Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
pixelatedindex 5 days ago

This claim is so absurd that I need some sources.

armadyl 5 days ago | parent | next [-]

The person you replied to is right, the "security" of Linux might as well be nonexistent compared to macOS and especially iOS/Android. Even the developers of Secureblue (https://secureblue.dev/) state that despite their hardening and mitigations Linux still lags far behind macOS (and possibly Windows) security-wise. The only Linux derivative that has proper security is Android, and even better GrapheneOS.

https://privsec.dev/posts/linux/linux-insecurities/

https://madaidans-insecurities.github.io/linux.html

I also commented here on Linux phones, the same can apply to Linux as a desktop OS: https://news.ycombinator.com/item?id=46997397

Also on top of that Linux/Windows laptops also lack the hardware-backed security that Macs and to an extent some Chromebooks have.

hollerith 5 days ago | parent | prev | next [-]

OK. Here is a kernel developer explaining it recently on this site:

https://news.ycombinator.com/item?id=48448345 // When people escalate privileges on MacOS it's news, when they do it on Linux it's Tuesday (you might think the recent spate of privesc vulns on Linux was unusual but that is totally normal). I say this as someone who works on Linux security every day (I am a kernel developer) and uses Linux on every computer I have, both at work and at home, BTW. I am not a Linux hater or Apple fanboy by any means.

https://news.ycombinator.com/item?id=48444187 // I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.

https://news.ycombinator.com/item?id=48059250 // To convince me Linux is full of kernel LPE bugs, can you share some of the bugs? [answered by the kernel dev]

I also have some cites of comments on Linux by the founder of GrapheneOS I could dig up.

JumpCrisscross 5 days ago | parent | prev | next [-]

Linux is easier to misconfigure. Macs resists being misconfigured insecurely. At their tightest, I'd say neither is fundamentally more insecure than the other. (The exception would be M5-based Macs, which come with MIE. Though that isn't a macOS vs Linux thing per se.)

armadyl 5 days ago | parent [-]

This is incorrect macOS is fundamentally more secure than desktop Linux operating systems and it isn't particularly close.

No amount of Linux hardening will get a system even close to an M-chip Mac. Software insecurities aside, desktop Linux OS systems have almost none of the hardware-backed security benefits that Macs do.

TimTheTinker 5 days ago | parent [-]

At some point, lack of security becomes a feature. A fully secure, locked-down, T2 attested macOS is able to be controlled not just by Apple, but by increasingly evil governments, with no recourse available to users.

armadyl 5 days ago | parent [-]

Conversely, a Linux system with no verified boot can be easily tampered with without the user detecting it by people lower than the government such as casual hackers. So in a world where your government is going crazy, you're opting for an operating system that can be penetrated with relative ease (e.g. with persistent root malware) both by a non-government hacker on top of a state backed one.

JumpCrisscross 5 days ago | parent [-]

I'd also guess it's much harder to securely source components for a Linux build in the way Apple is able to.

armadyl 5 days ago | parent [-]

It's not really about supply chain security it's about the hardware itself. PC manufacturers in general just can't keep up since they don't have full control/integration over the hardware stack like Apple does. Also CPU, secure element etc security is limited but Qualcomm is catching up pretty quickly I believe if they aren't there already. We won't talk about Intel and AMD. But that's beyond my knowledge so I can't say anything too specific that's just what I have from general knowledge I'm sure someone will jump in with additional info if needed.

I don't think Apple is particularly any more secure against the US government than Intel is with supply chain vulnerabilities but I have nothing to back that up with aside from vibes.

dvhh 5 days ago | parent | prev [-]

Security by obscurity worked quite well