Which operating system do you guys think is the most secure?
I'm personally conflicted between OpenBSD and Qubes OS.
K, so in theory how secure a computer system or a network is, regardless of the OS, has everything to do with how well it's administered and practically nothing else (although I disagree with that to an extent.).
What I really mean I guess is which operating system provides the best security and anonymity for its users upfront, and which operating system the best tailored to anonymity and security.
Also, is it possible to create and run openBSD templates on Qubes OS? That would actually make my Computer feel godlike in terms of security
They are different use cases, so it's difficult to compare. If you can get everything you need done with base OpenBSD and the small selection of packages that have been coded to the same level, might as well keep it simple. If you need more flexibility, go Qubes. Think so but haven't tried.
Christopher Russell
Illumos
Mason Hernandez
Linux is too mainstream. Use mach kernel.
Easton Diaz
Secure against what? Absent a threat model, your question is meaningless and any answers you get are also meaningless.
The only OSs that provide any anonymity "upfront" are Tails and heads. Unless you count Whonix. Anonymity is not an OS-level concern with the exception of obvious bad actors like Microsoft, whose entire OS is a spying platform.
Any OS "provides anonymity" if you disconnect it from the internet.
Thomas Lopez
We need to make a qubes competitor that uses sel4 I stead of xen and openbsd instead of fedora.
Lucas Lee
OpenBSD's "security" is a meme that is based on applying only one specific technique to mitigate only one specific issue under only one specific condition (relentless code auditing to mitigate RCE exploits, so long as you use the default configuration only and don't install any other software which is completely unrealistic). Only /g/ memers who don't even use it think it's the best. Last time I looked into it, it didn't even have proper FDE. It's a complete joke unless you're using it in a very specific context (like running it on a router). It's worthless for actual general computing.
Meanwhile, Qubes is merely a reasonable implementation of a broadly applicable security principle (security by isolation) that can effectively and securely adapt to basically any practical context imaginable, including even stuff like using Windows 10 without Microshit spying on you. And with formally verified kernels like seL4 gaining in popularity, it's only going to get even better. The Qubes model is not merely superior to OpenBSD's "security"; it makes it irrelevant.
The only security you need is a secure hypervisor. If you think you've been infected, just reload your current VM from its template (which in Qubes means simply restarting it), and the infection, whether it really existed or not, is gone automatically and verifiably no matter what (unless your hypervisor is broken but that's outside of the security model's scope). The "good enough" security standard of most code (which will never change because most devs are lazy pajeets) thus actually becomes good enough when you put a proper hypervisor isolation condom over it.
Anyone even seriously comparing the two just demonstrates their own ignorance. Though with a bit of sprucing up, OpenBSD could perhaps make a decent template for many purely functional VMs in Qubes such as sys-net, sys-firewall, sys-usb, dom0, etc. It probably wouldn't be that much better than Hardened Gentoo though, and implementing that would be a lot less work.
hey that's pretty cool. didn't know that fun fact: qubes team got pissed a while ago after a bunch of xen paravirtualization vulnerabilities and i recall them claiming they were working towards making it able to work on other hypervisors. that seL4+OpenBSD plan may be feasible by just forking or tweaking qubes.
true but opsec is hardly effective if your adversary can just pwn your device
browser uniqueness may affect privacy, sure, but i dont want to use chrome on windows to legitimately blend in
Juan Bell
Browser fingerprints are pretty easy to forge. There's several plugins for it that I'm aware of. Probably more.
Wyatt Myers
If your adversary does not see your device as an interesting target he will not pwn it, that's half of the point of opsec. The other half is being able to say "you can't prove anything", but it's best not to reach that point.
Hunter Thomas
If you tune your fingerprint to a browser that doesn't support a certain compression algorithm but your browser still sends requests to use that algo, this creates a whole new unique identity that opens up to some OPSEC nightmare. Better use Tor Browser and call it a day.
This information was originally posted by another user but I'm posting it again in case you didn't see it.
Dominic Thompson
the one on a computer with no internet connection
Joseph Scott
It would be great if Qubes moved to or started supporting sel4 builds. The one thing Xen does have going for it is that it's used heavily by a lot of big names, so there's a vested interest in its continued development and security.
Nathaniel Russell
temple os
Evan Wilson
Correct, although seL4 is ideal iirc Qubes team went with Xen for its greater support for hardware and the like. There've been discussions years back about this very topic, but in the end they went with greater compatibility.
Though really, most OS' are secure enough provided you're not an idiot installing things from ads. These security threads get pretty autistic honestly. You're shitposting on an imageboard, not managing trillions in financial flows. If you want the most secure system out there, find out what Fedwire or SWIFT run on, probably something proprietary with a team of highly-paid devs on it 24/7.
TempleOS has never had a security breach as far as i know
Andrew Morales
Probably some mainframe OS thing like AS400, system Z, etc. Quite secure by virtue of the fact most of the millenial skiddies won't have the slightest fucking clue how to operate it, and learning to do so is nontrivial.
Cooper Anderson
I have a friend that works for a major US bank and they use an IBM mainframe z/OS. He had to learn jcl to work with it. What a language.
Nathan Brooks
I've played around with z/OS on an emulator. It's neat as a curiosity but dear god everything about it seems tailor-made to be an obtrusive pain in the ass. It's like none of the last 30 years of UI improvements made it in there. You have to do shit like manually move your cursor, one character at a time, to the very beginning of a text entry point, or else your input is rejected. Tabbing between fields is for fags.
Tyler Martin
That might have something to do with the insane backwards compatibility z/OS has. Remember, this is an operating system originally made in a time when it was cheaper to pay a workers salary than buy a computer. It's also why jcl is so complicated and verbose. The cheap programmers are supposed to do most of the work, and the expensive computer just does the heavy lifting the humans can't do.
Luke Stewart
nice LARP my friend :)
Leo Peterson
TempleOS has no networking, encryption, or security that I know of. There's nothing to break.
Nicholas Wood
The current release of Qubes needs modern pozzed x86 hardware to do anything useful, so that's out.
Jaxson Morris
Go back to /g/ you glow-in-the-dark nigger piece of shit. OpenBSD has the best FDE because you can actually encrypt the whole drive, including /boot.
