Interestingly, for the average user, Ubuntu provides a much more centralized software repository than either Windows or OS X. Not to say that malware targeting that platform doesn't exist; but it's more likely to be aimed at Firefox than the base OS. It's much harder for a non-computer-savvy person to screw up a modern linux desktop than any version of windows.

But basically what I hear you saying is that Vista was an attempt to catch up to the safety and security of the linux desktop...

In many ways Vista surpassed Linux. Linux has very rough process/file levels (user, group, root). Vista allows you to have your processes (or root's processes, IIRC) not be able to write to your files.

Which is a big win when a user level process (e.g. firefox) gets hosed (which can happen quite easily to things like browsers).

Now this is wholy for the OS. The user issue you bring up still exists (and I don't think Microsoft can fix that one).

> Which is a big win when a user level process (e.g. firefox) gets hosed (which can happen quite easily to things like browsers).

Run Firefox under a different user account, with limited access to the system. Problem solved.

It's not solved. How do you download a file? How do you let it download this file, but not that one?

Firefox isn't built to understand that concept, so it takes more than just denying it write privledges to solve.

You download to the dedicated users home directory, and then you make your main user part of the same group as the firefox-user. I didn't get the last part of your question? Why wouldn't you want to download that file?

I would suggest you take a look at apparmor and selinux both of which can be used; and in recent ubuntu and redhat releases, are used extensively, to provide very fine grained access control capabilities.