting more coding errors slip through their quality control than any other proprietary software company — and most crucially, because of the very way that Windows was designed.
And given that Windows comes preinstalled on most brand-name commodity hardware, in combination with Microsoft’s multi-million-dollar advertising and PR campaigns, the typical Windows user is accustomed to the fact that they have to take additional precautions to protect their system. Of course, given that Windows is much more ubiquitous on desktop and laptop computers than any other operating system, it’s also a much bigger target for the malware industry and the black hats.
But that’s Microsoft Windows, and unlike GNU/Linux, it has virtually no peers. Yes, there is ReactOS, which is an attempt to write a Free & Open Source clone of Windows, but given the complexity and proprietary nature of Windows proper, ReactOS has yet to rise out of the alpha stage in terms of usability.
GNU/Linux on the other hand is an entirely different story. First and foremost, it’s a UNIX system, and UNIX is an operating system architecture developed in 1969-1970, and then improved and perfected.
Furthermore, UNIX was designed from the ground up as a multi-tasking, multi-user operating system than ran on minicomputers and mainframes, to be accessed and used by multiple people concurrently via so-called dumb terminals. It was essentially a slimmed-down version of the Multics mainframe operating system.
In other words, UNIX was designed from the ground up to have a built-in security system based upon a simple but very flexible and efficient permissions model with file ownership and groups, and based upon the principle of least-privilege. In UNIX, unprivileged users only have write access to their own ${HOME}
, to /tmp
, to /var/tmp
, and if the machine runs a local mail server, to /var/spool/mail/${USERNAME}
. Everything else is read-only to anyone other than root.
In addition to that, in UNIX, the filename is irrelevant as to whether the file is executable or not, because whether it is or isn’t — and for whom — depends upon the file’s permissions mask. Not to toot my own horn, but I’ve written an extensive tutorial on UNIX file permissions and ownership, which you can find below.
Unlike in Windows, an unprivileged user is not hampered by the security system, because they can do everything that they need to be able to do without having to resort to root privileges, and nothing that they shouldn’t be able to do.
UNIX is an industry-standard operating system architecture, and although some proprietary UNIX versions still exist — e.g. Oracle Solaris, IBM AIX, Hewlett-Packard HP/UX, et al — most UNIX systems in use today are based upon one of the many Free & Open Source UNIX platforms, of which GNU/Linux is the most popular one.
As the matter of fact, about 80% of the internet is powered by GNU/Linux, with the remaining 20% divided among the various Free & Open Source BSD systems — i.e. FreeBSD, NetBSD, OpenBSD, et al — and macOS, which is a modified and partly proprietarized FreeBSD. Microsoft Windows dangles somewhere at the bottom with maybe a 2% market share in the server rooms, exactly because (1) it’s proprietary, (2) it’s not stable enough, and (3) it’s a security nightmare.
By consequence, if you are new to GNU/Linux and you come from the Windows ecosystem, then you will indeed be surprised by what you term our cavalier attitude, but those of us who’ve been using GNU/Linux for many years — and in my case, that’s over 24 years, and exclusively so — know that we don’t need to be paranoid about attack vectors that only apply to Microsoft Windows.
Yes, a certain degree of caution is always required, but when it comes to GNU/Linux, the weakest link in the security of the system is the biological mass between the keyboard and the chair, unlike in Windows, which is a very promiscuous operating system by way of the refusal of its creators to redesign the system from the ground up. If Microsoft had been smart, then they would have opted for a UNIX-based design, just as what Steve Jobs did over at NeXt Computing, which was later acquired by Apple, and what Jobs then continued to do when he was put back in the saddle as the CEO of Apple Computer.