What is more secure: Securblue or MacOS?

goskm75f

Title.

argante

goskm75f The security level is quite comparable. In general, MacOS is more secure than Linux. Applications are well isolated, which is still not well developed in Linux. Secureblue improves many things vs typical Linux distributions. Similarly, iOS is (?)a bit more secure(?) than GOS, but GOS is more secure than iOS in terms of unlocking capabilities. I would definitely choose Secureblue and GOS vs MacOS and iOS. Of course, it is important to remember that security is not privacy, because many people think that MacOS/iOS is not secure because it does not provide privacy. And a key note: security very much depends on the user - if he does stupid things, it does not matter how secure the OS gets.

rabcor

I don't know what Securblue is, but I know what MacOS is. And MacOS isn't particularly secure at all in any of the several things that word refers to. Apple is about as aggressive about spying on it's users as google (remember the cloud leaks? bad security, bad privacy), and Apple's stance on malware has always been to bury their heads in the sand and pretend their operating systems are invulnerable to it, while selling people on the lie that their operating systems are invulnerable to malware.

So I don't know what Securblue is, but I am sure it's more secure than MacOS, even Windows might be more secure than MacOS.

dhhdjbd

argante i think you mean the ios kernel

GrapheneOS GrapheneOS is easily the most private and secure general purpose smartphone OS. The competition is iOS, none of these products. It's certainly more secure than everything you've listed here. iOS and AOSP are far more secure than any traditional desktop operating systems. We would simply say GrapheneOS is more secure than iOS in lockdown mode when looking at the whole picture despite iOS having a more secure base for the kernel for now. iOS has a lot of merits, but these things don't.

argante

dhhdjbd i think you mean the ios kernel

I mean MacOS and iOS. Apple has its own processor, security chip, hardware, compiler, languages, operating system and browser. They can much more easily implement security solutions like MTE, application isolation, etc. Meanwhile, in Linux distros, you usually have a kernel, collection of software plus hundreds of patches and it all somehow sticks together.

Bimmy

One one hand, I somewhat like comparisons like that and occasionally ask myself similar questions. On the other hand, I find answering really challenging since I see security not as a 1-dimensional good-bad axis but having several dimensions, branching out into sub-levels.

What makes it even more challenging: What can be a show stopper for one person may be completely unimportant for another. For instance, a relatively weak (HW) physical security of a common desktop linux device might be accepted by s.o. who only fears malicious downloads and/or has their devices locked up in a high security bunker.

Anyway, if s.o. has more deeper insight and wants to provide their evaluation of some aspects of these OS, I'd definitely be interested.

argante

Bimmy GOS is created exclusively for Pixel phones. This maximizes the benefits of the hardware (MTE, Titan M). Apple is also in such a good position because it designs both the hardware and the operating system that is to run on it. A typical Linux distribution is created to run on the widest possible hardware configuration, which often forces compromises and suboptimal solutions (also in the context of security).

Bimmy

argante

Yes. I wish there was a laptop/desktop with comparable security hardware ready to run and provide the respective interfaces for a security-focused linux distribution -- maybe even a desktop-ready android (most preferably GOS).

I remember having heard some rumours about a google project for desktop/laptop with android. But I have no idea how real that is, and whether that is a realistic perspective in the foreseeable future.