by cynwulf » January 26th, 2015, 2:32 pm
I don't see there being much of a use case for write protection (i.e. physically/or electrically disabling the heads from writing to the disk - e.g. as with floppy disk drives) these days, as modern operating systems continually write data, when caching, using swap, writing log files or in some cases optimising the disk(s) or indexing files.
In the case of windows and malware it's very simple - those operating systems are almost never set up securely to begin with - that's why they're a ripe target and that's why there is a multi billion dollar anti virus industry which is making a living out of it's shortcomings. Even the most basic security principle of privilege separation is a lost cause on windows. Even where security features have been implemented, they're either turned off by default and hidden away or can only be configured in the un-bastardised premium releases of said OS. Security is not even a secondary concern for Microsoft, as it probably is at least with most Linux distros.
Privilege escalation is as ever one of the main issues. NX bit helped tremendously with this with later supported hardware, but of the x86 class CPUs, AMD64 was the first to support it in the hardware, hence Microsoft's much vaunted NX support (DEP) in Windows XP, was of course limited to 64 bit capable CPUs and came along in service pack 2 (2004 - around about the time other OS started implementation if I recall correctly). Users with 32 bit CPU's (the majority back then) were unprotected due to the lack of software emulation (which at least two projects for Linux and OpenBSD had already provided a year earlier). To make matters worse most windows binaries were not built with DEP support, so in fact it became useless and the web is littered with guides for how to turn it off...
This is pretty much typical of all windows security - it becomes an annoyance and the user (who is of course running as root) just turns it off - same with "security center", same with UAC - pop up windows, 'information', warnings, reminders and nagging galore...
I don't think a throw switch on the user's laptop/pc is going to change that. It would make the system unusable to the average person like to the affected by viruses - i.e. the average windows user.
In the virus infested world of windows, the best switch the user has at their disposal to secure their system is the one that turns off the power...