Q&A The future of security on Linux

geminis3

Level 18
Verified
Sep 10, 2015
859
Let's be honest, Ubuntu desktop it's by far the most secure noob-friendly Linux distro , by default Ubuntu enables AppArmor and enforces its usage on sandboxed Snap applications downloaded from the Ubuntu (Snapcraft) store.

1608216934899.png



The Linux community has seen with bad eyes the movement of Canonical to replace the traditional deb packages with Snaps, ranting about slowness due to universal dependencies and increased disk usage but they don't realize how vulnerable the current binary system is, on a Linux system there's basically no sandbox beyond whatever an app decides to implement by its own like Chrome or Firefox. I think that explains why many of them have an elitist aptitude trying to keep Linux a non-mainstream thing because otherwise their systems will be as vulnerable as Windows to 0day exploits.

The short-term solution for this problem are the use of containerized application platforms like Snap and Flatpak but a better long term alternative is the use of immutable OSTree (a versioning control system like Git but for operating systems) based distributions like Fedora Silverblue, OpenSUSE MicroOS or Endless OS

Being Endless OS the most popular and pre-installed immutable system out there that most people using it don't even know this fact.

1608216820801.png


An immutable system means that the OS image deployed it's the same on all installations, applications can only be installed from those containerized stores (Flatpak in the case of Silverblue) making it less prone to bugs or malware attacks. There's still a very long way to come but this is definitively the future Linux should seek.

PD: Anyways, I prefer the lightness of Arch Linux until Linux becomes mainstream

1608216976783.jpeg
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
@geminis3

I will give Endless OS a try in the future thanks for the informative post

/L

Edit, I read that Micro OS also provides rolling releases ( I am a fan of Manjaro because of its rolling releases).

Google just replaces search queries for MicroOS with MicroSoft assuming I mis-spelled the OS :-(

Does Micro OS has a central repository /package manager where I can install download user programs/snaps?
 
Last edited:

jackuars

Level 26
Verified
Jul 2, 2014
1,599
@geminis3

I will give Endless OS a try in the future thanks for the informative post

/L

Edit, I read that Micro OS also provides rolling releases ( I am a fan of Manjaro because of its rolling releases).

Google just replaces search queries for MicroOS with MicroSoft assuming I mis-spelled the OS :-(

Does Micro OS has a central repository /package manager where I can install download user programs/snaps?
Endless OS seems relatively unknown. I might give it a try some day.

It's funny that Linux bashing never seems to end when people give up after a day of using it. To be honest it's not easy to convince people to move away from something that they have been accustomed or comfortable using.

I remember the day that I started using Windows. There was a steep learning curve definitely and you are being "taught" about it at school, as time went on it felt easy and natural because it's been more than 2 decades of computing on Windows.

I would not use a Mac or an iPhone because I don't feel at home and feels really different from what I have been used to. I'm not interested in the learning curve either. Also it goes for Elementary OS Linux, the closest and the most beautiful resemblance to MacOS
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,072
Snap and Flatpak apps often need to be granted extra access to the system in order to work properly, so I am not sure how much they really contribute to security.
In any case, security is not a burning issue for home users of Linux, thanks to the relative obscurity of Linux, a fact which is not expected to change any time soon. That is good news for the elitists who have survived the Linux learning curve. Yeah, many of us would like to see Linux compatibility for Microsoft Office, Adobe products, and other heavy hitters, but Linux users are unlikely to shell out the money needed to purchase these products, so it won't happen, and Linux will remain niche.
 

mazskolnieces

Level 3
Jul 25, 2020
116
Let's be honest, Ubuntu desktop it's by far the most secure noob-friendly Linux distro , by default Ubuntu enables AppArmor and enforces its usage on sandboxed Snap applications downloaded from the Ubuntu (Snapcraft) store.

View attachment 251334


The Linux community has seen with bad eyes the movement of Canonical to replace the traditional deb packages with Snaps, ranting about slowness due to universal dependencies and increased disk usage but they don't realize how vulnerable the current binary system is, on a Linux system there's basically no sandbox beyond whatever an app decides to implement by its own like Chrome or Firefox. I think that explains why many of them have an elitist aptitude trying to keep Linux a non-mainstream thing because otherwise their systems will be as vulnerable as Windows to 0day exploits.

The short-term solution for this problem are the use of containerized application platforms like Snap and Flatpak but a better long term alternative is the use of immutable OSTree (a versioning control system like Git but for operating systems) based distributions like Fedora Silverblue, OpenSUSE MicroOS or Endless OS

Being Endless OS the most popular and pre-installed immutable system out there that most people using it don't even know this fact.

View attachment 251333

An immutable system means that the OS image deployed it's the same on all installations, applications can only be installed from those containerized stores (Flatpak in the case of Silverblue) making it less prone to bugs or malware attacks. There's still a very long way to come but this is definitively the future Linux should seek.

PD: Anyways, I prefer the lightness of Arch Linux until Linux becomes mainstream

View attachment 251335
The problem with Snap and Flatpak are that the program developer is responsible for ensuring they've implemented proper security. If you trust developers to do that - even in the Linux world - then that is foolish as those that program for Linux are no more security saavy than Windows program devs.

As Linux grows in popularity, repos will increasingly be attacked. And then malcoders know they don't have to even exert much effort. They know people are stupidly download happy. So it is just a matter of time.

Right now Linux attackers want high value targets with huge return on investment such as servers, routers and industrial controllers.

If you want to really secure Linux, then you've got to use Selinux.
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
576
Ubuntu, even though a popular distribution, is still a niche product when compared to windows or Mac OS. Hence there won't be any targeted attacks which would cause huge losses or Mayhem. But on the other side anything that targets linux kernel would be huge and will wreck havoc. IMHO it would be more prudent to make the kernel more secure rather than think about the type of package distribution.
 

geminis3

Level 18
Verified
Sep 10, 2015
859
IMHO it would be more prudent to make the kernel more secure rather than think about the type of package distribution.
I think the kernel has already reached a mature state hence the focus on the userspace security which has been pretty much abandoned because the Linux desktop is still and will be a niche thing for the next years.
 

SomeRandomCat

Level 3
Dec 23, 2020
124
Recently installed Qubes only to learn it doesn't support USB tethering. Ordered a USB to ETH adapter though, so when that arrives I'm gonna try to learn it. Have any of you tried it?
 
  • Like
Reactions: Protomartyr

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,072
Recently installed Qubes only to learn it doesn't support USB tethering. Ordered a USB to ETH adapter though, so when that arrives I'm gonna try to learn it. Have any of you tried it?
You need a very strong computer because it is like running many operating systems at the same time. So I once heard from ex-member Umbra, who said he needs to get a new computer if he wants to run Qubes properly.

In my opinion, Qubes is over the top.
 

mazskolnieces

Level 3
Jul 25, 2020
116
You need a very strong computer because it is like running many operating systems at the same time. So I once heard from ex-member Umbra, who said he needs to get a new computer if he wants to run Qubes properly.

In my opinion, Qubes is over the top.
Qubes has probably surpassed Gentoo as the top of the heap of "manual tweaking required." For those that are into the whole manual manual whatever-may-come Linux experience.

Qubes definitely needs superior hardware. Then there is the issue of driver support - which since the original developer left who knows what the current state of Qubes actually is.
 

Mariihh

Level 3
Mar 30, 2018
145
It is "safe" because almost nobody uses it, obviously hackers go after the most used product (Microsoft)
Opera Instantâneo_2021-01-24_154559_netmarketshare.com.png
 

SecureKongo

Level 21
Verified
Feb 25, 2017
1,086
It is "safe" because almost nobody uses it, obviously hackers go after the most used product (Microsoft)View attachment 253292
Linux is safer than Windows because the user is more restricted in what he can do on the system and malware can theoratically only access local files etc. (Same with iOS compared to Android.) The system itself remains safe. Of course its true that Linux has less users so cybercriminals will probably focus more on Windows, but the infrastructure is defenitly more secure than Windows and even open source.
 
Last edited:

mazskolnieces

Level 3
Jul 25, 2020
116
Linux is safer because the user is more restricted and malware can theoratically only access local files etc. The system itself remains safe. Of cours its true that Linux has less users so cybercriminals will probably focus more on windows, but the infrastructure is defenitly more secure than windows and even open source.
Except for those pesky malcoders that hack Linux software on repos and essentially make embedded Linux malware. Those go FUD for years.

Clickity-clackity free-will downloaders are just as unsafe and at high risk on Linux as they are on Windows. Significant numbers of Linux infections in areas of the world where Linux is very popular because it is zero cost and the typical user is indiscriminate download-happy - such as India.
 
Top