this post was submitted on 18 Jan 2024
69 points (83.5% liked)
Linux
47325 readers
829 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't have the Money for MacOS, am too much of a Poweruser for ChromeOS/Android and have too much of a real life for OpenBSD
So yes, MS is the most secure Option available.
And that's not my Opinion. That's the Opinion of serious cybersecurity Experts such as Daniel Micay, the founder of GrapheneOS. He literally called it "years behind on exploit mitigation" and calls Windows more secure.
And he's not alone. He is joined by Madaidan, a Contributor to Tails, a security-and-privacy-focused Distro, who says you shouldn't use (persistent) Linux unless it's QubesOS.
And once you read all that, suddenly the Telemetry of Windows seems like much less of an Issue.
Linux has major Security Issues, there's no debating that.
The only thing we achieve with Denial is making sure these Issues will never get the Attention they deserve and as such will never get fixed.
/rant over
Windows also has security issues: on Windows, most apps are installed via the web browser. Installing apps from a website means trusting each and every website you get your software from. Of course, I imagine you could try other methods, though that'd be quite a hassle, honestly.
Most Linux distributions have package repositories that are tested, specially point-release distros like Linux Mint or Debian.
This is all assuming that "security" refers to how likely a system is to be compromised, hacked or otherwise affected by untrusted malware.
I never denied that Linux has security issues. There's no way it doesn't! The kernel is huge, as a codebase grows more and more bugs are introduced and over time they are fixed.
I'm simply saying that, because of the way Windows works, you're more likely to shoot yourself in the foot by installing malicious software than on Linux.
Daniel Micay never said that as far as I could find, what you're probably misquoting is him saying that Debian is slow to integrate changes, if that's not the quote you're referring to please point me to the one you're talking about. His opinion is so far from what you're suggesting that when he decided to create an OS focused on privacy and security he chose the Linux Kernel as a base.
You have to be crazy or uninformed to think that windows is more secure or privacy friendly than Linux, there are reasons to use Windows, security and privacy are NOT one of them.
I only use quotation Marks if I can directly Quote it: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
probably should have given it with the first comment. I even searched out the Post to quote it correctly but didn't think to link it. Here it is: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
"GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer, etc"
same Thread, a few Comments further up. I linked it here for you: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekxifpa/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Since the Telemetry also is a Dealbreaker for me on the Privacy-Front i agree with you there. But in regards to security:
Microsoft has huge security-Teams and is often at the Forefront of new security-technologies / -concepts. TPM comes to Mind immediately.
in my personal Opinion, Windows (as well as Linux) carry too much legacy-Cruft in the Name of backwards-compatability. But since I'm not an established Cybersecurity Expert and I'm aware of that, here's what I've read from actually established Cybersecurity Experts:
from what I've read, they recommend either Android or ChromeOS as the most secure 'Desktop' OS. After that it depends on what you need. MacOS apparently has better Sandboxing while Windows has better Exploit Mitigations.
Linux is universally seen as not as secure as any of them.
Jesus, that was a lot more Effort than I imagined. I hope you're going to actually look into the Points I raised and I didn't just 'yell at the Clouds', so to speak.
The funny thing is that a few of the articles I found that I thought you were missquoting were using quotes from that thread just a few comments below but no one was quoting that particular part. In any case there's one important word left out "typical", that's important because you can harden the security of Linux by a lot more than you can Windows, which means that even if the typical Linux was less secure than the typical Windows that says nothing about which can be made more secure.
I'm glad we see eye-to-eye on privacy, because unlike him I don't think you can decouple both of them so easily, and in fact I believe that privacy is one subset of security (George Orwell and all of that).
I'm not a cybersecurity expert by any means, but I did study for OSCP for a while but ended up working in programming servers instead, so I'm also not a layman on this. Every cybersecurity expert I've ever met uses Linux, it's not universally seen as less secure like you're describing, one guy has that idea and from his answers on that thread it looks like he's focusing on one aspect, i.e. binary isolation, as the be end all for security and forgetting all other areas of attack, not to mention that even if you were to consider that then Linux has native docker and almost everything exposed to the internet nowadays runs inside docker which provides a lot more isolation than most other comparable technology.
Which leads me to believe he's talking about home use, and if you go to home use Linux has a package manager, so on that alone it beats windows on security since that can't be MITM like a website can. So in windows you're never sure if what you're installing is the program you want or a virus. Even if we forget about that for a second, most people use windows with their admin account, so any malware a user inadvertently puts in the system has full system access, unlike Linux where the default is a limited user account with password prompt to use sudo. Even if a person uses windows with a non-admin account and has a hardened security, privilege escalation on windows is a joke, if you're interested go check out hackthebox and run through a few machines, you'll notice that on Linux privesc is usually looking for missconfigurations or errors from the user, whereas Windows is 90% of time check version, look out a CVE, exploit it.
So, let's recap, it's harder to get into your Linux system, if something gets in by default it has less access, and to extend that access is also harder. How exactly is Windows more secure? Just because it checks a chip to ensure your hardware hasn't changed? Chances that an attack would change my hardware at home are close to zero, and if someone stole my hardware good luck getting past luks, if I have the slightest suspicion that my hardware has been compromised I can simply unplug the disk, use a separate hardware to boot, copy the info from that disk and nuke everything, something that would be insecure in windows because it auto executes mounted drives by default, so plugging my old disk in could trigger whatever trap someone had setup.
Honestly, the more I think about it the more absurd it sounds that someone would prefer Windows for security reasons. Servers have to be the most secure computers, actual people get paid a lot of money to make sure servers are secure, and the vast majority of servers run Linux.