Move as much activity outside the core maximum privilege OS as possible.
OP doesn't mention immutable OS, but I assume they help a lot.
Create a threat model and use it to guide your time and money investments in secure computing.
Once you have hardened the system as much as you can, you should follow good privacy and security practices:
Disable or remove things you don't need to minimise attack surface.
Stay updated. Configure a cron job or init script to update your system daily.
Don't leak any information about you or your system, no matter how minor it may seem.
Follow general security and privacy advice.
Soot [any] - 3w
These are very subjective arguments, and even the objective points are completely subjective depending on your distro.
I mean one of his arguments is that C++ is just inherently insecure. He just takes Microsoft's claims at face-value that all their pointless shit is the magical security wall that it claims to be. He buys into the same lie that ACE on a Windows, Mac or Android is somehow much much safer than on Linux. Most of his claims that other OSes are more secure are rooted in "well yeah they do exactly the same but at least they knooow they do".
I'm not even acknowledging ChromeOS - it is Linux, except it only runs a browser.
99% of this stuff also applies to Windows/MacOS/Android/iOS, except moreso and far more universally. And 90% of this stuff is only relevant if you're being targeted by some state-funded intelligence like the CIA (cold reading your RAM?? minimum 16-character password?? Keystroke fingerprinting?????)
So whatever, I think the hardening guide looks fairly accurate, but unless you're being spied on by world powers, I wouldn't consider it worth peoples' time to read, never mind implement. 90% of people are still going to be more secure by cluelessly using Linux instead of cluelessly using the others.
30
Tiempo @lemmy.dbzer0.com - 3w
And if the state wants your password they will just ask you using some very persuasive arguments, so, it won't matter your 16 char password
14
FoundFootFootage78 - 3w
15
FoundFootFootage78 - 3w
And who TF encrypts their laptop with RSA 4096.
7
verdare - 3w
I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.
Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.
The silver lining is that a lot of these backdoors are nation-state level so you might not be targeted by them. If I had data on my computer worth a dang, I'd be more concerned.
10
cassandrafatigue @lemmy.dbzer0.com - 3w
It would be hard to be less secure than windows.
0
Jumuta @sh.itjust.works - 3w
security you don't understand is security you don't have. windows' exploit mitigations don't work because the average user doesn't understand them and can easily be guided into disabling them.
the weakest attack surface is the stupidity of the user and that's not gonna change however much you try to make your os secure
21
verdare - 3w
A secure OS should account for dumb/malicious users and mitigate the damage they can do. If a user can be convinced to disable protections on Windows or Android, that same user could easily be convinced to download a script and run it with sudo.
4
Jumuta @sh.itjust.works - 3w
that might be true, but no one learns calculus in a ball pit
5
cassandrafatigue @lemmy.dbzer0.com - 3w
Youre not going to improve security beyond the already plucked low hanging fruit except by developing usees into users.
1
non_burglar @lemmy.world - 3w
This is a Qubes ad.
And that's fine, but why Qubes insists it's not Linux while booting the Linux kernel, running xen, using xfce as the primary desktop, and being listed on disteowatch seems like a weird marketing choice to me. Your primary audience knows what Linux is, so what is the motivation behind claiming "Qubes is not Linux"?
21
N.E.P.T.R - 3w
Freebsd is also on distrowatch. Qubes is not desktop Linux because it doesnt function like normal linux. It uses the Linux kernel, but in a similar way to how Android isn't Linux, neither is Qubes.
2
non_burglar @lemmy.world - 3w
Fair enough. I guess I didn't distill my comment before writing it down.
The problem I see with op's "Linux isn't secure" comment (without getting all territorial about it) is that the solution touted by Qubes is already a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker.
The fact that Qubes is a secure approach should be the focus, not the "our potassium is superior to all other countries" vibe from this post.
8
N.E.P.T.R - 3w
Understandable. Though the security difference between Flatpak and Xen VMs, or even between Flatpak and Snap, is pretty big. Flatpak is mostly sandboxed to provide a consistent run environment to apps across distros, and id say 50% or more of the Flathub apps seem to have weak default sandbox security settings. Snap does a better job security-wise of reducing sandbox escape potential, but is still a far cry away from the containerization of Qubes.
2
BigHeadMode @lemmy.frozeninferno.xyz - 3w
a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker
Not a good argument. Several distros use it, but most mainstream distros are not focused on sandboxed apps. If you look up "should I use Snap on Ubuntu" the responses are around 80% no.
-1
non_burglar @lemmy.world - 3w
Sandboxing apps is great and all, but it it's not the entire picture of security.
6
HaraVier @discuss.online - 3w
I highly value Madaidan's input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it's clear that Desktop Linux hasn't been able to combat all the pain points that were mentioned in the article. However, we've definitely come a long way since and there's lot to be optimistic about; secureblue to name a thriving project.
But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn't as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good...
Anyhow, I'd like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/
11
FoundFootFootage78 - 3w
Time to distrohop again. Kubuntu's been irking me for a while and that guide says it's insecure and CachyOS (though I don't like the default software suite) has been nice. Though I need to find an alternative distro (don't trust Red Hat, had a bad experience with OpenSUSE, don't have the patience to learn Arch).
1
HaraVier @discuss.online - 3w
Accompanied with your input, if we look at the distros that are mentioned between Privacy Guides and PrivSec.dev; then Arch Linux, NixOS or a derivative of either of the two seem to be most suitable for you at first glance. As NixOS is rather infamous for its learning curve and you seem to have gotten a liking to CachyOS, I'd recommend a distro under the umbrella of Arch Linux. I suppose it's rather unfortunate that I'm unaware of a well-maintained Arch-derivative that's properly hardened; somewhat akin to what secureblue/Kicksecure/nix-mineral offer for Fedora Atomic/Debian/NixOS respectively. Though..., perhaps that's actually what's to be expected with Arch Linux 😅; I hope you may find solace at the fact that the ever-so-reliable ArchWiki got your back: https://wiki.archlinux.org/title/Security. Wish ya good luck 😉!
2
FoundFootFootage78 - 3w
I'm probably gonna go for Fedora or OpenSUSE. I like CachyOS because it's just plug and play, but the article says that Arch derivatives tend to be insecure because they're behind the curve on updates.
I'd rather not use an American distro but all the instructions for installing software are usually for Ubuntu/Debian, Fedora, or Arch.
As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:
Make a threat model for yourself before diving in and apply the mitigations judiciously. It's not exactly a checklist, just use something secureblue or Qubes if you are really paranoid about your computer.
The majority of the mitigations 'just work' and have no noticeable impact on performance, battery life, or compatibility.
If your CPU/Memory performance widget breaks, dial back on the ptrace options
If Flatpaks fail to launch, dial back on the namespace options
Check back every so often because some of the options end up having unwanted side-effects with updates. See the preamble in boot parameters, where a change in Linux made in 2021 (which finally made it into Debian Stable this year) made the slub_debug mitigation actually worsen security.
8
primalmotion - 3w
And that is why all traffic facing servers are running windows and macos.
6
flatbield - 3w
The thing about most default configs of any OS is that user storage is largely accessable to all apps. True of Linux, Android. Windows, ...
Graphene has options to restrict that but you have to set it up that way. Android also has App sandboxing for app data.
Thinking through the threat model of course is always good as is hardening. All security is porous. Linux is fine generally. If one is exposing services on the public net it is not clear that any OS or software is sufficiently secure, that takes constant effort in terms of monitoring and management.
4
BigHeadMode @lemmy.frozeninferno.xyz - 3w
Graphene has options to restrict that [user storage availability] but you have to set it up that way.
It's also a bit of a pain to manage as an end user. I wish it shipped with a toggle that was a step up from stock Android but also not in the way constantly. Like "we went through the top 50 apps on Play Store and FDroid, we classified them as media player, social media, etc., and we made rules for each category that reasonably isolates it while still allowing core functionality."
3
N.E.P.T.R - 3w
Android doesn't expose any app data and requires a permission for accessing storage (unlike Linux).
2
flatbield - 3w
However when many apps have a permission it becomes meaningless.
3
N.E.P.T.R - 3w
Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.
4
ISolox @lemmy.world - 3w
Sorry man, your going to get down voted like crazy just because you posted something bad about Linux.
BigHeadMode in linux
Linux Hardening Guide / Linux is Insecure
https://madaidans-insecurities.github.io/guides/linux-hardening.htmlWriteup from 2022 that I assume is mostly still valid. TLDR:
These are very subjective arguments, and even the objective points are completely subjective depending on your distro.
I mean one of his arguments is that C++ is just inherently insecure. He just takes Microsoft's claims at face-value that all their pointless shit is the magical security wall that it claims to be. He buys into the same lie that ACE on a Windows, Mac or Android is somehow much much safer than on Linux. Most of his claims that other OSes are more secure are rooted in "well yeah they do exactly the same but at least they knooow they do".
I'm not even acknowledging ChromeOS - it is Linux, except it only runs a browser.
99% of this stuff also applies to Windows/MacOS/Android/iOS, except moreso and far more universally. And 90% of this stuff is only relevant if you're being targeted by some state-funded intelligence like the CIA (cold reading your RAM?? minimum 16-character password?? Keystroke fingerprinting?????)
So whatever, I think the hardening guide looks fairly accurate, but unless you're being spied on by world powers, I wouldn't consider it worth peoples' time to read, never mind implement. 90% of people are still going to be more secure by cluelessly using Linux instead of cluelessly using the others.
And if the state wants your password they will just ask you using some very persuasive arguments, so, it won't matter your 16 char password
And who TF encrypts their laptop with RSA 4096.
I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.
Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.
Probably not true now. It took some digging but I found e.g. BPFdoor https://attack.mitre.org/software/S1161/ which "does not need root to run" https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis
The silver lining is that a lot of these backdoors are nation-state level so you might not be targeted by them. If I had data on my computer worth a dang, I'd be more concerned.
It would be hard to be less secure than windows.
security you don't understand is security you don't have. windows' exploit mitigations don't work because the average user doesn't understand them and can easily be guided into disabling them.
the weakest attack surface is the stupidity of the user and that's not gonna change however much you try to make your os secure
A secure OS should account for dumb/malicious users and mitigate the damage they can do. If a user can be convinced to disable protections on Windows or Android, that same user could easily be convinced to download a script and run it with
sudo.that might be true, but no one learns calculus in a ball pit
Youre not going to improve security beyond the already plucked low hanging fruit except by developing usees into users.
This is a Qubes ad.
And that's fine, but why Qubes insists it's not Linux while booting the Linux kernel, running xen, using xfce as the primary desktop, and being listed on disteowatch seems like a weird marketing choice to me. Your primary audience knows what Linux is, so what is the motivation behind claiming "Qubes is not Linux"?
Freebsd is also on distrowatch. Qubes is not desktop Linux because it doesnt function like normal linux. It uses the Linux kernel, but in a similar way to how Android isn't Linux, neither is Qubes.
Fair enough. I guess I didn't distill my comment before writing it down.
The problem I see with op's "Linux isn't secure" comment (without getting all territorial about it) is that the solution touted by Qubes is already a solution in wide use in several Linux distros, meaning the compartmentalization of apps in constrained environments is already a mechanic used in flatpack, snap, even docker.
The fact that Qubes is a secure approach should be the focus, not the "our potassium is superior to all other countries" vibe from this post.
Understandable. Though the security difference between Flatpak and Xen VMs, or even between Flatpak and Snap, is pretty big. Flatpak is mostly sandboxed to provide a consistent run environment to apps across distros, and id say 50% or more of the Flathub apps seem to have weak default sandbox security settings. Snap does a better job security-wise of reducing sandbox escape potential, but is still a far cry away from the containerization of Qubes.
Not a good argument. Several distros use it, but most mainstream distros are not focused on sandboxed apps. If you look up "should I use Snap on Ubuntu" the responses are around 80% no.
Sandboxing apps is great and all, but it it's not the entire picture of security.
I highly value Madaidan's input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it's clear that Desktop Linux hasn't been able to combat all the pain points that were mentioned in the article. However, we've definitely come a long way since and there's lot to be optimistic about; secureblue to name a thriving project.
But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn't as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good...
Anyhow, I'd like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/
Time to distrohop again. Kubuntu's been irking me for a while and that guide says it's insecure and CachyOS (though I don't like the default software suite) has been nice. Though I need to find an alternative distro (don't trust Red Hat, had a bad experience with OpenSUSE, don't have the patience to learn Arch).
Accompanied with your input, if we look at the distros that are mentioned between Privacy Guides and PrivSec.dev; then Arch Linux, NixOS or a derivative of either of the two seem to be most suitable for you at first glance. As NixOS is rather infamous for its learning curve and you seem to have gotten a liking to CachyOS, I'd recommend a distro under the umbrella of Arch Linux. I suppose it's rather unfortunate that I'm unaware of a well-maintained Arch-derivative that's properly hardened; somewhat akin to what secureblue/Kicksecure/nix-mineral offer for Fedora Atomic/Debian/NixOS respectively. Though..., perhaps that's actually what's to be expected with Arch Linux 😅; I hope you may find solace at the fact that the ever-so-reliable ArchWiki got your back: https://wiki.archlinux.org/title/Security. Wish ya good luck 😉!
I'm probably gonna go for Fedora or OpenSUSE. I like CachyOS because it's just plug and play, but the article says that Arch derivatives tend to be insecure because they're behind the curve on updates.
I'd rather not use an American distro but all the instructions for installing software are usually for Ubuntu/Debian, Fedora, or Arch.
OpenBSD?
Seconded
Thoughts on the info here: https://isopenbsdsecu.re/?
As someone who did use this guide as an exercise in making my setup as secure as it could be without changing distros or hampering productivity, a few words of advice:
slub_debugmitigation actually worsen security.And that is why all traffic facing servers are running windows and macos.
The thing about most default configs of any OS is that user storage is largely accessable to all apps. True of Linux, Android. Windows, ...
Graphene has options to restrict that but you have to set it up that way. Android also has App sandboxing for app data.
Thinking through the threat model of course is always good as is hardening. All security is porous. Linux is fine generally. If one is exposing services on the public net it is not clear that any OS or software is sufficiently secure, that takes constant effort in terms of monitoring and management.
It's also a bit of a pain to manage as an end user. I wish it shipped with a toggle that was a step up from stock Android but also not in the way constantly. Like "we went through the top 50 apps on Play Store and FDroid, we classified them as media player, social media, etc., and we made rules for each category that reasonably isolates it while still allowing core functionality."
Android doesn't expose any app data and requires a permission for accessing storage (unlike Linux).
However when many apps have a permission it becomes meaningless.
Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.
Sorry man, your going to get down voted like crazy just because you posted something bad about Linux.
Good info thoughm