[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Long Wiki Edits Thread

Added.

Something useful / security here https://wiki.alpinelinux.org/wiki/Alpine_Linux:Overview#Technical_overview ?

Added links.

Added.

Generally, I don’t want to add to deep analysis of (in)security of other Linux distributions. Reasons:

  • might get outdated
  • distracts developer time from other tasks
  • might get disputed and then needs to be debated, fixed

The reason for that wiki page, listing these distribution is to demonstrate that these were considered as base distribution for Whonix before. During the early years of TorBOX / Whonix there were people repeating the myth “Why don’t you build on top of OpenBSD which is the most secure operating system?” Since these things nowadays are documented, easy to find on google and good arguments made, nobody is ever making these suggestions. Asking good questions such as in case of FreeBSD helped to get rid of these suggestive / myths. Looks to me like reading these write-ups people give up on these distributions / suggestions.

Reason to expand these notes would only be if any distribution(s) would be seriously considered porting to.

1 Like

Not anything relevant to security.

1 Like

Also, on Alpine, I found this from a CLIP OS/ANSSI dev a while ago

Not sure if the situation has changed since though.

2 Likes

This really needs a rewrite. A lot of the points are just completely inaccurate.

Windows:

The forced updates/upgrades are hardly “backdoors”. Would you rather have millions of people forget to update and their computers become seriously insecure? This is how botnets are formed.

When Microsoft realized it had accidentally allowed GNU/Linux to be installed on RT tablets, it quickly “fixed the error” [archive] to prevent the use of other operating systems.

This is good as a joke. Nothing else. This was a real vulnerability that bypassed verified boot. Would you call our verified boot attempts backdoors too?

Sure, I agree it should have a way to unlock the bootloader but calling it a backdoor is just plain wrong.

Windows Insecurity

You criticize the security of Windows, yet recommend Debian which is years behind Windows in security. Where’s modern mitigations like Control-Flow Integrity in Debian? Since Windows has had it since 2015 as Control Flow Guard.

Windows is a pile of legacy code full of security holes that is easily compromised.

Linux is known for keeping legacy code around and the standard Linux distro is far easier to totally compromise than Windows (just keylog the sudo password and load a kernel module, not even exploiting a bug required).

Your only citations for the MD5/SHA-1 stuff is for Windows 7 Server 2008.

Criticize Windows for it’s actual issues like privacy, not this.

Other:

Using FSF/GNU as a source is also terrible. They call any vulnerability in proprietary software a “backdoor” with 0 evidence.

A Free Software OS that respects user freedom is the only practical choice when it comes to privacy and security.

Being free software makes no difference to its security. Linux is a perfect example of a free software project that has terrible security.

We really shouldn’t be recommending Debian throughout the wiki either. At least recommend Kicksecure.

Don’t peddle the same misinformation that Linux is totally secure and glorious. It’s far from it hence why we have to do so much work in Whonix.

1 Like

Would be good if someone could add more issues / refine some potential inaccuracies.

Problem is word use. The use of the word “security”.

[1] Google android is tracking you even when you’re in Airplane Mode. (It logs all GPS data and then sends out once airplane mode gets disabled.)

Even if google android is safer against exploitation from third parties outside the ecosystem (non-gov, private hackers) and the repository (app store) is relatively free of exploits and other things against google policy, that isn’t what people would conclude and use the common speech word “security”. When knowing [1] most will assume ignorance or malice when saying google android has better security than X. Not sure how to phrase this right. “Google android has better anti-exploitation features than X but overall worse security due to build-in spyware features.”

Similar for Windows with its enabled-by-default keylogger.

[security definition] Maybe one definition of security is “device / operating system does what the owner of the device thinks it does and does what the owner wants (subject to limitations of reasonable possibilities / prospectus)”. A non-consensual upgrade (which can fail and lead to inaccessible data) is thereby considered insecure. “It’s not secure, because you can loose your data.”

That’s a value question. What’s more important. Individual choice (only upgrade with consent) or collective security (forced upgrade to prevent botnet). Similar freedom vs authoritarianism. It’s similar to ask:

Would you rather have criminals continue to “torture kitten” [2] rather than put everyone everywhere (including private rooms) under permanent video surveillance?

You interpreted that table entry as a comment on security / backdoor?

name of chapter: Windows Backdoors and User Freedoms -> Both, backdoors, and user freedoms

table entry: User Freedoms -> and then it lists that locked bootloader issue.

You’re viewing that table through glasses of security, verified boot? The one who wrote that table entry might not have been well aware of verified boot, maybe also since this isn’t a popular, easy to understand, important looking concept.

But would be better to complain about locked bootloaders than mentioning that verified boot vulnerability specifically indeed.

It wasn’t called a backdoor.
(quote “Table: Windows Backdoors and User Freedom Threats”)

Well, yeah. That wiki page groups together complaints of Windows security and other

  • malware infected Windows per 1000 end-user (or any other number of users) VS
  • malware infected Debian per 1000 end-user (or any other number of users).

When knowing nothing about security, when taking chances, for end-users certainly Debian has a much lower chance of getting infected by off-the-shelf malware.

As per [security definition] it seems really obvious to me that Windows is less secure than Debian.

It’s not ready. There’s no iso, there’s no website.


[2] Variable. Replace with other atrocities.

1 Like

No, it’s not. We need to make the difference between “Android” (the actual OS) and Google services that are commonly installed (Google Play Services do what you’re talking about). AOSP contains no tracking like this.

We also need to differ between “security” and “privacy”. They aren’t the same. Windows may be better for security but all of its telemetry is terrible for privacy.

It should be separated then. Backdoors and freedom issues aren’t exactly similar.

You’re proposing to rely entirely on security through obscurity which is a terrible approach.

Also see https://isopenbsdsecu.re/about/

But there are not a lot of public exploits against OpenBSD, so it must be secure!

There isn’t a single one (beside DoS) against TempleOS, Redox, MINIX, Haiku, MenuetOS, … Does it mean that they’re more secure than OpenBSD?

Let’s recommend TempleOS instead then?

There has been off-the-shelf Linux malware. The only reason it’s not as common as Windows is because Linux is less popular and that will change as the number of Linux users rise.

You can link https://www.whonix.org/wiki/Kicksecure/Debian

Btw why mention “dropped support for Windows 7 and 8”, because a common
response to “Windows 10 bad something” is “just use Windows XP, 7, 8
instead” (just one, not multiple) as if that was a full mitigation.

The path of least resistance in case of “ok, Windows 10 bad something”
is often “use an earlier version of Windows then”.

Using earlier Windows versions might mitigate one or another issue but
creates new issues because of already or soon deprecated security update
support.

madaidan via Whonix Forum:

No, it’s not. We need to make the difference between “Android” (the actual OS) and Google services that are commonly installed (Google Play Services do what you’re talking about). AOSP contains no tracking like this.

When I say “google android” I mean the thing that most users carry in
their pocket. The thing that comes pre-installed, which is kept, used by
95%+ of all android users which includes google play services. I don’t
know any better term for this. I don’t mean AOSP.

Windows may be better for security

For most definitions of security that I know or can image, real world
results, certainly not. Under some definitions, threat models however
that might be true.

but all of its telemetry is terrible for privacy.

An good distinction to make.

We also need to differ between “security” and “privacy”. They aren’t
the same.

It should be separated then.

Contribution welcome.

You’re proposing to rely entirely on security through obscurity which is a terrible approach.

I didn’t. Also debian has a lot less obscurity than Windows.

There has been off-the-shelf Linux malware. The only reason it’s not as common as Windows is because Linux is less popular and that will change as the number of Linux users rise.

Even if that is so, for now, as a wiki page says, it’s a good compromise
of security / usability. If this changes, it can be updated. Also
supporting Linux is more worthwhile than supporting Windows.

Whonix-Host isn’t available yet for users. Debian is the natural choice
since Whonix is also based on Debian. That’s an argument from usability.

You can link https://www.whonix.org/wiki/Kicksecure/Debian

Usability isn’t good enough yet. At time of writing Kicksecure might
brick host networking. Also too much state of previous existing Debian
installation might introduce issues.

I don’t want to spend any resources on that because it would block the
progress of Whonix-Host, create confusion Kicksecure vs Whonix-Host.

It’s a long term project strategic decision. I guess if I had known what
I know now, at the time when development started to make Kicksecure
available, I wouldn’t have made Kicksecure available before Whonix-Host
was available.

1 Like

Earlier versions of Windows have backported telemetry anyway.

A better term would be “stock OS”. It’s commonly used and would be more accurate.

No, Windows is better for security. They put far more work into exploit mitigations, sandboxing etc. than standard Linux does. Just because not enough people use Linux for them to care to write malware for it isn’t a good argument.

Not really. Windows has exploit mitigations, code auditing, fuzzing etc. Just because it’s proprietary doesn’t mean it relies on security through obscurity. Debian likely relies more on obscurity.

Its not a good compromise. The security of standard Linux is unacceptable. Desktops in general are bad but Linux especially.

Doesn’t matter how secure Windows appears from an objective position.

They are snitch bitches and allow the enemy inside the gates:

Microsoft has a history of collaborating with adversaries [archive] by informing them of bugs before they are fixed.

Microsoft reportedly gives adversaries security tips [archive] on how to crack into Windows computers.

I’m sure I could find more egregious examples. This kind of behavior undoes any shiny new security features.

Also, I think there is a strong argument that the whole architecture of Windows & Linux is weak as a host OS, and will always remain weak i.e. Qubes’ like structure (Type I hypervisor) required to separate dangerous elements into separate domains i.e. USB, networking, (future) GUI VM, (future) read only dom0, small core admin system i.e. Xen etc.

Joanna Rutkowska would have a field day with suggestions Windows is a secure OS. Even if they have 47,000 developers, they introduce something like 30,000 bugs a week (estimated)…

You’re completely misrepresenting what they’re actually doing. As said in the articles linked, Microsoft gives some companies early access to vulnerability info/releases so they can patch their systems before it’s public.

This is done everywhere and isn’t an issue. Linux does this too.

https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html#coordination

Fixes for sensitive bugs, such as those that might lead to privilege escalations, may need to be coordinated with the private <linux-distros@vs.openwall.org> mailing list so that distribution vendors are well prepared to issue a fixed kernel upon public disclosure of the upstream fix.

That is true. Both Windows and Linux are fundamentally insecure. Linux is just especially bad in comparison.

I’m not calling it a secure OS. I’m saying it’s more secure than Linux. There’s a big difference.

It’s funny you also mention Joanna Rutkowska since she acknowledges Windows’ security improvements along with tons of other security experts.

BTW, Windows is the only one mainstream OS I’m aware of, that actually attempts to implement some form of GUI-level isolation, starting from Windows Vista.

Microsoft did a good job with securing Vista.

etc.

The reputations that companies like google and microsoft have rightly gained due to their various intrusions and repeated blatant disregard for privacy and personal choice completely overshadow anything positive they may have accomplished with the security of their respective software offerings. Couple that with their sneaky and monopolistic business practices and security becomes a distant afterthought.
Myself and many I know would never carry a “smart” phone or use a microsoft product just based on that information alone.

I’ve already acknowledged Windows’ privacy issues. Security is not the same as privacy.

Indeed, and you make good, clear points. I was not answering your statements personally, just adding my thoughts to the overall conversation (which is a good conversation to have)

lets play fuck this concept:

When adversaries want to collect user data and they say: security not same as privacy we need from you to lower your privacy to keep you secure <- Fuck this concept

When Apple (or any similar evil company) dont let user app run except through their sandbox but when they want to listen to the user through backdoor they just can, so if this called security <- Fuck this concept

When comparing Windows Microsoft which a is proprietary nonfree OS to Free Distro like GNU/Linux Debian and saying its better with security while user cant verify a shit about the source code VS user can verify the code , change it , patch it , fork it…etc and saying Microsoft has better security <- Fuck this concept

What mentioned in that wiki the pure face of microsoft and similar proprietary OS , wont be changed and wiki will be kept as is to warn users not to use microshit windows and any similar garbage proprietary software.

Side point about kicksecure and debian: Not going to change every debian to kicksecure maybe after couple of years , kicksecure is not yet even tested and doesnt has users and its not good idea to recommend all users to use alpha distro over stable distro.

1 Like

None of them say that. None pretend telemetry is a security feature.

Sandboxing is necessary for security. If you allow the app to run without a sandbox then the attacker will do just that. There’s also no evidence of backdoors.

Proprietary or open source is irrelevant to security. Linux is a perfect example of this. It’s a security mess yet it’s one of the most popular open source projects. Come back to me when Linux gets mitigations that aren’t from the prehistoric era.

The user also can verify plenty about Windows. How exactly do you think malware is made? It’s not hard to verify if mitigations are working. If your exploit technique doesn’t work anymore then that’s a clear indicator it’s working.

Then you’re spreading misinformation and respected people have already criticized Whonix for this.

I really dislike the “free software is super secure and literally unhackable” circlejerk. It’s extremely far from the truth.

Kicksecure has been tested and does have users (I know plenty). Also, where does it say it’s alpha?

None of them say that. None pretend telemetry is a security feature.

though im talking about the concept, but ok no problem.

Sandboxing is necessary for security. If you allow the app to run
without a sandbox then the attacker will do just that. There’s also no
evidence of backdoors.

you skipped to sandbox by itself im talking about malware OS like ios as
a whole with a feature within it e.g Malware OS like IOS…etc can listen
to their users and know everything about them knowing their
location,apps installed,listening to microphone…etc just because they
sandbox my application or X user application from app store doesnt mean
they will not skip this feature when X app is installed or when X app is
installed can bypass this sandboxing. Thats what i call delusional
security, Proprietary software either a malware or might be a malware we
cant say its not malware.

Backdoors: https://www.gnu.org/proprietary/proprietary-back-doors.html

Proprietary or open source is irrelevant to security. Linux is a
perfect example of this. It’s a security mess yet it’s one of the most
popular open source projects. Come back to me when Linux gets
mitigations that aren’t from the prehistoric era.

The user also can verify plenty about Windows. How exactly do you
think malware is made? It’s not hard to verify if mitigations are
working. If your exploit technique doesn’t work anymore then that’s a
clear indicator it’s working.

It is relevant to security because if i want this X tool to be secured
or this tool is actually secure i need to know how it is secured or how
it is built not because someone else telling me how it is secured
because if so then believing in this like saying this is secured because
i said so = blind faith.

Proprietary Mitigation to this X of public exploitation doesnt mean
there arent tons hidden of non-public exploitation sold to any party and
microsoft done great deals doing that. Security through Mirage

Linux the kernel is free software one can fork it, patch it and user can
verify that just because it lack this particular security feature that
doesnt mean proprietary kernel better than it hell no (explained above)

So if we have missing feature just add it or wait for someone to add it
or pay someone to add it for you because there is NO better alternatives
(if the alternative is proprietary software)

Then you’re spreading misinformation and respected people have
already criticized Whonix for this.

I really dislike the “free software is super secure and literally
unhackable” circlejerk. It’s extremely far from the truth.

What misinformation? which respected people? if you think “Microsoft is
a malware OS” is misinformation well enjoy believing that. Also truth is
not based on numbers so if these ppl are delusional i cant help them.

and i never claimed free software is unhackable , but we use free
software because we value our freedom over anything and security come
after the software becoming free/libre not before. free the software
then lets talk about security,auditing…etc not the opposite.

Kicksecure has been tested and does have users (I know plenty). Also,
where does it say it’s alpha?

Its not in the production level yet, something isnt yet available to
download and use for users how is that not alpha? once there is .iso and
users reporting issues and their own experience about it then it might
be considered not alpha.

madaidan via Whonix Forum:

1 Like

Which is irrelevant since nobody does that.

This is just a whole bunch of baseless claims with 0 evidence.

This is all FUD but I don’t want to spend a whole evening debunking it all. For example:

Apple only has the encryption keys to iCloud data and never claimed otherwise. They do not have the encryption keys to the actual iPhones as shown in their own citations.

I’ve already told you how you can verify it but you’re just ignoring me to continue circlejerking.

More baseless claims.

This is just silly. Linux doesn’t care at all for security. All missing features will never be added. Meanwhile, the alternatives do care for security.

Already explained.

Brad Spengler and Daniel Micay immediately come to mind.

The criteria for being considered alpha is not whether it has an iso file.

Windows: First thing…

The energy in this debate would be better spend on improving that wiki page so it’s harder to misunderstand.

I am not aware of any constructive, rational, somewhat detail feedback on Whonix by either? Please provide references if handy.

Maybe a tweet but nothing detailed?


Btw I am sure negative comments can be found by whomever… Just in case:

  • Possible assumption “you can build a project this size without critics” is in my opinion false.
  • Success is impossible without critics and haters.
  • One should not spend more than 10% or so of one’s time on their critics.

This page should also be changed. Free software isn’t any more secure than proprietary software. I’ve already given clear examples of this. There is a big difference between “security” and “freedom”.

“Backdoors” keep being brought up too but that’s also no different in free/proprietary software. Backdoors are trivially hidden in open source software. There’s hundreds of vulnerabilities being found in the Linux kernel each month. How do you know any of these aren’t backdoors? You don’t. Backdoors aren’t going to be:

// steal user data
backdoor();

They’re going to be obscure, intentional bugs that are easy to miss.

Linux could be full of intentional backdoors and you wouldn’t know. Backdoors are even easier in projects like Linux that are written in memory unsafe languages because memory corruption vulnerabilities are very common.

Also see:

Spender only made a single tweet but Daniel talked more about it on Matrix/IRC. He talked about it pushing the lie that open source software (Debian in particular) is more private/secure.

I can’t really give a link but if you create a Matrix account and join the room, you can search for it.

Listening to criticism is necessary for improvements.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]