| I'm a Windows person and hard to convince to convert but the more I have | to work with open source software at work, the more comfortable I get | with the *nix. | Linux is no miracle. The Bash bug currently in the news has been there for 22 years, and so far I've yet to find or be told of any reasonably usable Linux firewall that will selectively block outgoing processes. It's designed to be a server and Linux/OSS is a kind of religion for far too many people. So there tends to be an attitude that you don't have to worry about software calling home because it's just calling "nice churchgoing folks" like yourself. That's not security. Nor is the similar Apple attitude that Lord Jobs wouldn't let the Apple faithful suffer by getting infected with bugs. There's no untouchable operating system. Macs just allow one to be a bit more lazy... for the time being... and assuming that you don't mind Apple themselves spying on you.
As Todd pointed out, Win7 is getting attacked slightly more than XP, which no longer gets patches. But what the Microsoft marketing dept and the lapdog media don't mention is that nearly all risks are not actually in the operating system. Script, Flash, Silverlight, Acrobat plugins, MS Office files, Java, rigged ZIP attachments.... those are the risks. (In addition to "phishing".) The attack venues are browsers, email programs, and other software that goes online. Many people think Win7 is safer than XP, but that's just default settings. You can run as a restricted user on XP just as you can on Win7, if that's what you want. And I'd far rather be using the latest Firefox on XP as Administrator than using Internet Explorer on Win7 with UAC enabled.
But if you use interactive websites and allow the items listed above -- especially script -- then you're always at risk on any computer. Script in webpages turns them into software programs running on your computer. There's no way to make that entirely safe.
There was an interesting, ironic story this week about how the IRS is paying out billions in scam IRS refunds, to people who are filing dummy forms in the name of real people -- or at least real SS numbers. The IRS apparently thought online filing was slick, economical and futuristic. Apparently they thought it was inherently more dependable than paper filing. So they don't require any sort of paperwork for online filing. You can file your taxes with no W2 or 1099 form!
The one thing in your original post I would be inclined to comment on is the part about privacy policies. They mean nothing. Virtually all of them include a "mickey mouse clause" that says the policy may be changed at any time unilaterally. Most also claim unrestricted rights to your files and data. They usually say your files and data will only be used "to provide and improve the service", but that's flimsy language. If they sell their database to marketers, then invest that money in the service, then your private info was arguably sold to improve the service. We have webmail companies that claim the right to read your private correspondence, promising it's "anonymized". There's no such thing as anonymized. And their privacy policies are usually claiming co-ownership of your files. That's not a privacy policy. It's an intrusion policy.
So as far as corporate privacy policies go, they should all be read to be saying, "If you give us *any* private information we will try our best to make money from it. You give us that right in giving us the information." Then decide what you want to share.
Even if there were a company trying to be honest, things change. Leaders change. Businesses change. (Google ran an honest business at one time. Remember?) A business might be sold. Some of the issues are hard to even know: CVS is selling out their customers to drug companies. Even if you happen to have heard that, do you have a choice about shopping at CVS? If so, can we be sure that Walgreens is not selling their database?