this post was submitted on 18 Jan 2024
70 points (83.7% liked)
Linux
48721 readers
2263 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I only use quotation Marks if I can directly Quote it: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
probably should have given it with the first comment. I even searched out the Post to quote it correctly but didn't think to link it. Here it is: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
"GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer, etc"
same Thread, a few Comments further up. I linked it here for you: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekxifpa/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Since the Telemetry also is a Dealbreaker for me on the Privacy-Front i agree with you there. But in regards to security:
Microsoft has huge security-Teams and is often at the Forefront of new security-technologies / -concepts. TPM comes to Mind immediately.
in my personal Opinion, Windows (as well as Linux) carry too much legacy-Cruft in the Name of backwards-compatability. But since I'm not an established Cybersecurity Expert and I'm aware of that, here's what I've read from actually established Cybersecurity Experts:
from what I've read, they recommend either Android or ChromeOS as the most secure 'Desktop' OS. After that it depends on what you need. MacOS apparently has better Sandboxing while Windows has better Exploit Mitigations.
Linux is universally seen as not as secure as any of them.
Jesus, that was a lot more Effort than I imagined. I hope you're going to actually look into the Points I raised and I didn't just 'yell at the Clouds', so to speak.
The funny thing is that a few of the articles I found that I thought you were missquoting were using quotes from that thread just a few comments below but no one was quoting that particular part. In any case there's one important word left out "typical", that's important because you can harden the security of Linux by a lot more than you can Windows, which means that even if the typical Linux was less secure than the typical Windows that says nothing about which can be made more secure.
I'm glad we see eye-to-eye on privacy, because unlike him I don't think you can decouple both of them so easily, and in fact I believe that privacy is one subset of security (George Orwell and all of that).
I'm not a cybersecurity expert by any means, but I did study for OSCP for a while but ended up working in programming servers instead, so I'm also not a layman on this. Every cybersecurity expert I've ever met uses Linux, it's not universally seen as less secure like you're describing, one guy has that idea and from his answers on that thread it looks like he's focusing on one aspect, i.e. binary isolation, as the be end all for security and forgetting all other areas of attack, not to mention that even if you were to consider that then Linux has native docker and almost everything exposed to the internet nowadays runs inside docker which provides a lot more isolation than most other comparable technology.
Which leads me to believe he's talking about home use, and if you go to home use Linux has a package manager, so on that alone it beats windows on security since that can't be MITM like a website can. So in windows you're never sure if what you're installing is the program you want or a virus. Even if we forget about that for a second, most people use windows with their admin account, so any malware a user inadvertently puts in the system has full system access, unlike Linux where the default is a limited user account with password prompt to use sudo. Even if a person uses windows with a non-admin account and has a hardened security, privilege escalation on windows is a joke, if you're interested go check out hackthebox and run through a few machines, you'll notice that on Linux privesc is usually looking for missconfigurations or errors from the user, whereas Windows is 90% of time check version, look out a CVE, exploit it.
So, let's recap, it's harder to get into your Linux system, if something gets in by default it has less access, and to extend that access is also harder. How exactly is Windows more secure? Just because it checks a chip to ensure your hardware hasn't changed? Chances that an attack would change my hardware at home are close to zero, and if someone stole my hardware good luck getting past luks, if I have the slightest suspicion that my hardware has been compromised I can simply unplug the disk, use a separate hardware to boot, copy the info from that disk and nuke everything, something that would be insecure in windows because it auto executes mounted drives by default, so plugging my old disk in could trigger whatever trap someone had setup.
Honestly, the more I think about it the more absurd it sounds that someone would prefer Windows for security reasons. Servers have to be the most secure computers, actual people get paid a lot of money to make sure servers are secure, and the vast majority of servers run Linux.