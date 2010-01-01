Hacker News new | comments | show | ask | jobs | submit login
Is the Linux Desktop less secure than Windows 10? [pdf] (fosdem.org)
I mean, the answer is unequivocally, without the slightest doubt, yes. The Linux Desktop is probably a good 5-10yrs behind Windows 10 in terms of defense-in-depth mitigations as well as exploits in common targets like file parsers etc etc.

https://www.blackhat.com/docs/us-16/materials/us-16-Weston-W... is a good reference for all the stuff that Desktop Linux in 2017 is for the most part, missing

The thing with the Linux Desktop is that you can selectively enable SELinux, use PaX etc. and have security comparable to, if not better, than Windows 10, plus the fact that Linux is a much more varied attack surface still applies.

Or you can do nothing, in which case you're probably less secure.

Sure, extremely motivated individuals or governments might do that. But I'd still rate a distribution by it's default security settings. Being secure by default is important if you are shipping to thousands of users.

Where's a good place to get a general guide on every day desktop use of SELinux, PaX, etc?

Speaker here.

As the slides may not tell the whole story (there should be a video soon), I covered this mostly also for LWN recently:

https://lwn.net/Articles/708196/

I believe in sandboxing, I hope it gets better and easier to use.

I work on several C programs. I wish for the day when we have an easy to use, cross platform method of setting up a small set of open files at the start of a program, then be able to say "No more file access, no more network connections".

I know this hides a whole bunch of complication, which is why it's hard and why there are so many ways to do it -- I view it the same way as the move to distinct virtual memory spaces for each process. Once we have it we'll wonder why we ever allowed every program free access to the whole file system for it's entire life-span by default.

  > say "No more file access, no more network connections".
Looks like you're advocating OpenBSD's pledge(2). http://man.openbsd.org/OpenBSD-current/man2/pledge.2

That is one thing I've looked at, and it looks great.

Hopefully someone (and it won't be me :) ) will write a library which looks like pledge but wraps all the various things in different OSses (I hear words like seccomp on linux)

Feeling mighty smug about my preference for tiling window managers and minimal distro choices.

But I shouldn't, they found bugs in software I use daily (ffmpeg for example), it would be relatively trivial to make me execute something with it, since my brain is trained to 'exes as threats' not mp3s.

Selinux / apparmor / grsec-rbac can do wonders here. Your MP3s should not execute new code and your system can enforce it.

Important bit is on the later slides: Issues on most codecs/parsers can be prevented by sandboxing. An exploding parser should never affect other processes, files, etc.

Seccomp (bpf version) is only available since 2012 really, but I hope more apps will start picking it up. It's pretty simple it should become a shameful thing not to use it in new apps.

of course not

https://threatpost.com/microsoft-waits-for-patch-tuesday-to-...

They just don't have the money. They're behind because it never got the inertia of accumulated capital infrastructure, and it's finally starting to show. I bailed out to OS X late last christmas.

