- Sep 10, 2015
- 901
Let's be honest, Ubuntu desktop it's by far the most secure noob-friendly Linux distro , by default Ubuntu enables AppArmor and enforces its usage on sandboxed Snap applications downloaded from the Ubuntu (Snapcraft) store.
The Linux community has seen with bad eyes the movement of Canonical to replace the traditional deb packages with Snaps, ranting about slowness due to universal dependencies and increased disk usage but they don't realize how vulnerable the current binary system is, on a Linux system there's basically no sandbox beyond whatever an app decides to implement by its own like Chrome or Firefox. I think that explains why many of them have an elitist aptitude trying to keep Linux a non-mainstream thing because otherwise their systems will be as vulnerable as Windows to 0day exploits.
The short-term solution for this problem are the use of containerized application platforms like Snap and Flatpak but a better long term alternative is the use of immutable OSTree (a versioning control system like Git but for operating systems) based distributions like Fedora Silverblue, OpenSUSE MicroOS or Endless OS
Being Endless OS the most popular and pre-installed immutable system out there that most people using it don't even know this fact.
An immutable system means that the OS image deployed it's the same on all installations, applications can only be installed from those containerized stores (Flatpak in the case of Silverblue) making it less prone to bugs or malware attacks. There's still a very long way to come but this is definitively the future Linux should seek.
PD: Anyways, I prefer the lightness of Arch Linux until Linux becomes mainstream
Where eagles snap – snap security overview | Snapcraft
Quite often, security and functionality are two opposing forces. Vendors are trapped in a zero-sum game between providing their users as much freedom in the software they use and limiting said freedom to create tightly controlled and secure products. But this does not have be the case. For the...
snapcraft.io
The Linux community has seen with bad eyes the movement of Canonical to replace the traditional deb packages with Snaps, ranting about slowness due to universal dependencies and increased disk usage but they don't realize how vulnerable the current binary system is, on a Linux system there's basically no sandbox beyond whatever an app decides to implement by its own like Chrome or Firefox. I think that explains why many of them have an elitist aptitude trying to keep Linux a non-mainstream thing because otherwise their systems will be as vulnerable as Windows to 0day exploits.
The short-term solution for this problem are the use of containerized application platforms like Snap and Flatpak but a better long term alternative is the use of immutable OSTree (a versioning control system like Git but for operating systems) based distributions like Fedora Silverblue, OpenSUSE MicroOS or Endless OS
Being Endless OS the most popular and pre-installed immutable system out there that most people using it don't even know this fact.
An immutable system means that the OS image deployed it's the same on all installations, applications can only be installed from those containerized stores (Flatpak in the case of Silverblue) making it less prone to bugs or malware attacks. There's still a very long way to come but this is definitively the future Linux should seek.
PD: Anyways, I prefer the lightness of Arch Linux until Linux becomes mainstream