Some security questions

Thanks for linking the article. Now that I have been able to read through some it. I am better able to say that a lot of this seems heavily misconstrued “in my opinion”. Really making things seem like a much bigger deal than they are. The author does do their research and mentions all of the caveats of what they are saying, but have you followed a lot of the links this person included? Again in my opinion they talk a lot about technical security measures without any mention of tradeoffs or why these operating systems were able to achieve this.

For example in the app sandboxing section. They mention that Windows sandboxes uwp applications and provides a sandboxing environment akin to bubblewrap on linux which they conveniently don’t mention instead opting to talk about the nonstandard and already known about flaws with firejail.

Edit 2: I realized I didn’t mention my main point here. That most windows software isn’t UWP applications. Even if the sandboxing is theoretically better and I don’t know enough to say that there is. One such caveat that wasn’t mentioned was that the adoption of flatpak has been far better than that of uwp. Therefore there are far more apps that can and are be run with sandboxing even if somewhat flawed than there are on windows.

Furthermore when it comes to the large attack surface of a monolithic kernel. Windows to my knowledge has moved more towards a monolithic kernel than away. Also they note that macOS has disallowed kernel extensions altogether. Something they can only do because they are not a operating system that needs to support more than their own stack. Apple doesn’t need to support generic hardware or use cases. Like I mentioned in my first post. Linux is far more widely used than any other kernel.

Honestly there is a lot more to say and pick apart with this, but seriously you should follow the links the author provides for more context.A lot of the stuff the author says applies just as much to windows as it does to Linux. Arbitrary code guard was introduce in Microsoft Edge, furthermore their is a whole section on how it prevents various types of applications from working at all.
Seriously follow the links

I just want to end this off while saying that security is done in layers. Microsoft has introduced a lot of really cool layers that honestly are done a disservice by this article.

Edit: Forgot to add that a lot of these are opt in on Windows just as they are on Linux.

Look, if you honestly think I am a troll and there is no convincing you otherwise why not just ignore me, ignore the post and move on?

You seem literally incapable of seeing anything but that which is enraging you and justifying your own position.

Really … i don’t think that info is very valid. It’s laughable!

I know that they mention ChromeOS and although not stated it’s my understanding Android also has strong sandboxing both of which are based on linux. Not sure if “linux derivative” would be a better term or would they meaningfully fall under ‘linux’? To be honest, while I understand some of the differences broad between various Linux distributions Debian vs. Arch for example having different package manager implementations and design philosophies, it can at times get very confusing for me when differentiating one fork vs. another. It becomes a question of, “if ChromeOS and Android are linux, what stops their sandboxing methods from being adopted?” the technicalities are all over the place!

For the most part I believe it comes down to the delivery of software. Once you control that, those systems have been able to add additional guarantees without much breakage. Of course that too has caused a whole slew of issues.

Try research about open source vs closed source usage.
One of the main security benefits of Linux is that all sources are open and everyone can find security issues and report them, we see that it happens very fast to close issues on Linux as of community track down and report them.

The Base of EndeavourOS = Archlinux they have a Security team and report system:
https://security.archlinux.org/

And personal note:

In general there is no such thing as fully secure, it is only more or less secure.
The main security risk is always the user itself.

EndeavourOS is installing and enabling firewalld by default per example … we do not enable unwanted services by default, we do not collect userdata from the installed OS nor while installing.
We relay on system-packages directly from the official archlinux repositories. We do keep things as simple as possible not installing everything someone could need and instead leaving it to the user to add if needed, we do use gpg signing for packages and ISO.

Compare this with something like windows, you may find some answers.

I feel that’s a valid point. Windows tried with their UWP apps etc. but eventually had to crawl back esp. to allow “classic” apps into their app-store. I’s a big PITA to enforce.

There are of course ways, but they are far from being the default in Linux distros. Essentially everything the user runs has the power to zip up their complete home dir and send it to Timbuktistan.

The “it’s all OSS” argument isn’t viable either. People run a lot of proprietary software already (Spotify, Discord, DaVinci, …). How many people would give up on Linux without Steam - not even mentioning the proprietary software that runs on top of the translation layers?

First, thank you for your measured responses. I have done my best to follow them where I can. I do my best to grasp the subject matter as I can. I do not however, want to presume I understand more than I do.

Right. Even reading their link on uwp, I got the impression that windows sandboxes a select set of programs. but that this wasn’t universal. It makes the comparison seem shaky to me especially since the MS article they link to seems to say that historically an “app” hasn’t been defined on windows, just sets of executeables.

I don’t know that I consider the security comparisons to MacOs fair because Linux and Mac have in my mind much more distinct use cases than Windows to Linux. Mac is running on a very finite set of hardware compared to most other OSes. It’s hard not to interpret the cost of compatibility across many hardware platforms as having some level of reduced security because the scope is that much larger. My immediate thoughts are also that Linux doesn’t save every possible hardware configuration to a device so the dangers of the kernel size are probably over stated. I however, am trying to make sure I am not just assuming things.

One thing I can say for MS is they’ve certainly been the most target rich environment historically so they do have to get creative with solutions.

I hope you’re right

I aspire to be a cyber security professional, so I am hoping one day when I come across such articles I can better evaluate them… there are just enough topics mentioned that I’d rather look like an idiot asking dumb questions and be corrected than give bad advice to friends and or family.

I am familiar with the concept. I generally trust open source solutions more than closed source ones for those reasons.

I trust FOSS over closed source. I have been relying on this security model for many years now and have had no indications I’ve ever been compromised.

Da heck happened here?

Edit: You may need to get a drink or use the toilet before reading this post as it is a tad longer than I expected.

Well I’ve finished my popcorn so thought I’d respond.

@HausMaus As others have said never base an opinion on a single source, especially when they are anonymous (and have 4 crypto links to send them money at the bottom of their main github page).

I’m not sure what you mean by sandboxing. You mentioned Windows 10 and it doesn’t really have sand-boxing natively, it has security layers. Windows 11 has sand-boxing called Application Isolation which is part of the reason you have a TPM but you also have Windows sandbox (only available or Pro/Ent/Edu additions) which is basically a Windows virtual machine on Windows. Linux has Flatpaks (Bubblewrap), Snaps as far as application sandboxing and a whole host of containerization options and VM software. I don’t know enough about MacOS/ChromeOS.

It is all about attack surface. The more points of entry, or code you have running, the greater the risk. As @joekamprad also pointed out, Linux is open source so it can and is regularly audited by individuals, commercial organisations and government bodies, as opposed to Windows which is closed source.

It is very hard to compare the actual lines of code required to run Linux compared to Windows as they work on two different models. A lot of the core functionality and drivers are part of the Linux kernel as opposed to Windows, as Windows uses external executables (.exe) and Dynamics Link Libraries (.dll) to achieve the same thing as well as 3rd party drivers. So despite the Linux kernel being ~40M lines of code and the Windows kernel being ~15M lines of code, you will probably find in reality the actual code to run a system would be similar. Plus you are opening yourself up to third party drivers under Windows which can be very big risk.

The other option you have under Linux is to compile the Kernel yourself and decide what you want, or don’t want in it. Under Windows it is very hard to disable certain features (some services just can’t be stopped or break other things) and if Microsoft wants to throw adverts at you, or scrape data from your machines, it is very hard to stop it. That is why there are ‘special’ versions of Windows for government bodies that Microsoft don’t offer to normal end-users, that disable a lot of the above. That also slightly leads to the question of what is a security risk? I personally don’t like the idea of Microsoft having access to my machine and any information they see fit.

Please don’t confuse memory safe programming languages with system security (this is a very big topic and I’d suggest you do more reading on what memory safe languages are). Obviously there has been a lot of talk about the Rust programming language, but first you need to understand a bit about the C/C++ programming language.

Very briefly; C is very fast as it is up to the programmer to allocate and deallocate memory used by the program as well as make sure there are no memory conflicts. The code is then compiled using a C compiler to opcode/machine code for the particular processor/platform to make a binary executable (.exe in Windows terms). Now programmers are human and make mistakes (I’m a commercial developer and I make quite a few, which is where testing comes in). Now if you forget to deallocate the memory after you’ve finished using it, not only will you have a memory leak but something else may end up reading it, or if you don’t allocate the correct amount of memory you could end up with an overflow, the program or operating system may crash or numerous other things. Also you may end up using part of the memory you’ve already allocated to something else that may lead to problems or another part of your program being able to read data it shouldn’t. These can lead to security problems but doesn’t mean they will.

Rust on the other hand is a memory safe language which will stop you (well try very very hard) from doing the above. That’s obviously a good thing, but ultimately it will still be compiled down to an executable program the same as C. Can you write memory unsafe code in Rust? Yes if you try really hard, or you don’t know what you’re doing. Can you write memory safe code in C? Yes we’ve been doing it for decades, or nothing would work, but it is very dependent on skill and can be difficult in very large code bases.

The above purely relates to memory safe programming languages, and there are obviously more than 2 programming languages and we never covered memory garbage collected languages such as Go (Golang as it is often referred as searching for Go on the Internet is very useful) which I use on a daily basis ), interpreted languages such as Phython and Javascript, or JIT (Just In Time) languages such as Java.

There are many more ways you can write software to have security vulnerabilities than just memory safety and it is just a small piece to a very large puzzle. You will also not see any major operating system completely re-written in a memory safe language for at least 5-10 years as it is a huge task.

In conclusion:

1. “sandboxing on linux is either non-existent or weak enough that it may as well be non-existent” - You can sandbox pretty much anything to whatever level you want, and I never even mentioned the likes of AppArmor.
2. "linux has near zero exploit mitigations compared to, “any other modern OS.” & Windows and Mac to, “Moving toward memory safe languages” - Very vague statement, what are we classing as exploit mitigation? I’ve dealt with a day 0 virus across several hundred Windows machines… On that day I was definitely thinking I was lucky to be using Windows. Also Randsomeware infected machines, because people love to hit that YES button, whatever the warning is. It is all about a compromise between usability and security, want a machine with no threats… disconnect your machine from the Internet and any networks… problem solved. Memory safety covered above - bit of a mute point.
3. “the linux kernel itself is lacking in security. It claims there is a colossal amount of code all running within the most privileged areas of the operating system” - Erm… its the Kernel that’s what it is meant to have access to. Security layers are built on top of & around a Kernel. And her’s an example of why those pesky Windows DLLs can be dangerous -Windows 10 and 11 Security Measures Circumvented by DLL Hijacking Technique

Summary - IMHO the person you are quoting is either extremely lacking in knowledge, or has a extreme bias, or agenda.

“If I had more time, I would have written a shorter letter”

I’ll play in my own sandbox. It’s purple sand!