Your Computer Isn't Yours
Niklas
@freddy My computer is mine because it runs Linux.People who use proprietary software don't deserve anything better than that.
@nipos Hate to tell you but your computer probably still isn't yours. If you have an Intel or AMD processor (other than a few) your device is packed with hardware level spying that you can't remove. Also Linux is wildly insecure and its only saving grace is security by obscurity which won't protect it as it's shallow excuse forever. Also due to its lack of any meaningful sandbox, any anti privacy apps you have installed are tracking everything you're doing in other apps too.
@ThreeBadgersInATrenchcoat Linux is *not* insecure and I only use free open source software.
@nipos It is objectively insecure. There is no sandboxing on the standard desktop, the entire kernel is written in a memory unsafe language, the kernel is too big for anyone to review so you just have to trust others, the kernel is wildly behind on exploit mitigations, a compromised non-root user with access to sudo is almost equal to a full root compromise as there are an insane amount of ways for an attacker to retrieve a password,
(1/2)
Hardening Linux to a point in which it's actually secure is well out of the range of normal users and would take a team of skilled devs to have the knowledge and put in the time, no standard desktop OS devs have done this so far. Just because you harden a few SELinux policies or use a distro with a MAC framework without strict enforcement and policies or whatever else you consider hardening, it doesn't fix the inherent architectural problems with Linux and it's overarching security model.
@nemo Also I don't see how the link you attached is at all related to the discussion of hardening Linux.
@ThreeBadgersInATrenchcoat Sorry I don't feed trolls
@nemo Genuinely not trolling. Qubes isn't even a Linux distribution, they say it themselves.
@ThreeBadgersInATrenchcoat Well there must be a reason, why most of the internet is run on linux servers :)
There is a triangle of security.
The red circle is an indication of our system. When we play with the parameters and move the circle closer to security. The functionality and usability suffers. QubesOS is one of the most secure systems. Out there most of the technologies which are implemented in it can also easily be applied to most standard distros. Absolute security is not possible.
Most of the internet and servers are run on Linux for stability, low overhead, versatility, and package support. I'm aware that there is no OS with perfect security or anything, and that the more secure you get the less usable it gets, and logically that would be true..except for MacOS.. MacOS right now is the leader for desktop OS security (security =/= privacy) second only to Qubes and it's extremely usable. I mean people don't pay $2500 for them to not be able to use them.
1/3
It has verified boot, granular and strong firewalls if you know how to use them, sandboxing, etc. Once again, taking Qubes out of the equation because it's in its own league, MacOS is the gold standard for desktop OS security and it's one of the most usable and self explanatory desktop OSes. But that's the thing, the same can't be said for Linux. It seems like the worst of both worlds in a way. Steep initial learning curve, frequently difficult to use bar a few distros, atrocious security.
2/3
But don't think I'm just bashing Linux because I have something against it, I don't. Hell, I use Linux on all of my computers everyday and even have a secondary phone with Ubuntu Touch, I think Linux is awesome, I'm just not assuming it to be something its not and I'm certainly not using it for security.
3/3
