It probably is, but that doesn't make it any better as an idea. There is a good reason why every decent operating system's security model in the past few years has segmented this kind of functionality so only people with elevated privileges can do it.
EDIT: If I want to run/update something (Chrome) in Userland, why should an OS security model stop me? My guess is, Microsoft have successfully confused a common business requirement with a security one.
No, it's a required security feature that goes back decades in some operating systems. You need to be able to trust the code that runs on your system, and to do that you want to ensure only admin can install things.
Of course, Windows has now partially solved that with UAC. Unfortunately you can never know if you can trust the software or not though. However this does stop malware from secretly running without your permission, since it would require a UAC prompt to run. Then we get into uneducated users.
Or you could just not trust the code to begin with. The user should be able to run any program they want to. The OS just shouldn't trust the users programs. (And shouldn't autorun programs that the user didn't request).
Yes, but UAC has the same weakness as Linux permissions - it only protects the OS and programs, not the user-data. Programs can screw with userland data all they like without user permission.
The point is that UAC will (hopefully) prevent installing untrusted code in the first place, there by preventing those types of attacks. Unfortunately, you have to either trust that the user knows what programs are good, or go down the dark road that leads to things like an app store.
An interactive shell (like bash/python/irb) is untrusted code (i.e the user can type whatever the hell they like). But I don't/shouldn't need root to run it.
Wait, but 'install' means 'download' ? So if chrome was a single .py file, which I downloaded, and ran with python. Thats fine. But because it's a .exe, i need root... ?
This. I love Chrome, but their target market is using Windows, and asking them to click "Yes" to upgrade Chrome (or leaving this question up to the administrator) is not a barrier worth circumventing.
You don't even need to do that. You should need administrator access to install software initially, but that installation process can set up a system service that handles any subsequent updates automatically. This then runs independent of any current user on the system, and therefore does not depend on their personal privileges, nor does it need to prompt anyone for permissions for every update.
Clearly there is a risk involved with any process that can automatically download code you will subsequently execute. However, with proper access control, at least a compromised application running in user space can't do things like modifying its own executable so the malware has a place to live or, more generally, anything else that the user couldn't do without elevating their privilege level.
This certainly doesn't get us to an ideal security model. As I noted elsewhere in this discussion, a user on most systems today can probably still do things like e-mailing all the sensitive work documents they can access to a hostile party with just their normal privileges. However, it does at least prevent one common kind of attack.
