Then there is your answer:

You see the whole article, others don’t. Publishers sometimes decide by your IP, your location etc. if you are allowed to read it freely (also putting rate limits up, so if enough people in your vicinity already saw it you will hit the paywall reasoning that you are already interested and more willing to pay). Or they simply put up the paywall later based on how popular an article is.

Or in short: a lot of new links have paywalls because the people posting something didn’t even know there was one.

PS: many people regularly clicking news from all over the world also often have addons, plugins and filters running that circumvent a lot of those paywalls automatically, so we sometimes tend to forget about them…

There’s a RAT in Arch Linux (because someone made one downloadable in the Arch User Repository) is about the same level of non-sense as telling the story of how Windows ships with hundreds of viruses because those can indeed be freely downloaded as .exe-files from the Internet which you can access via Windows. 🤣

Now that I think about it… It’s even worse. You cannot actually get an AUR package without explicitly installing the tools to get them (and most likely reading the disclaimers and warnings for using the AUR on the way), while you can can in fact download and execute malicious content with the pre-installed Windows tools.

The actual problem is (and has been for a long time) the enormous amount of absolute trash-level uefi implementations.

Updating keys is easy. Alas… a lot of them are completely broken beyond repair and fail everything but running with the pre-installed keys, which includes updating (or adding new) keys (bonus points for the really screwed up devices that even sign some their own hardware with the pre-installed MS keys thus bricking themselves if those keys are changed).

Linux users who have Secure Boot enabled on their systems […]

No.

Some Linux users lazily using shim-based Secure Boot implementations provided out of the box by some distros. Mostly exactly because that’s a setup that came with their install where they don’t have to do anything and they also don’t actually care.

Everyone actually caring for Secure Boot has the option to setup and use their own proper keys easily.

The real problem is (and has been for a long time) the amount of absolute trash level UEFI implementations still in use nthat are basically non-functional once you try to use any Secure Boot funtionality beyond just using the pre-installed MS keys.