I don't have three but instead I would say it will be Java & Flash, it's just unbelievable how many security holes are in those two, it's just like Swiss cheese factory but instead of getting cheese with holes we get viruses, the ones which eats our computers bit by bit.

I would like some evidence of your claims. I have no emotional attachment to either Java or Adobe Flash but I do not want to get involved in what could be a libellous discussion.

These are the Security bulletins that Adobe provide for Flash Player:

https://helpx.adobe.com/uk/security/products/flash-player.html

https://helpx.adobe.com/uk/security.html

I am not sure that this proves that Flash is like a "Swiss cheese factory" or that Adobe are proving responsible maintainers of their software. All software has weaknesses. Not all weaknesses are vulnerabilities and not all vulnerabilities are actually exploited by viruses, trojans, worms and the like.

http://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html

Can Linux be made more secure? Apparently the answer is "Yes." There is a lot that could be done. Replacing the Xserver is something that a lot of developers are working hard at doing.

Would the OS be more secure if every application was run in a sandbox with very limited access to other parts of the OS? Yes, but I am not sure how much work is being done on this matter. I know that applications on the Ubuntu phone are sandboxed and tightly controlled. And that Ubuuntu developers are working hard to converge the phone code base into the desktop code base.

Would the OS be more secure if users did not install software from any web site but only through the Ubuntu software centre and through PPAs. Most certainly from what I have heard.

It occurs to me, that when it comes to security vulnerabilities nothing beats the program called user.

Regards

Both Java and Flash were developed years ago in the preliminary stages of the Internet boom, long before anyone realized the security implications of building a global communications and publishing system on an architecture developed in the 1980's by and for academics and researchers *and* that implicitly assumed every user is trustworthy. Toss in a few billion rather clueless users who demand constant software change and you have a never ending source of security vulnerabilities. (One example of "clueless": Expecting email to be as inherently as secure as paper mail because it has the word "mail" in its name.)

Java and Flash survive because they are in widespread use and moving away from them incurs costs that corporations and other organizations that depend on and support them do not want to deal with. Those kind of decisions are not made solely for technical reasons.

I'd put Acrobat Reader ahead of either Flash or Java in terms of security problems. Bugged PDFs designed to exploit holes in Reader have been a major vector for "spearfishing" attacks on corporate executives.

google docs
Windows by Microsoft :D
Microsoft word
also
the internet