Question/Discussion on Linux Security

so recently while browsing the GrapheneOS subreddit, I came across a thread on security of Linux Link. It is linked to two other threads This and This.

It is suggested that while FOSS, Linux is falling behind on security compared to macOS and Windows. The vulnerabilities mentioned are mostly user space/application related.

I cannot verify the authenticity of the comments, but since PTIO is recommending Linux distros as privacy-conscious options for OS, I want to figure out the question:

Is the comment reflecting the truth in the Linux world? Would I lose some consumer-grade security available on commercial OSes if I switch to Linux? Can I mitigate most of the risks introduced if I am adept at tinkering with Linux (I do use Arch on my VPS)?

1 Like

Daily reminder that Security ≠ Privacy ≠ Anonymity.

It largely appears to be true, yes.

One thing to consider is the attack vector you are predicting may be used against you. Linux (but not necessarily the applications running on it) is far safer against say, remote/network attacks than physical attacks for example. (Obviously, because Linux is massively utilized in the server space and generally servers aren’t being constantly hacked).

The problem is that Linux is basically hidden, it never affects your life. Everything that you are interacting with is a “user space/application related” piece of software running on your machine. Other operating systems like macOS, Windows, and ChromeOS have strong (some more than others) memory protections and sandboxing functionality to keep these applications isolated. That doesn’t make Mac/Windows/Chrome apps more secure necessarily, it just limits how much of your system could be affected. A software vulnerability on a Mac application might let an attacker get access to the private files that app uses, but a vulnerability on a Linux application might let an attacker get access to sensitive files in the entire system.

You could use Qubes? It doesn’t solve any of the security issues within a Linux container on the system, but at least if one Qube is attacked it can’t affect the others.

1 Like