And that is why all traffic facing servers are running windows and macos.
I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.
Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.
no one was writing malware targeted at us
Probably not true now. It took some digging but I found e.g. BPFdoor https://attack.mitre.org/software/S1161/ which "does not need root to run" https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis
The silver lining is that a lot of these backdoors are nation-state level so you might not be targeted by them. If I had data on my computer worth a dang, I'd be more concerned.
security you don't understand is security you don't have. windows' exploit mitigations don't work because the average user doesn't understand them and can easily be guided into disabling them.
the weakest attack surface is the stupidity of the user and that's not gonna change however much you try to make your os secure
A secure OS should account for dumb/malicious users and mitigate the damage they can do. If a user can be convinced to disable protections on Windows or Android, that same user could easily be convinced to download a script and run it with sudo.
that might be true, but no one learns calculus in a ball pit
This is a Qubes ad.
And that's fine, but why Qubes insists it's not Linux while booting the Linux kernel, running xen, using xfce as the primary desktop, and being listed on disteowatch seems like a weird marketing choice to me. Your primary audience knows what Linux is, so what is the motivation behind claiming "Qubes is not Linux"?
Freebsd is also on distrowatch. Qubes is not desktop Linux because it doesnt function like normal linux. It uses the Linux kernel, but in a similar way to how Android isn't Linux, neither is Qubes.
Fair enough. I guess I didn't distill my comment before writing it down.
The problem I see with op's "Linux isn't secure" comment (without getting all territorial about it) is that the solution touted by Qubes is already a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker.
The fact that Qubes is a secure approach should be the focus, not the "our potassium is superior to all other countries" vibe from this post.
a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker
Not a good argument. Several distros use it, but most mainstream distros are not focused on sandboxed apps. If you look up "should I use Snap on Ubuntu" the responses are around 80% no.
Sandboxing apps is great and all, but it it's not the entire picture of security.
Understandable. Though the security difference between Flatpak and Xen VMs, or even between Flatpak and Snap, is pretty big. Flatpak is mostly sandboxed to provide a consistent run environment to apps across distros, and id say 50% or more of the Flathub apps seem to have weak default sandbox security settings. Snap does a better job security-wise of reducing sandbox escape potential, but is still a far cry away from the containerization of Qubes.
As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:
slub_debug mitigation actually worsen security.I highly value Madaidan's input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it's clear that Desktop Linux hasn't been able to combat all the pain points that were mentioned in the article. However, we've definitely come a long way since and there's lot to be optimistic about; secureblue to name a thriving project.
But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn't as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good...
Anyhow, I'd like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/
Time to distrohop again. Kubuntu's been irking me for a while and that guide says it's insecure and CachyOS (though I don't like the default software suite) has been nice. Though I need to find an alternative distro (don't trust Red Hat, had a bad experience with OpenSUSE, don't have the patience to learn Arch).
Sorry man, your going to get down voted like crazy just because you posted something bad about Linux.
Good info thoughm
The thing about most default configs of any OS is that user storage is largely accessable to all apps. True of Linux, Android. Windows, ...
Graphene has options to restrict that but you have to set it up that way. Android also has App sandboxing for app data.
Thinking through the threat model of course is always good as is hardening. All security is porous. Linux is fine generally. If one is exposing services on the public net it is not clear that any OS or software is sufficiently secure, that takes constant effort in terms of monitoring and management.
Graphene has options to restrict that [user storage availability] but you have to set it up that way.
It's also a bit of a pain to manage as an end user. I wish it shipped with a toggle that was a step up from stock Android but also not in the way constantly. Like "we went through the top 50 apps on Play Store and FDroid, we classified them as media player, social media, etc., and we made rules for each category that reasonably isolates it while still allowing core functionality."
Android doesn't expose any app data and requires a permission for accessing storage (unlike Linux).
However when many apps have a permission it becomes meaningless.
Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0