Your parents are more likely to be a victim of a phone call scam than malware, even on PC. There is also no guarantee that malware will not slip through cracks of official stores or signatures.

You can also choose to do your banking at the physical branch.

We already had "best of both worlds", especially on mobile OSes - granular permissions per-app were quite good, and on Android until few years ago root was widely available if you needed it as well; these permissions could be locked or frozen if there is concern about users, just like work devices are provisioned with limitations. It all depends on your threat model.

Everything in life is about trade-offs. Certain trade-offs people aren't going to make.

- If you want to run an alternative operating system, you got to learn how it works. That is a trade off not even many tech savvy people want to make.

- There is a trade-off with a desktop OS. I actually like the fact that it isn't super sand-boxed and locked down. I am willing to trade security & safety for control.

> Personally I think we need to start making computers that provide the best of both worlds. I want much more control over what code can do on my computer. I also want programs to be able to run in a safe, sandboxed way. But I should be the one in charge of that sandbox. Not Google. Definitely not Apple. But there's currently no desktop environment that provides that ability.

The market and demand for that is low.

BTW. This does exist with Qubes OS already. However there are a bunch of trade-offs that most people are unlikely to want to make.

https://www.qubes-os.org/

It is the other way around. The security model of mobile devices seriously inhibits innovation and we end up with ever the same crappy apps we don't really need.

I also don't believe more people get scammed on PC compared to mobile platforms. Scammers go where the most naive people congregate.

A sensibly configured Linux system is very secure compared to your mobile device. No security model can really shield against user stupidity. The people would need completely different devices as they simply aren't fit to use a computer. My parents are the same, but I won't accept a bad compromise of an OS just because they essentially need other devices.

At some point a user will be asked to allow execution of code they got through some fishy mail. There is no defense against that other than for the user sticking to books.

> Any program I run is allowed to silently edit, delete or steal anything I own ... there's currently no desktop environment that provides that ability

Putting aside the philosophical issues, that statement isn't true for a few years now. It's not well known, even in very technical circles like HN, but macOS actually sandboxes every app:

• All apps from outside the app store are always sandboxed to a lesser degree, even if they are old and don't opt-in.

• All apps from outside the app store may opt in to stricter sandboxing for security hardening purposes.

• All apps from the app store are forced to opt-in, must declare their permissions in a fine grained way, and Apple reviews them to make sure they make sense.

To see this is true try downloading a terminal emulator you haven't used before, and then use it to navigate into your Downloads, Photos, Documents etc folders and run "ls". You'll get a permission prompt from the OS telling you the app is requesting access to that folder. If you click deny, ls will return a permission error.

Now try using vim to edit the Info.plist file of something in /Applications. ls will tell you that you have UNIX write permissions, but you'll find you can't actually edit the file. The kernel blocks apps from tampering with each other's files.

Finally, go into the settings and privacy/security area. You can now enable full disk access for the terminal emulator, or a finer grained permission like managing apps. Restart the terminal and permissions work like you'd expect for UNIX again.

Note that you won't see any permission popup in a GUI app if you open the file via the file picker dialog box. That's because the dialog box is a "powerbox" controlled by the OS, so the act of picking the file grants the app permission implicitly. Same for drag and drop, opening via the finder, etc. The permission prompt only appears when an app directly uses syscalls to open a file without some OS-controlled GUI interaction taking place.

So, if you want a desktop OS with a strong sandbox that you actually control, and which has good usability, and a high level of security too, then you should be using macOS. It's the only OS that has managed this transition to all-sandboxed-all-the-time.

As is Android has support for multi user more.

Get some real sandboxing, let me install whatever I want in my sandbox.

That's a bare minimum.

I also want "I am an adult" mode where I get to do what I want. If Google wants to flag secure net, fine. Not every thing is going to work.

Good point. The current security model of desktop OSs sucks. I was recently reminded of this by an issue at work. I'm used to devs having admin rights on their laptops, but here they closed that down: you have to request admin rights for a specific purpose, and then you get them for a week.

I recently requested those rights again because I needed to install something new for a PoC I was working on, and that wasn't allowed anymore. But during onboarding I had those rights and installed homebrew to more easily install dev tools, and homebrew keeps its admin rights to install stuff in a directory owned by admin. So that circumvents this whole security model (and I did, for my PoC).

The problem is that it's all or nothing. Homebrew should have the right only to install in a specific directory. Apps shouldn't automatically get access to potentially sensitive data. Mobile OSs handle that sort of thing more granularly. Desktop OSs should too.

Because the overly restrictive security rules at my work are little more than security theatre when it's so easy to circumvent.

But you can choose, your parents can have a phone with the "lockdown" setting turned on and I can have it off if I want. How we expose and handle that setting is a UX problem we can solve.

What's wrong with that?

This is where Linux and Apple's centralized repository method shines.

Social engineering is really where the threat is at these days.

Is it really safer on a phone ? Don't banking apps reject latest community Androids builds with all the CVE fixes or Graphene OS yet work totally fine on years old, full of vulnerabilities yet signed official Android ROMs ?

In this case I install Linux Mint. No virus problem. This is a popularity problem: you are more likely to have a sandbox escape on iphone than a virus on PC, because iphone gets more attention.

All this will do is ensure that if malware does get through the official channels (which it can and regularly does) it will be more widely distributed

What are the stats here, this sounds like pure bs to be honest.

Main way people around me get scammed by far like 90% is social engineering

> think of the elderly

This stuff is not just for the elderly and computer illiterate. It's for you as well. You think they're going to stop?

You're giving up freedom for safety. You will have neither.

What do you mean by "locked down computer." Maybe something like ChromiumOS?

Might be a tough sell for the volunteer open source community ("linux & friends") to work on such an alternative "locked down" computing experience. Free and open source software is usually more focused on unlocking use cases, not locking them up.

That all said, I basically consider macOS to be a locked down computing experience. So that's my solution for older people.

It's not a perfect solution but the Apple closed ecosystem is better designed for the limited use cases of the elderly. Rely on iCloud and built-in Apple approaches to data security as much as possible.

For example, an iMac and an iPhone can get all "adulting" use cases done, including typing/receiving emails, printing documents, online banking, government services, and so on. Apple Passwords plus Face ID helps to simplify password-based security. My biggest issue is getting TOTP-based two-factor adopted. Apple Passwords supports this but I usually have to do remote tech support to get it set up initially. It's also annoying that right now, the current generation of iMacs don't support FaceID, because that would simplify authentication across the two primary platforms (desktop/mobile).

I would never use this setup myself since I like to run F/OSS everywhere as much as possible. But I am realistic about tech expectations for the elderly who just want to live their life with minimal investment in learning about data/software security.

But you're right, along with other commenters, that it's dangerous for society to rely on a monopolist technocorporate overlord (or a pair of overlords forming a de facto duopoly) for the basic administrative tasks of adult living and lawful citizenship.

Well no, if your parents truly are tech illiterate, I would give them Ubuntu and not an iPhone.

With the iPhone they get the risk of answering to a scam call or scam sms and giving them the access of their bank account.

Ubuntu is almost bullet proof for beginners.

In fact, that's what I've done for my parents and I had to retire the computer and get another one because it's the hardware which became too old after 15 years of running Ubuntu without any problem.

Security for users isn't just about bootloader expoits.

most reason OSes are insecure is bexause they are designed badly regarding security. they are from a time it wasnt important and most ways of building them also from that same era. its hardly modernized -_-. sure its not the same OS as 20 years back,... it has a lot of layers of junk ontop.

again, no incentive to improve it. its either unpaid work or the OS vendor has a stake in it being insecure. (both exists)

The answer to this is a physical switch on the machine that enables/disables hackability.

This argument doesn't contradict the article.

An expensive iPhone ships with iOS and a rigid security model.

If you tap the `about` button 16 times and click a confirmation dialog, you disable certain security mechanisms against arbitrary software installation. Do something else easy but impossible to do accidentally, and you unlock the bootloader. You progressively lose portions of your warranty in doing so.

This is the path I think we should be going down.

> I want my parents to have a computer they can safely do their banking on, without leaving them vulnerable to scams and viruses and the like

So you need to install Qubes OS for them?

> My parents are getting old and they aren't tech savvy. The missing piece here is that I want my parents to have a computer they can safely do their banking on, without leaving them vulnerable to scams and viruses and the like.

Purists always forget this point :) What is best for 99% of people.

And dumb Euro bureaucrats.