Has anyone wondered why windows persists with using binaries to manage other programs. The ones I am talking about are svchost.exe and rundll32.exe. If we compare to e.g. linux, the closest thing that has to this system is maybe bash, which is used to launch shell scripts. The difference been tho pretty much nothing on the core OS side uses bash so its fine to restrict access to it without breaking things. Whilst on windows its somewhat more diffilcult as parts of the shipped OS rely on these binaries. Its a haven for malware to hide behind, so some random malware dll can make internet requests using rundll32.exe which appears as a trusted signed microsoft binary, likewise with svchost.exe. One of the members of this forum shows some rogue software using svchost as a shield. http://www.youtube.com/watch?v=hfVVitd8xxA On linux instead the program itself is what does internet requests and reads/writes to files. e.g. instead of svchost handling dns lookups, windows updates, file sharing etc. It should be something like winupdate.exe fileshare.exe and dnsclient.exe. Also the same with the %temp% folder, very few linux software and I mean very few, needs to run files in %temp% to install and operate, yet its standard procedure in windows applications to first copy to that folder and then run from there during the install process, meaning windows cannot have a default deny execution policy on the folder in its shipped state, to me it seems madness. Thoughts?