Comment by palata

Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"?

Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users. Given that most computer users in the administration use a handful of programs, it doesn't seem super hard to audit them?