What's the most secure desktop operating system?

 

“Security” is not a scalar value.

Here are three operating systems that emphasize security. Each takes a different approach, as each is solving a different problem. “Security” is not magic pixie dust — it’s a process, and that process starts with understanding what threats your consider to be important and what you need to mitigate those threats while still retaining the ability to get your work done.


OpenBSD: “Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills…..To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.”

Qubes: “Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes. This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.”

Tails: “Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly ….. Using Tails on a computer doesn't alter or depend on the operating system installed on it. So you can use it in the same way on your computer, a friend's computer, or one at your local library. After shutting down Tails, the computer will start again with its usual operating system. Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. That's why we call Tails "amnesic". This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.”


OpenBSD has a great reputation for putting out bug-free software, but if you actually want to accomplish something on your computer you’ll probably end up installing software that hasn’t gone through their auditing processes.

Qubes essentially assumes you’ll be running buggy software and that eventually you’ll get hit by malware. I like its “harm reduction” approach, but it still relies on the user to identify what tasks are sensitive and to only do those tasks in a dedicated vm instance. That’s putting a lot of responsibility on a non-expert user.

Tails is far more concerned about privacy, and while it has made great strides in user friendliness, relying on tor does make you a second-class citizen on the internet.


So what do I use? OSX and Linux. Those are plenty good enough for my needs.

 

https://www.quora.com/Which-is-the-most-stable-operating-system

posted @ 2021-03-17 19:19  profesor  阅读(100)  评论(0编辑  收藏  举报