Most Secure OS

[LinusSecurityTips]

4 minutes ago, Dat Guy said:

You are the one who ignores "these holy paragraphs".

 

Xen virtualizes (and isolates) the userland. Just like the Java VM does on Android.

Still running Linux.

Can you quote where she says that Xen is not a microkernel?

[Dat Guy]

1 minute ago, LinusSecurityTips said:

My error, wanted to mention the qubes-builder that compiles and creates the Qubes ISO

https://github.com/QubesOS/qubes-builder

 

Look, it builds the Linux kernel:

https://github.com/QubesOS/qubes-builder/blob/master/Makefile

 

Still not thinking Qubes OS runs on top of the Linux kernel?

How stubborn can you be?

[Dat Guy]

1 minute ago, LinusSecurityTips said:

Can you quote where she says that Xen is not a microkernel?

 

From your holy quote: "Xen is a hypervisor".

 

Can you quote where she says that Xen is a kernel?

[LinusSecurityTips]

1 minute ago, Dat Guy said:

 

Look, it builds the Linux kernel:

https://github.com/QubesOS/qubes-builder/blob/master/Makefile

 

Still not thinking Qubes OS runs on top of the Linux kernel?

How stubborn can you be?

Where did I suggest that dom0 (which is not what Qubes' VMs are based on) was not based on Linux?

[LinusSecurityTips]

12 minutes ago, Dat Guy said:

 

From your holy quote: "Xen is a hypervisor".

 

Can you quote where she says that Xen is a kernel?

Yes, she makes the distinction between "monolithic kernels" such as Linux and then goes on to say that Xen is only a few hundred thousands of lines of code and doesn't have many APIs (hence microkernel, if you don't what that means: "microkernel (also known as μ-kernel) is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, thread management, and inter-process communication (IPC)."). And so yes the Xen hypervisor can be called a microkernel.

[Dat Guy]

The difference between Qubes OS and any other Linux distribution is that Qubes runs its applications on virtual machines inside a Xen environment which runs on the Linux kernel, not directly on the kernel. That's what she meant and what she said. 

She never said Xen does not run on top of the Linux kernel in Qubes OS. Nor does the source code by the way. 

 

I guess I'm not the one to learn what a kernel is and what a hypervisor is. But I reluctantly admit that I'm actually annoyed by your stubbornness. 

 

So Qubes OS is totally not based on Linux and it's so much more secure than any other OS. Are you happy? Great. 

 

End of the thread for me. 

[LinusSecurityTips]

16 minutes ago, Dat Guy said:

The difference between Qubes OS and any other Linux distribution is that Qubes runs its applications on virtual machines inside a Xen environment which runs on the Linux kernel, not directly on the kernel. That's what she meant and what she said. 

She never said Xen does not run on top of the Linux kernel in Qubes OS. Nor does the source code by the way. 

 

Here's what the FAQ says:

 

> If you really want to call it a distribution, then it’s more of a “Xen distribution” than a Linux one. But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure.

 

Xen is not like VirtualBox (which runs on a kernel, it's called a type II hypervisor), Xen is a bare metal type 1 hypervisor, again from the link I mentioned earlier by Qubes founder:

 

> First, products such as VMWare Workstation or Fusion, or Virtual Box, are all examples of type II hypervisors (sometimes called “hosted VMMs”), which means that they run inside a normal OS, such as Windows, as ordinary processes and/or kernel modules. This means that they use the OS-provided services for all sorts of things, from networking, USB stacks, to graphics output and keyboard and mouse input, which in turn implies they can be only as secure as the hosting OS is. If the hosting OS got compromised, perhaps via a bug in its DHCP client, or USB driver, then it is a game over, also for all your VMs.

Xen is absolutely not like those, but I do understand from where your misunderstanding came from (maybe treating Xen as a similar VirtualBox?).

 

Quote

So Qubes OS is totally not based on Linux

It's based on Xen (but it uses Linux (fedora) in dom0).

Quote

and it's so much more secure than any other OS.

 

[imreloadin]

Jeez get a room you two...

[LinusSecurityTips]

26 minutes ago, imreloadin said:

Jeez get a room you two...

 

[Droidbot]

From this, it's like Dat Guy assumes that it's based on Fedora, when it's KDE running atop Xen's little kernel like thing

I assumed it was wholly Linux based at first but nope, it isn't lmfao

[LinusSecurityTips]

2 minutes ago, Droidbot said:

From this, it's like Dat Guy assumes that it's based on Fedora, when it's KDE running atop Xen's little kernel like thing

It's no longer KDE, they're using xfce now (in Qubes 3.2). That could change maybe in Qubes 4.x though.

[Droidbot]

Just now, LinusSecurityTips said:

It's no longer KDE, they're using xfce now (in Qubes 3.2). That could change maybe in Qubes 4.x though.

Even lighter this time. I like xfce. 

[kirashi]

On 4/19/2017 at 4:05 AM, LinusSecurityTips said:

Hey all!

 

What do you think is the most secure OS? --SNIP--

Such a thing does not exist - unless you can guarantee 100% security by design, the most secure OS is the one where the user knows how to handle the eventual security breaches that can and will happen.

[LinusSecurityTips]

1 hour ago, kirashi said:

Such a thing does not exist - unless you can guarantee 100% security by design, the most secure OS is the one where the user knows how to handle the eventual security breaches that can and will happen.

Lol I asked "what do you think is the *most* secure OS?" and not "what do you think is *THE* secure OS?"

[Jito463]

[Searbug]

Windows 10 imo, none of this silliness just Microsoft securing it for you without any work from you 

[LinusSecurityTips]

1 hour ago, Searbug said:

Windows 10 imo, none of this silliness just Microsoft securing it for you without any work from you 

Windows 10 is not the *most* secure OS, a simple virus would take over your whole system (unlike Qubes). Ignoring the fact that Windows 10 has by default a rootkit that logs all of your keystrokes and sends them to Microsoft, great security huh?

[Searbug]

Yeah but they do that to protect you, anyway, why would they track you if they want to help u

[LinusSecurityTips]

1 hour ago, Searbug said:

Yeah but they do that to protect you, anyway, why would they track you if they want to help u

How is logging every keystroke you type and then sending it back to Microsoft going "to protect you"?

[slicknux]

Qubes OS takes a nice approach and should be good enough (and better than most) because yeah, even if exploits will always exist, how many elite hackers are interested in you? It will keep you safe through the usual jungle of the Internet, script kiddies, bot scans and the occasional neighbor wannabe h4x0r.

 

I often see these two sides of extremism:

"Everything can be hacked so why bother" and "No man, this is rock solid security, I iz untouchablez!"

 

The truth, as almost always, is in the middle. You WILL be cracked by the NSA if they're after you, Windoze, Mac, Linux, Qubes, whatever. Some things will be easier for them or harder but not by much. The only exception here is if the owner is extremely knowledgeable and skilled and spends a valuable amount of time designing and securing his system in a non-standard way. He usually has to be experienced in attacking other systems as that is the only way he understands what can hit him and how he can defend against it. Who else will know that his WIFI chipset is easily exploitable no matter what OS is running? Who else will know that he can only defend against it if he edits some obscure part of the binary firmware or maybe even tinker with the electronics? Sounds like easy stuff? Explain this: https://googleprojectzero.blogspot.ro/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html 

 

The thing is we are not protecting ourselves from the three letter agencies. We are protecting ourselves against malware, shady sites, old exploits, bot scans, amateur hackers and all kinds of light threats. So a few light measures go a long way. They make the difference between a clean and pretty immune computer and "Sh!t I clicked this link and now my computer is sending spam mails".

 

There is that old saying that security is made out of layers. It sounds old and shallow but it is just spot on. I see it on servers all the time. If you have enough layers of security, most guys, after they break one layer, if they hit another one that is just way too hard to penetrate they give up because it is just not worth it. There are other millions of potentially easy targets.

 

But maybe you spent 20 hours securing your server. Well, if some guy is 100x better than you and has a strong motivation, he will (most probably) get in.

 

Fortunately, contrary to popular belief, desktops are usually much more secure than servers because they have less attack surface as they call it. You don't have 20 ports open that each respond to commands in a way that might get exploited.

 

SELinux, grsecurity go a long way, among other things. It's just beautiful to watch how exploits no longer work when they're configured well. It's also beautiful to watch how you also cannot do some basic operations anymore because they violate one of the imposed limitations. Actually, no, it isn't but that is the price you pay for paranoid security, time, testing and debugging

 

Qubes may be among the best at this time but you also have to understand that it's a standardized piece of software. Bad guys can look at it, study it and they can then attack you knowing you will have the same setup. They have the blueprints to your place. If you make your own weird setup (and also well thought, of course) they might have a hard time even with the first step: figuring out your setup and where the locked doors are.

 

I am not saying it's not good, by any means. Like I said, against common threats or somewhat skilled adversaries... winner! One girl working on it also has a very interesting blog and she really knows her stuff. Unfortunately it's so much harder to defend rather than attack...

[LinusSecurityTips]

@slicknux Yup, there is simply no such thing as THE secure OS. But if we were to compare different OS, Qubes would be on top of that list.

[schutt_joe]

It is called an "attack surface"

•    Windows
  • xp
  • vista
  • 7
  • 8
  • 8.1
  • 10
• Linux
  • Debian
    • Ubuntu
      • Linux Mint
  • Red Hat
    • Fedora
    • Scientific Linux
    • Cent os
• BSD
  • FreeBSD
  • DragonFlyBSD
• Plan9
  • 9atom
  • 9front
    • JehanneOS

In computer security one of your primary goals is to minimize your attack surface.

This means that you take into account things like how many people target your system. Yes this can technically be security by obscurity and I agree that it is ineffective to someone who is actively targeting you. When someone is just looking for an easy target, that person is less likely to be you.

This can also mean slower updates and patches.

In other words this would mean you should forget running windows as it is the most targeted platform on the planet. BSD, Plan9 and Linux distros with very small/limited active development, should also be avoided.

 

Now that you have limited your Operating System scope, you can start to look at what applications you are going to be running. Obviously if you can not avoid Windows due to application constraints than you need to start there but this rarely the case as even games are being ported to Linux now days.

 

Outside of your OS, Most of your security starts with what is in-between your internet connection and your computer it self.

Using deep packet inspection, Intrusion detection and a properly tuned firewall you can address 90% of your potential security threats under any platform/OS.

 

100% Security is impossible, The only thing you can do is take measures to minimize your likelihood of being picked by a would be attacker. "Know thy Enemy" 

[domandric034]

Solaris from my experience

[Wild Penquin]

On 19.4.2017 at 2:19 PM, Droidbot said:

Still obscurity, no application expects to be run in a virtual machine besides malware

And VM escapes are definitely possible, so it's not secure

 

Running Linux for the sake of security is still security through obscurity - you're running an obscure operating system for the point that you don't have to reinstall every 3 months like paranoid Windows users.

You are mixing "security trough obscurity" and "security trough minority". https://en.wikipedia.org/wiki/Security_through_obscurity

 

Qubes OSs virtualization is neither. It has a real attempted solution for a real problem (I want some software to communicate, but not all software -> a possible solution: VMs). It is a well documented system, down to it's intention, goals and implementation.

 

Running Linux (or any other minority OS) can be partially seen as a "security trough minority" -case, but only in the case if the user assumes more security since there are little Viruses and Malware (etc.) written for the OS, and possibly netiher will be in the (near) future.

[Alir]

On 4/19/2017 at 12:36 PM, huilun02 said:

Any OS not hooked up to any network is 100% safe

Like, no hardware capability for wired or wireless transmission

 

https://arxiv.org/ftp/arxiv/papers/1608/1608.03431.pdf

 

Breaching the security of an air gapped machine is still not impossible. Though it is still more secure than a machine connected to a network. Xen security by isolation is ensured by minimising the trusted code base to its absolute necessities.

 

It is true, security is not 100% guaranteed. It never is. That's why it's called a "reasonably secure OS". It takes reasonable methods to ensure security. The Windows OS in comparison is preposterously pathetic and cannot in any way be said to be secure or private.