[deleted]
Do you recommend for security on desktop Windows 11 or Fedora Linux? If so can you ELI5 the reasoning?
I found contradicting arguments online and couldn't really form an opinion. Thank you
Desktop operating systems
I wouldn't trust windoze with a 10 foot pole. Longest history of exploits of any OS in history, and consists of closed source only produced by a HOSTILE organization.
Fedora, or any Linux; open source, so if you don't trust something, READ THE SOURCE CODE. And there are so many eyes on the code that the chances of a backdoor slipping through undetected is very small. Not unheard of, but very small, and WILL eventually be found and disclosed PUBLICLY.
[deleted]
[deleted]
Use whatever works for you. Why do you ask other people what is suitable for you?
https://discuss.grapheneos.org/d/2215-what-is-your-desktop-os
Back in 2015, Edward Snowden recommended using QubesOS for a security-optimized desktop OS. Or, for more aggressive threat models, Tails. Source: https://www.tomshardware.com/news/edward-snowden-favorite-security-tools,30507.html
It should be noted DEs like this will require a significant workflow adjustment if you are comparing them to something like Windows or Fedora.
Its also worth pointing out that the fact that "Edward Snowden" is a name so many people can recognize, means that whatever HE did to keep himself secure.... FAILED MISERABLY!!!
His advice may not be the best to take.
abcZ Its also worth pointing out that the fact that "Edward Snowden" is a name so many people can recognize, means that whatever HE did to keep himself secure.... FAILED MISERABLY!!!
It appears you don't know who Edward Snowden is, otherwise you would realize this is a completely bizarre conclusion. He intentionally stepped forward as a whistleblower, to expose what he had discovered about global surveillance programs while working at the NSA. His name is well-known because he worked with major sources of journalism to bring his story to the world. He did not fail, he succeeded.
abcZ His advice may not be the best to take.
On the contrary, his advice should be well-regarded. A lot has changed in the nearly ten years since the NSA whistleblowing event, but he would still be considered by most to be an expert when it comes to data security due to his high-level role at the NSA and the projects he was directly involved with.
Personally, I think we all owe him a tremendous amount of gratitude. Do yourself a favor and read more about what he accomplished: https://en.wikipedia.org/wiki/Edward_Snowden
BluishHumility So many ways to dump out information without getting yourself caught up in it legally. He failed miserably. That's a fact.
abcZ Again, it is clear that you don't understand the significance of the data leak you are commenting on. It appears you are also not interested in learning anything about it, but just to briefly address your thoughts:
abcZ So many ways to dump out information without getting yourself caught up in it legally.
Snowden had access to a database that he built himself working at the NSA which cataloged evidence of global surveillance programs in a way that had never been done before. He was able to release information that no one else had access to. There was no possible way to release the information anonymously, because he was the guy holding the keys.
Immediately after the press started moving with his story, the government made an aggressive attempt to delegitimize the story to make it just go away or not be believed in the public eye. If the information had come from an anonymous source, they may have succeeded. The fact that Snowden put himself behind the release was in itself its own form of proof.
abcZ He failed miserably. That's a fact.
This is plainly wrong simply because you are supposing his goal was to remain anonymous and to not be identified. Since that was impossible given the nature of what he was doing, that was not the goal. Instead, his goal was to successfully expose the information he had without being arrested or assassinated. To that end, he succeeded. He had to give up his entire life, flee the country, and live in Russia as a refugee, but he was not killed or arrested.
Regardless of how people feel about Edward Snowden--whether he is a hero or traitor, et cetera--few would argue that he succeeded.
innocent question that somehow turns into a debate regarding Edward Snowden... sad
- Edited
[deleted]
Depends on whether you actually mean "security" or if you meant "privacy".
If you are not a linux user understand that moving to linux will be QUITE difficult. Enhancing the "security" and "privacy" in linux is also difficult and requires education and complicated command line tools. In windows this stuff is much easier using visual apps. But I am not a linux expert so I can't comment too much on that. I found it too difficult to move to linux and improve my privacy and security. I was not able to improve those elements beyond whatever the OS already offered.
As for security, IMO, windows 10 or 11 with Kaspersky, is quite secure. Kaspersky is the big "security" deal here. It really does a great job of preventing code running. There are also ways of preventing any new executable from running on windows as well. So it can be nicely locked down. However, forget about privacy on windows 11.
Using Windows 10 LTSC, with kaspersky, and using virtual machine instances. behind a hardware firewall router with VPN, (blocking windows and other app telemetry) you may have quite reasonable privacy and security, as well as good hardware and software availability.
Software fingerprinting is equally problematic on both windows and linux.
It really depends on your software needs and use cases, as well as what you are "able" to work with.
[deleted]
User2288 As for security, IMO, windows 10 or 11 with Kaspersky, is quite secure. Kaspersky is the big "security" deal here. It really does a great job of preventing code running.
Be aware of:
https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations_of_Russian_government_ties
https://www.pcworld.com/article/626854/kaspersky-blacklisted-as-a-risk-to-u-s-national-security.html
[deleted] I'm not an expert by any means, but what I've learned over the years is that when the propaganda channels go into overdrive demonizing something, then it means there's something to it and it's worth getting a good look at. Works the other way as well - beware of what the propaganda channels craftily plug as helpful or beneficial. Just my 2c
User2288 I don't really understand how much of Linux "enhancing" do you need. Fedora already has really good practice already, privacy and security at best. Are we talking about extreme situations when @[deleted] got his devices stolen or if he is under thread here? or just a normal user wanting to enhance privacy and security?
I feel like the poster should provide his "threat model" for the users here to better their recommendations.
Also I find weird that you found "contradicting arguments" about Windows or Fedora Linux, I thought the general knowledge is distro like Fedora and Opensuse or NixOS are 3 solid options for privacy and security. However, Windows is generally better than Linux at security, so for a hacker, it is generally easier to bypass Linux security. Of course, I put emphasis on "generally" because Linux has tons of distros. Whonix and Tails, for example, are anonymity-focused distributions, while Qubes OS is security-focused. They are undeniably the best operating systems if you want "the best" privacy and security out there, but at what cost? These distributions are usually for a very specific group of people (government agents, journalists, people targeted by hackers...)
[deleted]
[deleted] you can use windows with whonix
- Edited
Raccoon I don't really understand how much of Linux "enhancing" do you need. Fedora already has really good practice already, privacy and security at best. Are we talking about extreme situations when @Caprinski got his devices stolen or if he is under thread here? or just a normal user wanting to enhance privacy and security?
I feel like the poster should provide his "threat model" for the users here to better their recommendations.
My intention was to keep this short and vague as I don't know the OP's threat model either, so. Vague question, vague general answer.
I only speak from my experience. I'm a SW development student, I am an advanced windows user and novice linux user.
- On linux I tried to find application firewalls that would help me limit certain programs. I couldn't find a single one that wasn't command line. This was not acceptable to me. In windows there are very good UI based firewall apps (free and paid) that are excellent.
- I didn't know how to detect potentially unwanted processes running. In windows there is "Process Hacker" and "Process Explorer", both free and very good. In linux there is a few command line ones without a clickable interface. So to use them you have to know all their commands and I don't even know what capabilities they have. If there is a good app in linux I wasn't able to find one.
- Most VPN clients from VPN providers are command line. Not acceptable to me, as I want to switch servers often and quickly, and I'm not able to memorize commands for every app and don't wanna hold up a user manual everytime. So something as simple as that was a hassle in linux.
- Getting a good UI based network traffic monitor that monitors whole system and single apps in linux was a fail for me. In windows, done deal.
- In windows I use "recourse monitor" to see "disk" activity to see which exe is reading disk data, how much, and which files. Couldn't find an equivalent in linux.
Perhaps If I was an advanced linux user this wouldn't be the issue. But that is the point. A non advanced user can get a hold of a few good apps in windows and utilize them without expert skills. In linux you can't.
Those mentioned items are a few ways I'm able to keep an eye on my system in windows to see if anything wonky is going on. In linux I felt it was just a blind hail merry.
Again... "my" experience. So!
I feel my experience is probably a good sample of what new non-advanced linux users will experience. As you see I'm no amateur, but couldn't find my way around linux efficiently enough. Not even with guides and online reading, which I did PLENTY of.
Again, I don't want to dissuade anyone from linux or anything. But since you asked, this is how I wasn't able to "enhance" my security or privacy. I couldn't "see" as much on linux and couldn't get good apps do do it for me.
User2288 If there is a good app in linux I wasn't able to find one.
Maybe Procexp or Stacer? Not sure whether they will do exactly what you want.
User2288 My experience is generally the opposite. I often find the GUI version of apps frustrating, as the functionality is often hidden away or missing. GUI apps, in addition to being generally clumsy and featureless, are typically more bloated and buggy as well. Conversely, with the command line apps can be easily explored and interacted with. It's easier to figure out what a program is doing and what it can do. Tip: most programs will take a man or --help argument if you get stumped.
I have to use Windows at work and I hate it. It's really bloated and unstable. It's easy enough to use, until you need to access a function that has been obfuscated away behind the GUI. It's like trying to sew with oven mitts on. And then when you try to look something up, the forums are all garbage and the help sites are just ad mines!