No, keeping a separate non-root account around is what's kind of silly.
If my user account is compromised, the attacker can ruin my credit and reputation, end all my friendships, drain my bank account, and sell my entire life history to an eager 3rd party.
If my root account is compromised, the attacker can do all of those things as well as add a printer, or delete a file that I can download freely from the Internet. I don't really care about that additional attack surface.
Easy clearly can't be compared to any other Linux, judged by the page on how it's different [1]. That's why running as root in its case might be a good thing.
> Easy runs each non-root app as its own user. For example, by default Firefox runs as user 'firefox', and SeaMonkey as user 'seamonkey'. Installed AppImages and Flatpaks also default to run as their own user.
> It is easy to do the same for any app, that is, run it as its own user, isolated from other users.
Exploits of apps will still need to escalate it looks like.
There isn’t one way that is better for everybody. EasyOS might not be for you.
For the group of people who want to use an app but not a computer, I think something closer to the iOS model is probably better.
For my work computer I want something more traditional but for my personal computer, my phone, and my game console, I want something more appliance-like.
Both of these ways of doing things currently exist (and there are others) and I would guess that will continue to be the case for a long time.
That is one way to look at it. Another would be that the vast majority of the world population doesn't actually care about doing what you're referring to, don't actually use their computer in that way and don't want apps to be able to spy on each other.
Running at root in my opinion has an increasing number of use cases. I.e, it is the new type of isolation. In the past we would create users and have apps running as that user for security. Now I spin up a digital ocean node for that application and that is isolated meaning if anything goes wrong I am destroying that node and recreating it and app is the entire node.
Root is only really relevant for multi-user environments (e.g. university/company servers). For single-user you don't get any additional security from it since Linux doesn't have a secure access key sequence so it's trivial to MitM sudo.
It's why I think flatpak/snap kind of miss the actual problem: the only valuable data is the data the app is meant to handle. I don't actually care if they modify the system since I can reimage for free from the Internet at any point.
to be fair, the whole root thing is relevant in multi user or cases where you're mucking about with an installation.
if you're always careful to run as a non-privileged user, the most that could happen is that a browser vulnerability allows arbitrary execution of code as your user, allowing deletion, encryption, exfiltration of your personal data. so you're boned anyway.
Exactly. Though security is an onion, so it is at least making it harder.
In the traditional Linux desktop model a vulnerability may allow to run something as the user. It can change your bashrc, your application menu as well as your launchers, your browser extensions and settings. You may already have a user writable directory in your PATH so it can replace things even on a lower level.
For modern systems with their hardware bugs, user account based security is just a false sense of security. Anyone running code on your machine is just a rowhammer or meltdown away from doing whatever they want anyway.
