marcov wrote:But I do really mean that you have shown no sign of understanding Windows or understanding its security situation.
That's because you don't read. Among other things I referred to raw sockets, which you ignored, and dll injection, which you seem to trivialize as only a local threat.
Which it is. of course most exploits are combinations of external and local exploits (first to gain access, then to elevate privileges), but nothing in that entire traject is windows specific.
And it could happen on Linux too if users downloaded binaries from the web all the time.
Install a good firewall with component management or even better, a separate manager, and you will see what processes can do and how vulnerable Windows is. I'm not sure about Windows 10 as I have not tested it thoroughly; my initial experience with not excepting the legal product key (error code 0xc0020036) was already enough for me.
In general, what I monitor on Windows with regards to processes (among other things):
- protection of physical memory
- process termination/modification
- global hooks
- rootkit/driver/service installation
- registry DLL injection
- raw sockets (preferrably disabled)
I also run without antivirus, and only occasionally walk through processes etc. Not failsafe, but I simply eliminated most threat vectors. I don't run cracked software or other dodgy software. I had one virus and two worms (code red and nimda) in twenty years, and both worms were during new installs, not normal (patched)situations. Since then I ran service packs always local first before connecting to the web.
For the average user, it wouldn't be workable to monitor these things.
With Linux I never have any of these problems. Yes Linux has LD_PRELOAD, but the difference is that on Linux only the execution environment per user is affected and the user already has the same privileges so it doesn't make any difference. Moreover, installing software from known repositories will never put the system in danger.
If you favour that view, you can configure windows 10 now to only install from the store.
Additionally, open-source software is transparent and one knows what it does.
Not really. I actually had compromised Linux servers in the past, and nearly always this was a result of atypical installation of software packages, where some packages (re)set fs permissions wrongly. Some packages require quite sensitive manual configuration. Some combinations requires dragging in from different version or backports repositories that increase risk.
The package systems have grown, and is quite stretched and problems are too easily dismissed. On many Linux distros you can boot an older, known vulnerable kernel by accidentally touching the arrow keys. (old kernels are only removed from bootmgr based on time, or user action, never on security status)
I stand by what I said before: Linux is superior in many ways. In my opinion a stable KDE desktop gives the user a much better computer experience than Windows; there are loads of options, free tools and apps, it's very user-friendly, very customizable, no need for antivirus, or firewall configuration, no yearly subscriptions. I could go on and on...
And I think you are being unfair. If Linux was used with the same disregard and under the same attack as Windows, it would have the nearly the same problems.
Anyway enough about this. Let's refocus on the other part. For the *nix side of things, why GTK, Why QT?
Qt and FreeBASIC isn't an easy option.
QT has the API hurdle but is has much less bugs, which will be easier when the initial bits are done. Also the API and other details are more windows like (e.g. things like how rects are calculated, iirc gtk adds bevels to the area of the control, keeping the client area equal to the configured control size, while QT, Win subtracts it from the control size (and thus reduces the effective clientarea)
discussion I would focus on a simple statement of what is good enough? It thrives because never exact good enough bounderies are stated, and people can always whine about toolkit xxx is 10 bytes shorter if you use upx and options XYZ and post edit the linker file and whatever.
IMHO just set 3-5MB for small potato (single form) apps, 7-15 MB for a serious apps are ok ranges to exist IMHO. Less is better, but other requirements(including time to market) take priority before size.