this post was submitted on 22 Jun 2024
319 points (96.8% liked)
Linux
48323 readers
669 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, but also... It's true. Browsers are the number one way folks get viruses.
Which is hilarious because desktop apps have always had the capability to spy on all other apps and steal all your data.
Actually, Windows has implemented quite a few tricks to make this very difficult without setting off antivirus engines at least. X11's security model is absolute trash compared to Windows Vista and above. Linux is getting safer with Wayland, but Linux on the desktop hasn't had the XP SP1 security humiliation that Windows had so almost all of it is opt-in.
Solving the issues Windows has already solved with things like integrity levels will break compatibility with many applications (it also did on Windows, which is why Vista made you run everything as admin) but simply enabling the Flatpak sandbox can solve many problems already.
I wonder if there's a desktop distro out there that enforces sandboxed applications by default. It would make running Linux a lot less risky.
That's funny because we have been shipping a commercial Windows app since XP that is keylogger-based using SetWindowsHookEx, and it has only tripped users' antivirus maybe 1 or 2 times in 20 years.
EasyOS is the first distro I've seen that at least runs every app as its own user by default, similar to Android.
On bad operating systems like Linux, yes. ;)
You're thinking of operating systems that give unrestricted access to all parts of a computer that aren't memory or the camera. That would everything^1^, actually.
^1^ There's also Linux with properly-configured SELinux, but good luck with that on a distro that isn't focused on opsec.
Fedora has pretty good SELinux configured out of the box, and isn't focused on opsec. It's just sane defaults and proper limitations to access. It also switched to Walyand-by-default this release, completely removing X11 from the default packages, which mitigates many of the "app spying on other app" scenarios that a previous user in the thread was talking about. That's not to say that Fedora is the pinnacle of Linux security or anything, but it comes with pretty good defaults for the average user. You'd have to get into kernel hardening and deep into SELinux to do better as an end user, which is not something that most users are inclined to spend time or energy on.
So in other words, I'm thinking of Linux
If you're willing to admit that you're denigrating an operating system for having the same flaws as the one you prefer and are being a massive hypocrite in doing so, sure.
You've lost me on this one. No idea what you mean. But either way, I think you should take my comment just a bit less seriously.
It's not specific to browsers, but to every flatpak that is verified and has the potentially unsafe warning.
"Verified" doesn't mean too much to privacy advocates. There have been incidents. I indeed want to check what my app is going to access before installing it.
I think it's okay to check what the app is going to access in your system. I'm just talking about the warning design, this comment suggests a different approach for a less alarming design.
Ah, very good point! If we all had the dedication for UX like you do, Linux would be so so so perfect.