>"1. don't use windows"...I realize how unpopular it is to question the groupthink on this site but this strikes me as simplistic. The public takedowns related to tor have been more about firefox than windows. But I get that Linux fans like to think that this is their sole bailiwick.
The OS provides a number of security mechanisms which make exploitation harder, Windows' reputation for security (or lack thereof) is somewhat well-deserved, ask anyone who has done exploit R&D.
Even if you have an FF 0day, you still need to be able to weaponize it, bypass ASLR/DEP/etc and this may be more or less difficult depending on the target OS
Does Windows enforce ASLR on every process now? You only need one non-ASLR library to leverage with ROP. Though, you could say this falls under configuration (and I'm pretty sure the vsyscall table on x86_64 linux is still non-ASLR and that seems like a pretty trivial source of ROP gadgets), but I guess my point is its not as simple as supporting ASLR, not all implementations are created equal.
That's actually the new security model that Metro apps use. They are sandboxed by default with a declarative privileges model. I think its called AppContainer?
The OS provides a number of security mechanisms which make exploitation harder, Windows' reputation for security (or lack thereof) is somewhat well-deserved, ask anyone who has done exploit R&D.
Even if you have an FF 0day, you still need to be able to weaponize it, bypass ASLR/DEP/etc and this may be more or less difficult depending on the target OS