I put the issue more on user education/expectation, than OS _most_ of the time
And vendor instructions that explicitly say to run their thing as admin, including OBS on Windows...
Doesn't really matter if it's vendor laziness, or corporate greed to price the smaller vendors out of the "correct" way to do things, or corporate oversight to not allow a user to "just do <this>" that by itself has no security implications at all, but may inherit some because of an internal design mistake that won't be fixed because management has bigger fish to fry. Regardless of how it happens, the end result is still overly elevated permissions as normal operation.
Linux at least has a mechanism to surgically carve out exactly what's needed and no more, because overly elevated permissions is such a big deal, and that can be part of an installation script. The script itself, of course, requires elevated permissions (or better, only specific commands within that script), but then the thing being installed, doesn't.
In Windows, as far as a non-technical user is concerned, "just run everything as admin." It's by far the least friction way to "make it work".
Win10 still gets updates just fine when I signed up for Extended Security Updates (ESU)...
Most people aren't going to pay again for what they've already had for free, or already paid in full for in some cases. This "bait-and-switch", or converting what was always a one-and-done product into a subscription, is exactly one of the reasons that people are ditching the corporate giant after decades of using their product exclusively.
I've had a few OS instances (House of worship unmanaged systems with uneducated users that made a bit of a mess of things) that took a little beating to get the OS to comply (resistance is futile)...
How much of that is caused by Windows being either too permissive, or too locked down with a too-accessible binary override?
Originally, Windows was for a single user that was assumed to know what he was doing (single specific pronoun to also reflect the culture of that time), and so there were no restrictions at all. In today's terms, it was effectively full-admin, all the time, for everything. Tech's playground, but to a muggle's perspective, it had a mind of its own because someone else could easily get in there and commandeer it, and because muggles famously forget what they changed and effectively expect all of those controls to do nothing...when in fact every one of them costs something and therefore exists for a reason, just like the knobs and faders on an audio console.
Microsoft did recognize that and try to fix it, but the underlying structure was already established and so whatever they did had to be an afterthought on top of fundamentally wide-open permissions. The ripples from that are still strong, like upper atmospheric effects as far east as Appalachia, caused by the Rocky Mountains.
UNIX, and everything based on it, had detailed permissions from the start, so it and its descendants don't have that problem...except for users who never had to understand it and are now learning late.
I'll be converting my pre TPM2 system to Linux cuz it is time to start playing with Home Assistant and some other fun home networking projects. My challenge (education) will be setting up SAMBA or similar
Great! More power to ya! By the way, Ubuntu Studio (mentioned above) has SAMBA sharing already there...
But, I've settled on SFTP instead of SAMBA. Even with a Windows machine still in the mix (not for much longer, but still there now), the free FileZilla makes that work. For UStudio at least, the file browser understands SFTP natively, and so it works almost like a local folder.
sudo apt install ssh, if it's not there already (some distros do already have it) and now you're a server. Clients log in as any local user, and their actions are policed and logged as that user.
