Host Operating System Selection Wiki Page Discussion

There is 0 evidence for it

I will talk about one example about what these malware Operating Systems
can do and what power they have:

Stealthy update is something done since long time , it can give you
whatever software they want to give you e.g:

Windows XP
https://slated.org/windows_by_stealth_the_updates_you_dont_want

Windows 7,8,8.1

Apple Mac

…etc

if you think that they cant do whatever they want to your machine by
giving whatever software they want then i think you are degrading
yourself when defending that.

Linux can easily have backdoors as I clearly explained above. If only
you’d read what I say…

im reading what you are saying thats why i said this is what back-doors
definition,actions…etc is:

https://www.gnu.org/proprietary/malware-microsoft.html

when you say there is a hidden backdoor on open source/free code this
sound just ridiculous. say it has not well securely designed , has bugs
, undiscovered/0 day bugs (because its human software which is
fine)…etc but hidden while its free software = nonsense

point to make: whether 300 line of code or 3 billion if its free
software we cant say hidden backdoor because what to hide exactly while
the source code on the public for everyone to look at it
anytime,anywhere. undiscovered bugs can happen in any program but the
advantage of free software can be forked, can be audited , can run
through static code analysis , can be verified manually.

Proprietary software when the user using it hes under the shoe of the
developer, he do whatever he like whenever he like while user handcuff
cant do a thing.

Hence why security researchers do in-depth analysis on these
mitigations and the general consensus is that the mitigations are good.

You are mixing between how much the tyrant proprietary company is
capable of controlling their users and outside crackers. Just because
the company defending their system against outsiders doesnt mean that
their system secure for users from their own malicious actions. Thats
exactly what been reported and shown from technical ppl from RMS to
Snowden to…etc.

Security Education: Just because the company (microsoft,apple…etc) can
maliciously hit their users that doesnt mean they are the only one
capable of doing that. (so securing their systems from outsiders also
marked failure)

Hence why security researchers do in-depth analysis on these
mitigations and the general consensus is that the mitigations are good.

doesnt add up to the argument , i know X exploit stopped working but the
entire black hole thing i dont know what the hell going on with it so
its just delusional security like i said.

This is just ridiculous. Of course everything has vulnerabilities.
Microsoft at least attempts to mitigate them while Linux does nothing.
Linux piles trash upon trash.

Linux is free software not a company proprietary software , you have
objections fork it and do whatever you want or rent a coder to do
whatever you. In Microsoft user shutup and follow the master thats why
some vulnerabilities they didnt even saw them as vulnerabilities until
many years later as shown in the series. But user cant do a anything
about it… shhhhh shutup and use what i want you to use…

It’s really stupid to call Microsoft ignorant about security when
praising Linux. I can go on forever about Linux’s security issues.

Missing the point again and again what you call Microsoft security is a
mirage a laughing on yourself nothing can be checked, nothing can be
changed.

Good luck fixing ~30 million lines of broken code.

at least there is possibility to look at the code , fork it , check it
…etc. with proprietary kernel you can do nothing, or wait maybe you 2
options:

reverse engineer entire kernel or OS = See you after 100 something year
from now.
try make changes to proprietary product= Jail Time!!

That’s irrelevant. We’re talking about security, not blobs.

relevant in a way that they made changes to the vanilla kernel and added
their desires,changes… Similarly can be done to security or any other
feature.

I don’t see why you’re trying to make these claims from a position of
complete ignorance about Linux security.

Just because Linux the kernel insecure doesnt add up that proprietary
kernel/software better than it.

i Think generally you are missing the why its important to use Free
Software, i suggest to read:

madaidan via Whonix Forum:

I’m talking about security, not freedom.

Security isn’t an absolute goal above all else always. It might be safer
to live in a maximum security prison than in freedom to get hit by a bus.

The security that Windows might have in theory is not worth bothering
with since the obvious backdoors and freedom restrictions nullify any
theoretic advantage.

It’s easy to find telemetry in either. It’s not obscure. You can just monitor network requests.

Not easy if communication is encrypted. There might be a workaround but
why spend effort on proprietary.

You won’t be able to.

It’s not about me specifically. Anyone with the capability to can do it.
Linux contributor community is huge. Once they care enough about any
aspect it will happen…

There are tons of examples of vulnerabilities in Linux that have been there unnoticed for years.

…Linux is used on many servers and there’s tons of people who want to
bring down these servers for whatever reasons. Yet, it’s not happening
that these servers are brought offline all the time. Therefore it’s not
that much bad.

Current Linux upstream doesn’t prioritize security as much as others
want but it’s still usable and the best practical solution we have so
far. Once Linux lacks any aspect (security is one such aspect) enough to
make enough people care, then upstream will either change or Linux will
be successfully forked (and possibly the originally becoming obsolete),
contributors migrating to the fork. The possibility of forking doesn’t
exist for proprietary.

It is public. The chat is publicly logged and you can see all messages LogBot Archive

You can search for it if you want but it might take a while. I don’t have a link though.

All search results for search term “whonix” are not by Daniel Micay.

All search results for search term “whonix” are not by Daniel Micay.

I think they started logging on IRC after the discussion. But you can still find it on Matrix.

That’s not even close to what you’ve previously claimed.

You are, again, completely ignoring everything I’ve said. It’s easy to hide backdoors in open source software. I’m not going to repeat myself over and over again.

And you still have not given any evidence for backdoors.

You’re making no sense. It’s easy to verify that the mitigation is working. You’re still ignoring things I’ve said.

You can’t just fork it and magically fix everything. It’s fundamentally insecure.

Linux is notorious for hiding vulnerabilities and pretending like they aren’t one. They either downgrade the vulnerability to a DoS or refuse to even get a CVE.

It’s easy to check. You just aren’t listening.

Again, good luck fixing ~30 million lines of broken code.

You seem to think there’s a magical “fork and fix everything” button. That’s not how it works.

I’ve already given examples of Windows’ superior mitigations. Want me to give more?

I don’t care. I’m not a free software fanatic. I care for privacy and security. The FSF is the last thing I’ll listen to for advice on those.

That can’t be said for everyone. Not everyone cares much for freedom or privacy and would prefer the security advantages of Windows.

Yes, it is easy. Install a root certificate and decrypt the TLS. I’ve done it before when analyzing the connections of some software.

I’m not talking about you specifically. The entire Linux community will never be able to find and fix every single bug.

Servers don’t have near the same attack surface as desktop. You don’t have a browser on a server. Remote exploits are very rare across all OSes. Sysadmins are also usually more competent.

I think this is right. The earliest messages were LogBot Archive

You dont care about freedom , you dont care about privacy , and you
separate privacy and security same as adversaries doing (but all known
experts like snodwen , rms , schneier…etc find this ridiculous) , you
dont have problems with proprietary concept as you believe its more
secure(?!)…etc

So instead of educating you and wast my time here and go in nonsense
discussion its better to end this:

here we care about privacy,freedom,security all together for the user
and source code and concept. I respect your views but on the same time
nothing going to be changed here because nothing worth to look at.

Educate yourself then nag if needed in a useful way, not to nag in order
to nag.

I do. I’m just not a fanatic.

Yes, I do. I’ve acknowledged Windows’ privacy issues many times before.

Because they are 2 separate things.

That’s not true at all. Most experts acknowledge that Linux is decades behind Windows. RMS is also hardly a security expert.

This is just bullshit and you’re putting words in my mouth. I never said software being proprietary made it more secure. You made that up.

Windows is more secure than Linux, not because it’s proprietary, but because of all its work on exploit mitigations, sandboxing etc.

I care about those too. I just don’t spread misinformation about them.

They aren’t just my views. They’re the views of anyone experienced in the industry.

They also aren’t really views but real facts.

You’re the one who needs to educate yourself. I already am educated.

Well, I have respect for both of your views and contributions since you’ve both done a shitload of work/improvements for the Whonix project over a long period.

I think this is a case where it’s better to agree to disagree. This same (heated) discussion is already seen in thousands of articles/forums across the net already.

Coming back to madaidan’s original point - I do think that the Host Operating System Selection page could do with a clean up / more objective references in general. I don’t like how it is formatted at present - it is more than a little ‘preachy’ and does rely heavily on the FSF info.

I have looked around briefly for objective, solid resources for the Linux v Windows comparison re: security (I think we have a solid handle on the privacy issues already), but it’s hard to find good, modern, scientific material doing a thorough comparison. Ditto if we had a better Linux vs macOS comparison.

If you have some good references to share, we can do up a reasonable security comparison table with entries like sandboxing, root vs non-root accounts and a thousand other things.

I suspect that Windows/macOS will look very good on that comparison, but as already noted by other commentators, it will not necessarily change the recommendation to avoid the Windows platform due to points already outlined in this thread (I’m not going there; have better things to do )

PS Re: Rutkowska’s GUI isolation article - another reason to use Qubes. I’m very surprised that just over 30K still use it in this day and age, given all the known benefits (including yourself?). If I am a bad guy and monitor the Whonix forums - extremely likely - contributors are the first people I track/screw with. Anybody who has contributed to Whonix for years will normally announce strange behaviour of their laptop or desktop from time to time, which I have no doubt relates to advanced adversaries.

Luckily I just don’t give a shit.

PPS @Patrick http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Logging_in_to_captive_portals&oldid=52287&diff=cur

I agree. Most content is just the same “linux is super duper secure” echo chambers written by non-experts. Daniel Micay has talked a lot about it but he hasn’t made a very thorough comparison AFAIK.

I’d say macOS trumps both Linux and Windows in terms of security. For example, it has proper verified boot unlike the theater in Windows/some Linux distros.

I can write something up if you’d like. I really like researching OS security.

Sadly, no since my hardware is too bad for Qubes.

Has there been any real cases of this?

it is more than a little ‘preachy’ and does rely heavily on the FSF info

It is and you have to call ppl to use this or that anyway, we cant be
middle between good and evil thats hypocrisy, We should always choose
the good side or at least do our best to reach to that.

Any good quality quotes or improvements can be added to the wiki as well
why not but not in order to make Proprietary OS looks nice and its okay
as an option to be used. Its up to the user anyway what he will choose
to install in his machine but from our side we do the good part which
give warnings and show the danger of choosing proprietary OS and in the
end its up to the user to decide which OS he take.

Correction: GNU documentation , Not FSF.

Well, I have respect for both of your views and contributions since
you’ve both done a shitload of work/improvements for the Whonix project
over a long period.

Thank you and you have done alot as well, Im glad to be with great
quality contributors over here.

That would be great if you could spare the time

Don’t let wiki stuff detract from your code contributions though, which have been great. (And yes, we should probably separate out User Freedoms as a distinct issue.)

Actually my bad (probable hyperbole/misattribution). I think the actual case is if you live in a jurisdiction hostile to Tor/encryption like mine and spend a lot of time using these tools, you just get attacked from time to time (sometimes obvious in the impacts - could be purposeful harassment or an amateur). Whonix is probably just the side issue i.e. have spent too much time hanging around here in recent years.

I think maybe it is fair to say something in the Intro to that page like:

There are two primary trains of thought with respect to security and privacy when deciding upon a host operating system.

Many GNU/Linux enthusiasts insist that where strong privacy is the end goal, trust cannot be placed in unauditable proprietary operating systems, even if an objective analysis of security features suggests they provide stronger protection against potential exploitation. The reason is a host of anti-features such as advanced telemetry can be classified as built-in spyware that greatly undermine the privacy objective and seriously compromise user freedoms. Further, off-the-shelf malware more often targets proprietary operating systems due to their mass adoption; the corrolary is open source options may therefore reduce the risk of exploitation by weaker adversaries (admittedly experts generally state “security via obscurity” is a weak security principle to adopt). [ref]For instance, it is a logical fallacy to state that since few public exploits exist against OpenBSD, it is a more secure platform.[/ref]

The counter argument is proprietary operating systems like Windows 10 and macOS have invested billions of dollars and millions of developer hours into significantly hardening their platforms over the past two decades (see Table X). [ref]In Windows’ case, over 45,000 developers are engaged in 2020.[/ref] This has meant Windows has modern mitigations like Control-Flow Integrity that are simply not available in popular Linux platforms, nor likely in the near future. Further, the ‘many eyes’ theory suggests that Windows and macOS are far less likely to suffer from legacy code issues that may pose catastropic security weaknesses. Since privacy is built upon the security foundation, it is simplistic to state open source OSes are superior in all regards.

On the balance, objective evidence and disclosures suggest popular proprietary OSes have better security than Linux and BSD variants, but strongly embedded telemetry features which are injurious to privacy. In the case of open source OSes, they have maximal user freedoms and virtually non-existent telemetry, but greater security weaknesses.

It is for this reason operations systems like Qubes OS are gaining increasing attention as a potentially better, third alternative. In this configuration Whonix runs on top of Qubes inside virtual machines (VMs), just like any other OS on the same platform (Fedora, Debian, Arch Linux and so on).The Qubes bare-metal hypervisor is based on Xen and Fedora. Via hardware support like VT-x, VT-d and TXT, Qubes has implemented a strict security-by-isolation architecture. Hardware controllers and multiple user domains (qubes) are isolated using separate VMs that are explicitly assigned different levels of trust, yet the desktop experience is user-friendly and well-integrated. In summary, Qubes provides both strict security mechanisms and remains completely free of a reliance upon proprietary software.

A comparison Windows vs Linux similar to

could be a rabbit hole. See this wiki page:

and how big a discussion was created from that:

True - but if madaidan does a succinct summary, wouldn’t hurt to drop it in a table so at least we have some objective info. But I agree, we don’t want it to turn into a monster like that other page.

PS Check out the SSH page improvements (thanks to that contributor - I tidied it up a bit)

How is Host Operating System Selection - Whonix?

That looks good to me - short, sweet, not overstated like before. It still higlights Windoze is a privacy nightmare, which is the main point we need to get across.

The old (existing) version is too verbose and comes across as unbalanced (plus repetitive).

Not trivial to review. Where any points removed or just rewritten neutrally?

It is mostly cutting out big, repetitive sections & some contentious claims (or interpretations), along with more neutral wording. On the whole, probably better balanced.

I think we did well over the years cutting anything where claims were ‘out there’. This page probably falls into that category, and I did cringe a bit reading it in the past (admittedly I originally added a lot of that FSF information).

On second view not that hard to review though.

Template:Windows Hosts: Difference between revisions - Whonix has mostly deletions.

For example this was removed without replacement:

Windows 8 has a backdoor for [https://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html remotely deleting applications] from the computer.

Why?

old:

* When Microsoft realized it had accidentally allowed GNU/Linux to be installed on RT tablets, it quickly [Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs “fixed the error”] to prevent the use of other operating systems.

new:

• Microsoft [Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs does not allow opting out of verified boot] on RT tablets which prevents the use of other operating systems.

This was a good rewrite.

More correct, neutral rewrites are OK but other points should only be deleted if these are invalid.

It’s not an issue. Microsoft can remove apps from the Windows Store which is obvious since it’s their server. It’s like criticizing Debian for being able to control their own repos - it doesn’t make sense. It only becomes an issue when it’s used to censor legitimate content which there hasn’t been a case of AFAIK.

Calling it a “backdoor” is a bit much.

Agreed - both Microsoft and Debian can remove software ut this is different.

Windows 8 has a backdoor for [https://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html remotely deleting applications] from the computer.

remotely is the keyword here. Debian has never and has no mechanism to remote delete applications without the user running APT - which would then inform beforehand what it is going to do.

remotely meaning: microsoft starting the action.

APT could remove a package too (sometimes packages are renamed), but the user has to start the action, and can abort any time. Never in the history Debian enforced any software removal. Well, except maybe the situation “if you don’t do X, then you can’t upgrade” (I don’t know any specific examples). But no force removal triggered from Deian remote server that results in changes on local user disk.

There’s also tons of other deletions of bullet-points. Please quote and explain why these would be non-appliable. If these are still applicable but wrongly worded, please reword instead delete.