Technical reason: Microsoft's moderating is kinda garbage. I don't trust them to keep malware out of the store effectively.
Edit: I trust my capability to moderate the sites I download from more than I trust Microsoft to prevent malware on the store.
"Ideological BS": I don't think wanting to stop account proliferation is "ideological BS" I have a certain number of accounts, I want less. I see no reason to make more.
Ideological BS: I don't trust Microsoft to not do more tracking than I find ethical.
> I trust my capability to moderate the sites I download from more than I trust Microsoft to prevent malware on the store.
So you are implying that your personal capabilities reflect the majority of users out there? That's a bold assumption!
The Windows Store is meant for a general audience, and the general audience are users that ended up with 10 rows of custom "toolbars" in their browser after a few days of using the internet.
The fact that you trust your own abilities over those of Microsoft (of course without giving a concrete example to justify your mistrust) has nothing to do with millions of non-tech savvy users that would otherwise just download Krita.Totally.Not.Malware.Believe.Us.exe from webshop24.ru, because they clicked on that cute cat image that told them to...
> The Windows Store is meant for a general audience, and the general audience are users that ended up with 10 rows of custom "toolbars" in their browser after a few days of using the internet.
Maybe at one point, but at this point the general audience
A) Just does everything in the browser.
B) Knows enough to do things right
C) Does not yet know enough to do things right, will screw up an install, and learn from experience.
D) Will manage to repeatedly screw things up.
D is a surprisingly small group, and I'd personally rather group C screw up their stuff and learn.
> The fact that you trust your own abilities over those of Microsoft (of course without giving a concrete example to justify your mistrust) has nothing to do with millions of non-tech savvy users that would otherwise just download Krita.Totally.Not.Malware.Believe.Us.exe from webshop24.ru, because they clicked on that cute cat image that told them to...
What's to stop me from creating "K-Dev LLC" and putting "Krita+ Ultimate" on the Microsoft store, of course with my own malicious add-ins?
As far as "Without a concrete example to justify your mistrust". Yes. I do not have a concrete "I installed this from the Microsoft Store and it was malware story". That being said, Microsoft has repeatedly shown themselves to be ineffective at security. To be clear, They have a _massive_ and extremely difficult task in front of them. I just have no reason to expect it to work, and experience suggesting it won't.
Note that not all these incidents resulted from drive-by-downloads or elaborate hacks:
> Riviera Beach: In June, Riviera Beach, Florida, was hit with ransomware when a police department employee opened a malicious email attachment.
In 2019, people still click every e-mail attachment unchecked, even though e-mail attachments have been a primary vector for attacks for decades at this point.
Putting faith in the abilities of the average user is the first step towards disaster. The average user is not more aware or capable in 2020 than they were in 1995. People still carelessly put random USB drives into their machines, still open dodgy e-mail attachments and still download and execute installers and other executables from random websites.
Some sobering stats for mobile [1]:
> Less than 20% of mobile malware is delivered via a browser — the remainder of the payloads come through an app. (Source: RSA Current State of Cybercrime)
Last but unfortunately not least, unpatched systems are still presenting a completely avoidable attack vector for malware and ransomware, because users (both private and industrial/institutional) fail to update their systems [2].
So no, the harsh reality is that the average user is neither aware, nor capable of "doing things right".
In my experience, B is the smallest group of the four I listed, mostly only gamers and some creative professionals.
That being said, most of my experience is with consumers, not corporate IT. I still believe that consumers should be able to install from any source, and not pressured into using the MS Store. In corporate-land however, of course the user should have restricted rights.
As far as the state of mobile, isn't that supporting my point that moderating app stores is almost impossible unless you curate it yourself?
Edit: +1 for your comment though. It made me sit and think about things for a while, for which I thank you.
Edit: I trust my capability to moderate the sites I download from more than I trust Microsoft to prevent malware on the store.
"Ideological BS": I don't think wanting to stop account proliferation is "ideological BS" I have a certain number of accounts, I want less. I see no reason to make more.
Ideological BS: I don't trust Microsoft to not do more tracking than I find ethical.