Anyone here using OpenBSD ? They claim they emphasize on "proactive security"

https://www.openbsd.org/

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography.

I created a topic here recently asking about what makes QubesOS more secure in comparison to other popular Linux distros like Ubuntu, Fedora, Mint, Arch, etc. The answer in short was isolation.

I want to ask the same question about OpenBSD. Afaik OpenBSD doesn’t implement any isolation but I have read many articles which says OpenBSD is highly secure.

Q1) Is OpenBSD really more secure than Ubuntu, Fedora, Mint, Arch, etc ? If yes then

Q2) What exactly has the OpenBSD team done to achieve this kind of security ?

BSD is not using the linux kernel so it is comparing apples and oranges.

You forgot the phrase

No system is as secure as it’s user

If the user has a questionable habit - computer wise - a BSD based system is as vulnerable as Arch.

macOS is a BSD based system - and given the opportunity - you can break that too.

There is several distributions out there based on BSD - give them a spin :slight_smile:

EDIT:
I took a look back into BSD - I was visiting the world 8 years ago but things happened I strayed and stayed with Arch - but if one should point at an easy BSD which can run of a stick - and keep doing it - then it would be nomadBSD

1 Like

When I search “linux kernel vs bsd kernel” on the web I get only one information that is linux kernel is a separate project while in case of BSD the kernel is part of the OS. Not a single article which compares their security features.

Example

Exactly what kinds of habits should I avoid ?
I update EOS everyday. This is the first thing that I do when I first boot my desktop in the morning. Sometimes I update even multiple times a day. Firefox is running with the arkenfox use.js & that too inside a Firejail sandbox. I am using the hardened kernel.

openbsd is highly secure out of the box because almost no services are running and it ships “secure by default”. Meaning that they take the most secure approach possible by default and let the user lessen it if they choose to. Additionally, they do a lot of security auditing on their default application sets. You can read more at the link you posted above about proactive security.

openbsd is primarily used in the embedded server/network appliance space and their security approach reflects that. If you install all the packages required to make it a desktop, install a bunch of desktop software and lessen the security to make all of that actually work you are going to lessen the security.

On top of that, the device driver and software ecosystems are significantly smaller so you are limited in what you run.

So the short answer is “Yes, it is more secure than Ubuntu” but since it also does less it isn’t really comparable.

1 Like

Knock yourself out
https://www.youtube.com/c/paranoidlife/videos

That’s a low hanging fruit :rofl:

1 Like

Yes, I read that on their page. But I have verified myself that EOS too has no running services by default. I ran a Nmap scan and all ports are closed. So don’t you thing both OpenBSD & Arch are same in this approach. Or is running Nmap alone is not enough ?

In that case OpenBSD is useless to me. I am planning to replace my 4G internet connection with a fiber broadband connection & I am planning to use my own firewall. In your opinion which os should I install as a firewall ? PFsense Vs opnSENSE vs (vanilla) OpenBSD ?

opnsense. It the fully open source fork of pfsense.

openbsd makes a great firewall but you would have to configure everything yourself manually. opnsense is built to be a firewall/router and has easy interfaces for managing all those things.

2 Likes