The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography.
I created a topic here recently asking about what makes QubesOS more secure in comparison to other popular Linux distros like Ubuntu, Fedora, Mint, Arch, etc. The answer in short was isolation.
I want to ask the same question about OpenBSD. Afaik OpenBSD doesn’t implement any isolation but I have read many articles which says OpenBSD is highly secure.
Q1) Is OpenBSD really more secure than Ubuntu, Fedora, Mint, Arch, etc ? If yes then
Q2) What exactly has the OpenBSD team done to achieve this kind of security ?
EDIT:
I took a look back into BSD - I was visiting the world 8 years ago but things happened I strayed and stayed with Arch - but if one should point at an easy BSD which can run of a stick - and keep doing it - then it would be nomadBSD
When I search “linux kernel vs bsd kernel” on the web I get only one information that is linux kernel is a separate project while in case of BSD the kernel is part of the OS. Not a single article which compares their security features.
Exactly what kinds of habits should I avoid ?
I update EOS everyday. This is the first thing that I do when I first boot my desktop in the morning. Sometimes I update even multiple times a day. Firefox is running with the arkenfox use.js & that too inside a Firejail sandbox. I am using the hardened kernel.
openbsd is highly secure out of the box because almost no services are running and it ships “secure by default”. Meaning that they take the most secure approach possible by default and let the user lessen it if they choose to. Additionally, they do a lot of security auditing on their default application sets. You can read more at the link you posted above about proactive security.
openbsd is primarily used in the embedded server/network appliance space and their security approach reflects that. If you install all the packages required to make it a desktop, install a bunch of desktop software and lessen the security to make all of that actually work you are going to lessen the security.
On top of that, the device driver and software ecosystems are significantly smaller so you are limited in what you run.
So the short answer is “Yes, it is more secure than Ubuntu” but since it also does less it isn’t really comparable.
Yes, I read that on their page. But I have verified myself that EOS too has no running services by default. I ran a Nmap scan and all ports are closed. So don’t you thing both OpenBSD & Arch are same in this approach. Or is running Nmap alone is not enough ?
In that case OpenBSD is useless to me. I am planning to replace my 4G internet connection with a fiber broadband connection & I am planning to use my own firewall. In your opinion which os should I install as a firewall ? PFsense Vs opnSENSE vs (vanilla) OpenBSD ?
opnsense. It the fully open source fork of pfsense.
openbsd makes a great firewall but you would have to configure everything yourself manually. opnsense is built to be a firewall/router and has easy interfaces for managing all those things.