What is it about the OS specifically that makes it insecure?

Strictly speaking what is it that is insecure or a violation or privacy concerning the Linux Operating System vs say Windows 10?

Please explain this without reference to browsers or software. I'm pretty sure firefox and the other browsers are equally insecure pieces of shit no matter what operating system you're using. Likewise for skype, IRC, discords, and random other insecure shit we use.

Does it matter if we use Tor on Windows 10 vs Tor on Tails OS?

Attached: 035be3301e72b75ae86c913b5438a7f6.jpg (678x960, 94.25K)

Other urls found in this thread:

youtube.com/watch?v=-iqwOsPo1ys
cl.cam.ac.uk/research/security/ctsrd/cheri/
marc.info/?l=openbsd-misc&m=141711181414017&w=2

One we have repeated proof is spyware shit, the other is just probably spyware shit.

They key point to understanding both of those is verification.

It's actually impossible to assess how secure Windows is, because it a closed sourced system. It could very well be patched to be more secure than Linux, but we cannot verify that as easily.

Privacy is an orthogonal matter to security. Again, what data does Microsoft send back? It's hard to audit a black box communicating data over a secure channel.

Microsoft spies on it‘s users, forces updates without user consent, has ‘’telemetry’’ enabled by default and is closed source proprietary software with full access to your hardware and network.
With GNU/Linux at least there is hope.

Linux actually has a LOT of security-enhancing features like process limits, capabilities, namespaces and more. The problem is code monkeys making "portable" programs that have to work on 5 irrelevant platforms with the same source code and thus cannot take advantage of Linux-specific features.

MS has partnered with various state level agencies for decades. The technical details are irrelevant. Also they purposely include or don’t fix vulnerabilities so agencies can use them.

It’s a political issue. Now MS is basically owned by Indian and Chinese agents, so we have to worry about them too.

Linux is a kernel, not an OS.

Which is why I use BSD+Linux.

you seem GNU around here

you seem GNU around here

well since windows was the big guy for a long time u have a lot of people hacking the OS and people get shit on.
about 80% of machines running windows connected to the net have botnet.
at one point the linux kernel only had 200k downlaods. thats not that many. I would say maybe a million to 10 million people run linux, but thats probably way too low.
now theres a lot of different distros that are compiled different and plus its open source so what is the point of hacking it.
also, you are probably just really new, you dont understand what it means to own a machine.

ur mom

Windoze actually has a lot of security mitigations (search up the Theo Raadt talk - I'm not a Micro$hit apologist). Some of its main issues are:
A.) It's spyware.
B.) No package manager, and it lacks basic tools like cat and grep.
C.) It's buggy and unintuitive.
D.) It only gets worse and worse with every release.

if you did the math (2 billion PCs, ~1% of them run Linux) then that's 20 million Linux machines which is pretty abysmal when you also account for the fact the majority of them are non-client PCs

The kernel runs applications, therefore it is the OS. GNU is user space utilities running on top of the kernel, not an OS.

and you can't operate your system without the userspace.

Says you, RMS worshipper. Anyone and anything can use the Linux system calls and operate the system directly. Nothing stops people from implementing their own custom user space.

But you don't call the username you made + kernel Linux. For example, Canonical puts together a userspace and then calls the OS Ubuntu.

Of course not. I'm not retarded like GNU is.

The kernel is an application. It is the OS kernel application. A kernel without an OS is like a joist without a house.

COINTELPRO is derailing security threads again!

OS security depends on a lot of things. I'll touch on a couple.

First, is permissions and keeping specific programs in their own areas. CPU cores can only run one set of instructions from a single program at a time. It has to switch between them rapidly when multitasking. Part of a secure OS's safety comes from keeping each program in its own area so it won't affect other programs. Another, regarding permissions, is allowing specific users and programs to only do specific things. Consider early versions of Windows that had no permissions, anyone could go on and delete all the important OS files and the OS would be hosed.

Another thing is how well the Kernel stops bad programs from behaving badly. It's the Kernel's job to make sure programs aren't reading or changing memory it's not supposed to, changing files it shouldn't, etc.

There will always be shitty, insecure software running on any OS. It's the job of the Kernel and the rest of the OS to keep the shitty software isolated so it won't fuck up the rest of the OS and the other software you're running.

Windows 10 and Android are a special case, because while they are moderately not greatly, just not horrible like how things were 10 years ago secure, the distributors of the OS add all sorts of things into the OS that violate your privacy and can obviously introduce attack vectors because of that.

OS alone is not enough tbh. Given how many bugs are in Intel chips, you'd better move to another platform and not just run Linux/BSD. Intel is like the Microsoft of hardware vendors.
Anyway to answer your question: strategy/tactics is all about gaining a small advantage here, a small opportunity there. That's how you end up winning battles. If you only do one good thing and ignore all the other opportunities, you're not gonna get very far. You have to take *every* possible advantage, and constantly re-evaluate your position and options if you want to maximize your chances. That's a lot of work, but it's the only way to win at this game. Security is really just a game where you try to stay several steps ahead of the curve. You make yourself a hard target, too much trouble to be worth the effort.
And yeah, you can get rid of Firefox too, and run instead some small text browser that doesn't even have code for handling java* and CSS.

Maybe the spying part faggot?
While Kikesoft admits to spy on you, sometimes software doesn't. You should always assume closed-source spies on you.

Many servers run Linux though, and they're much juicier targets than random faggots. One webserver you root and you can infect thousands of users.

This question is actually pretty complex and interesting. The problem when you step back from OS wars is that quantifying 'secure' is really hard. And not just for operating systems but software and hardware in general. Yes Windows 10 is spyware but that's a qualitative assessment and mostly subjective. How do we find testable metrics by which we can determine how secure software is?

The closest thing to a real answer this question will get right now is this talk by the Cyber ITL: youtube.com/watch?v=-iqwOsPo1ys They're the current iteration of L0pht Heavy Industries and they're trying to figure out how they can produce testable quantitative metrics for security beyond "how many vulnerabilities are there in this?". The tl;dw is that they can correlate behaviors that are already associated with secure software (compiling with lots of fortifications (ASLR, DEP, SafeSEH, StackGuards, Heap Protection, etc) and avoiding unsafe functions) combined with fuzzing the shit out of stuff looking for crashes (but not cataloging vulns) = quantifiable metrics. For example, in the limited data the CITL has released, Windows devs appear to be great at not using shitty unsafe functions but they don't compile with that good fortified shit.

But all that is just about generally quantifying security. You have to model the threat and trust yourself when considering whether or not to use Tor on Windows or Linux or OS X or BSD or whatever. For example, we *know* that MSFT phones home and sends telemetry data back (even when aggressively disabled). Do you trust that your Tor activities won't make it back and won't be used against you by MSFT or someone who has access to MSFT's data? Can you make similar assumptions about other operating systems you plan to use Tor with?

The Android (AOSP) would be a better and safer desktop than the current way of doing things.
The *nix desktop is insecure and application don't have any restrictions unlike on Android.
X86 is terrible for security if you want to look at something cool : cl.cam.ac.uk/research/security/ctsrd/cheri/
It will stil be years before we will see anything like that in consumer chips.

Windows 10 raises the bar for exploitation specially with the new upcoming stuff.

The CPU runs computes what the kernel and the programs do, therefore the CPU is the operating system.

You're asking for it.

That's what Snappy and Flatpak are for.

True.
Replicant or Lineage OS (If the former don't exist on your device)
There's even a good support for firewall and permissions on Android than there is on Ubuntu so if you have root access you can harden any botnet phone assuming you know what to do and can mitigate it when the kernel is shitting out and leaking botnet to Mountain View CA.
.
This is the best setup assuming you want a burner device and a burner internet modem connection (3g/4g)
You can even change IMEI. I've tried working with IMEI as blank but it sadly doesn't work with other telcomms although I think it's good to know.

Project resumed.
Marshmallow got released and most of the good phones are maintained right now (secrurity patches).

Haven't tried flatpak but will it save linux from the abortion called Xserver?

I am confirming here that blank IMEI works on very very certain telecomms.

No, that's what Wayland is for.

The Wayland devs did make a bunch of seemingly retarded design decisions, but that's because they wanted to make Wayland as secure as possible. So yes, programs now can't read other program's input or what they're drawing on the screen, but that also means that simple stuff such as taking screenshots, screen recording and global keyboard shortcuts are impossible unless you use PipeWire.

When talking about security, most of the time it's security through obscurity. "I use Linux because nobody writes viruses for it" indeed becomes true when a mass-scale attack is performed. And you hope it's "mass" scale for Windows PC users, not Debian servers. Let's say you target users of a hidden service website for normie druggies, it' a website that heavily relies on javascript and in "Security" board users exchange tips on how to disable telemetry on Windows 10. You already know what your target user base will be and find a 0-day js exploit for said Windows 10. Voila, 80% of users busted. Now compare it to a more tech-savvy hidden service website, like Zig Forums for example. Most visitors use unknown configurations of GNU/Linux, probably with application firewalls/mac or even Qubes/Virtual machines. They disable javascripts with noscript addon and probably don't click on links without sending them through archive.is proxy. Now you have a much narrower attack surface, you'd rather find a bug in noscript that lets scripts pass, own archive.is, hope that someone clicks link directly, and do an extremely targeted attack, like clickbait some archfaggot from desktop thread and try poking at his default torrent client web interface which is indeed a hard task for a board that neither has desktop threads, nether archfags posting not from Tor.

How could that be? Do Androids literally have kernels phoning home? Care to share some info and how to fix it? This is the first time I see this sort of claim and since I've never owned an Android device, I am interested in it for my future encounters.

Those numbers are counted by trackers placed in webpages. What group do you think is going to have the largest population of people blocking tracking scripts?

It really depends on your threat model

Android doesn't phone home by default, it's google play services that does.

I think he was clearly talking about some kernel features present in chinese crapphones that bypass all VPN and firewall settings. Of course Google services phone home, but they are not in kernel.

It is possible to track those who block scripts too. Through CSS and cookies.

Even without CSS and cookies tracking is possible. For example the "etag" header that every browser uses to tell when the cache needs to be updated.

Why did they do this?
This is off the top of my head in 3 minutes.

Define "security",
there's tons of insecurity in any given piece of software or hardware.
H/W
>firmware h/w backdoors with its own network stack (thanks to (((intel))) ), possibly even a baseband in the chipset/CPU (AMD and Qual/ARM is not immune to this!)

S/W
>s/w backdoors in the (((app)))
>LARPs telling you to use this and that software for OpSec but is actually CIA nigger agent (guess who?) to promote CIA'd (((OpSec))) tools

Net

External

Omni

Palemoon?

win10 makes it easier, but they try to fuck all americans the SAME way

So when are you going to demand that Android gets called renamed to Linux?

...

marc.info/?l=openbsd-misc&m=141711181414017&w=2

Depends on how you calculate security, you could say both Windows, GNU/Linux and Mac are all secure enough by default. But all the security goes into the trash can when the user manually runs malicious code, you can already do a lot of malicious stuff with just user privilege, the real problem is that we've made computers too easy to use for your average joe, windows shouldn't allow you to just casually double click an executable, the fact that it prompts you to run it as admin automatically is even more retarded, it's just way too accessible, if they at least had to, for example, open a terminal and chmod +x it, they would learn eventually, but it would at least give them the impression that what they're doing is a big deal (which it is).

Other than that, exploits which work remotely are rare, and third-party software is to blame a lot of the time.

I've never heard of that operating system, does it have something to do with the Linux kernel?

Fuckin propellar-head newfags

Do you know what bait is?
Also, learn to fucking sage when you post shit unrelated to the point of the thread.