Writeup from 2022 that I assume is mostly still valid. TLDR:
- Mainstream Linux is less secure than macOS, Windows, and ChromeOS. (Elsewhere: “[iOS/Android] were designed with security as a foundational component. They were built with sandboxing, verified boot, modern exploit mitigations and more from the start. As such, they are far more locked down than other platforms and significantly more resistant to attacks.”)
- Move as much activity outside the core maximum privilege OS as possible.
- OP doesn’t mention immutable OS, but I assume they help a lot.
- Create a threat model and use it to guide your time and money investments in secure computing.
Once you have hardened the system as much as you can, you should follow good privacy and security practices:
- Disable or remove things you don’t need to minimise attack surface.
- Stay updated. Configure a cron job or init script to update your system daily.
- Don’t leak any information about you or your system, no matter how minor it may seem.
- Follow general security and privacy advice.
And that is why all traffic facing servers are running windows and macos.
I highly value Madaidan’s input on the matter and also their work on projects such as Kicksecure and Whonix. Furthermore, it’s clear that Desktop Linux hasn’t been able to combat all the pain points that were mentioned in the article. However, we’ve definitely come a long way since and there’s lot to be optimistic about; secureblue to name a thriving project.
But, while I appreciate how the article continues to draw awareness to the fact that Desktop Linux isn’t as secure as some like to think, the write-up is ultimately bound to be (severely) outdated at some point. And, perhaps, we might already be past the point in which it does more harm than good…
Anyhow, I’d like to take this opportunity to promote a platform that actually continues to deliver up-to-date articles about security on Linux: https://privsec.dev/posts/linux/
This is a Qubes ad.
And that’s fine, but why Qubes insists it’s not Linux while booting the Linux kernel, running xen, using xfce as the primary desktop, and being listed on disteowatch seems like a weird marketing choice to me. Your primary audience knows what Linux is, so what is the motivation behind claiming “Qubes is not Linux”?
Sorry man, your going to get down voted like crazy just because you posted something bad about Linux.
Good info thoughm
I’ve had a hot take for a while now that Linux isn’t “more secure” than other operating systems like a lot of evangelists will claim. I think people get this impression because the user base for desktop Linux has been small enough that no one was writing malware targeted at us.
Unix’s security model was developed in a world where the primary concern was protecting the system from users and protecting users from each other. It wasn’t really designed for single-user systems where the main concern is protecting the user from their own applications.
no one was writing malware targeted at us
Probably not true now. It took some digging but I found e.g. BPFdoor https://attack.mitre.org/software/S1161/ which “does not need root to run” https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis
The silver lining is that a lot of these backdoors are nation-state level so you might not be targeted by them. If I had data on my computer worth a dang, I’d be more concerned.
The thing about most default configs of any OS is that user storage is largely accessable to all apps. True of Linux, Android. Windows, …
Graphene has options to restrict that but you have to set it up that way. Android also has App sandboxing for app data.
Thinking through the threat model of course is always good as is hardening. All security is porous. Linux is fine generally. If one is exposing services on the public net it is not clear that any OS or software is sufficiently secure, that takes constant effort in terms of monitoring and management.
Android doesn’t expose any app data and requires a permission for accessing storage (unlike Linux).
However when many apps have a permission it becomes meaningless.
Yes, which is why i very much like what GrapheneOS does with Storage and Contacts Scopes.
Mainstream Linux is NOT less secure than MacOS, and if you’ve ever seen how buggy non-Graphene Android is, tell me this OS is doing secure memory management with a straight face…
Some distros ship with no firewall enabled, some newbie using public WiFi is going to be less secure.
A pain with OpenSUSE tumbleweed is firewall and SELinux by default, but it forces you to learn about security if you need to setup SAMBA or other connections to your machine
Ubuntu, Mint, and Fedora all ship with default firewalls and that’s probably 80+% of laptop users. I’m also skeptical that there would even be a specific danger from taking an unfirewalled box that’s just running a browser and Steam on public wifi in 2025, which would presumably be most n00b use cases.
Last time I tried Ubuntu, it had a firewall but it wasn’t active by default. Unless something changed in the last few years.
No firewall means your system is going to get scanned to see if anything is open or exploitable
Yes. And what would be open, much less exploitable, on a default install of a major distro at all, much less on the timeframe on which one would normally be on public wifi?
People hang out on public WiFi sometimes with packet sniffing and other tools to exploit people. Especially some distros don’t have X server remote display locked down.
If you want to know what is open or exploitable CVE you can run a script that discovers all CVE exploits against a machine
The assertion was literally “Mainstream Linux is less secure than macOS…”
Packet sniffers have nothing to do with OS or firewall, so I don’t know what packet sniffers have to do with this. Can you name an arguably “mainstream” distro where it is the case that X is open by default?
Are you aware of an IRL exploitable CVE for even marginally up to date-ish Ubuntu or Fedora without user installed non-default services, exploitable by cold hitting a random port like a windows 98 worm? Maybe I’m just massively misinformed, but I don’t believe such a thing has existed since the Debian bad randoms meltdown of the 2000’s, but even that would require sshd running, which afaik Fedora and Ubuntu don’t have on a default install unless the user turns it on, so despite the Starbucks wifi happening to have a 1337 h4x0r utilizing perfect AI capable of finding all CVEs and chaining them he isn’t getting in on a closed port on ANY modern unix.
These are very subjective arguments, and even the objective points are completely subjective depending on your distro.
I mean one of his arguments is that C++ is just inherently insecure. He just takes Microsoft’s claims at face-value that all their pointless shit is the magical security wall that it claims to be. He buys into the same lie that ACE on a Windows, Mac or Android is somehow much much safer than on Linux. Most of his claims that other OSes are more secure are rooted in “well yeah they do exactly the same but at least they knooow they do”.
I’m not even acknowledging ChromeOS - it is Linux, except it only runs a browser.
99% of this stuff also applies to Windows/MacOS/Android/iOS, except moreso and far more universally. And 90% of this stuff is only relevant if you’re being targeted by some state-funded intelligence like the CIA (cold reading your RAM?? minimum 16-character password?? Keystroke fingerprinting???)
So whatever, I think the hardening guide looks fairly accurate, but unless you’re being spied on by world powers, I wouldn’t consider it worth peoples’ time to read, never mind implement. 90% of people are still going to be more secure by cluelessly using Linux instead of cluelessly using the others.
And if the state wants your password they will just ask you using some very persuasive arguments, so, it won’t matter your 16 char password
And who TF encrypts their laptop with RSA 4096.
