Secunia is reporting that 78% of end-point (individual computers for all those not in the security business) vulnerabilities are attributable to third-party software. That’s everything from browser plug-ins like Flash and Java, to Adobe Reader, to Quicken or any other desktop application you install. While it would be foolish to believe that a pure Windows 8 Metro environment, including disallowing browser plug-ins, can eliminate all vulnerabilities it can eliminate much of that 78%. Add on other security changes in Windows 8 that help reduce or mitigate the remaining 22% and you can see how Windows 8 Metro is a game changer for PC security.
On the other hand, in a Windows 8 environment that includes browser plug-ins and multiple third-party desktop applications the best Microsoft can do is attack the 22%. The 78% that Adobe, Oracle, and everyone else is responsible for will remain an issue.
“Ask not why you must use a constrained app model for your apps, Ask why I should put my personal or organizational security at risk by installing your desktop application.”