Thread replies: 26
Thread images: 2
Thread images: 2
File: 8698cc547614b31738b98fa79847339eebfc51b2.jpg (736KB, 2430x1368px) Image search:
[Google]
736KB, 2430x1368px
With the NSA tools leaked in the wild and and more shit to happen very soon, can you recommend any OS/distro which comes with good security features out of the box? Bonus points for usability and not being too hard to set up.
I heard OpenBSD is famous for its focus on security, also the security by isolation approch behind QubesOS sounded quite interesting.
Wat do?
>>
>>60428101
CentOS or anything redhat based.
Firewall GUI and SElinux with a troubleshooter installed.
>>
>>60428337
I know that CentOS is basically Red Hat Enterprise, which means you get lots of security updates. But is it really more secure out of the box than let's say Arch/Antergos?
Isn't it way more secure to have bleeding edge shit (which is less exploitable cuz it is so new, amirite?) than receive security fixes for outdated Kernel/software by the Red Hat jew?
>>
>>60428101
Debian is good enough for most people. If you want to go full tinfoil, use FreeBSD with all of the hardening options and remove your networking hardware.
>>
>>60428337
Wasn't SELinux created by the NSA?
>>60428619
I'm looking for a good balance between security and usability, so full tinfoil would probably be too much. OpenBSD or FreeBSD may be an option, heard a lot of good stuff about them but unfortunately never used them. How are they more secure than some secure GNU/Linux (out of the box/without spending too much time)?
>>
>>60428763
You'll be fine with Debian, just update it to stretch.
Also, SELinux is not a bad thing.
>>
Just use whichever distro you want. Malware targeting desktop Linux is virtually non-existent.
>>
>>60428101
Installing Gentoo from scratch and installing GRSEC and configuring it to be as hard and inconvenient as possible is the only way to avoid most of the malware out there.
Don't trust apparmor.
>>
>>60428763
>Wasn't SELinux created by the NSA?
Yes, but it was developed by the branch that deals with securing the NSA's own data, not the branch that steals everyone else's.
>>
>>60429270
This. Gentoo is probably the most secure distro since the USE-flags can be used to exclude features from packages. You can't be hit by an exploit if the code required to execute it isn't even there.
>>
>>60429280
i like how people are still suspicious about SELinux after it originally came out in 1998, their slogan should be '17 years of unfounded suspicions".
>>
>>60429231
except for you know, all those undisclosed exploits people keep "finding" and using to own servers right and left. other than ALL those, yeah, virtually non-existent.
>>
>>60429270
Hasn't been AppArmour dead for years? Unfortunately, GRSEC is not an option anymore:
https://grsecurity.net/passing_the_baton_faq.php
>>
>>60429457
I said DESKTOP Linux. Yes, there are a lot of exploits for servers but they require you to have the vulnerable service(s) running. If you find a live drive-by download or similar that can be executed through a web browser on GNU/Linux then please let me know.
>>
>>60429473
Heh wow, I guess switching to Windows 10 and installing EMET is the best way to go then. Wow good job GRSEC. Wtf, Linux is fucked now.
>>
Do you want to get work done on a machine that looks decent?
Windows 7-10 or macOS
Do you want to spend time configuring extremely arbitrary dotfiles with poorly documented customization options with inconsistent naming schemes, and even after your hours of work still have a pile of laggy shit?
Choose a Linux distribution, GNU or otherwise.
>>
>>60428763
>Wasn't SELinux created by the NSA?
you don't shit where you eat
>>
>>60429473
they will still release and support the testing version, it is just the stable one that they made available to subscribers only
>>
>>60429587
>muh looks
die
>>
>>60429547
Yep, I have never used SElinux but from what I've read, it definitely pales in comparison to grsec.
https://grsecurity.net/compare.php
>>60429587
>Do you want to spend time configuring extremely arbitrary dotfiles with poorly documented customization options with inconsistent naming schemes, and even after your hours of work still have a pile of laggy shit?
>Choose a Linux distribution, GNU or otherwise.
Are you seriously telling me that using Windows will be the solution to shitty customization options, inconsistency and lag? Not sure if troll or pajeet...
>>
File: 1491178824902.png (2MB, 1232x1460px) Image search:
[Google]
2MB, 1232x1460px
>>60429719
>Looks mean nothing, utility is the only thing that ever matters
kek
>>60429765
It's just better on every front.
>>
>>60429790
>Shilling Windows in a thread about secure OSes
kek
>>
>>60429613
Can you give a straightforward answer?
>>
>>60429790
>Looks mean nothing, utility is the only thing that ever matters
This is the truth.
>>
>>60428619
>remove your networking hardware
This helps windows also. Matter of fact it makes linux pointless.
>>
>>60429280
>SElinux
enjoy your crippled OS
Thread posts: 26
Thread images: 2
Thread images: 2