Language Selection

English French German Italian Portuguese Spanish

System security? What about your DATA!

Filed under
Linux
Security

It is often said that Linux is more secure than Windows, and for enterprise workloads this tends to be very true. An Enterprise Linux system with proper hardening and configuration is an unmatched platform capable of performing very well in hostile environments.

Desktop Linux is a completely different use case, and unfortunately security configuration is sadly way behind (read: non-existent). You simply cannot make the argument that Desktop Linux is as secure as Enterprise Linux if for no other reason than Desktop Linux is used by people rather than processes.

With a Desktop Linux system, non enterprise savvy users are given the keys to a wide open platform and nothing protects them from the elements. We as a community have falsely sold our users that this platform inherits the security capabilities that you find within Enterprise Linux, we just aren't telling them the whole story.

By default, every single Desktop Linux system I have reviewed or tested fails in every possible way. What makes this problem worse? Well what about your DATA?

rest here




More in Tux Machines

Security Leftovers

  • Someone is putting lots of work into hacking Github developers [Ed: Dan Goodin doesn't know that everything is under attack and cracking attempts just about all the time?]
    Open-source developers who use Github are in the cross-hairs of advanced malware that has steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.
  • Security Orchestration and Incident Response
    Technology continues to advance, and this is all a changing target. Eventually, computers will become intelligent enough to replace people at real-time incident response. My guess, though, is that computers are not going to get there by collecting enough data to be certain. More likely, they'll develop the ability to exhibit understanding and operate in a world of uncertainty. That's a much harder goal. Yes, today, this is all science fiction. But it's not stupid science fiction, and it might become reality during the lifetimes of our children. Until then, we need people in the loop. Orchestration is a way to achieve that.

Leftover: Development (Linux)

  • Swan: Better Linux on Windows
    If you are a Linux user that has to use Windows — or even a Windows user that needs some Linux support — Cygwin has long been a great tool for getting things done. It provides a nearly complete Linux toolset. It also provides almost the entire Linux API, so that anything it doesn’t supply can probably be built from source. You can even write code on Windows, compile and test it and (usually) port it over to Linux painlessly.
  • Lint for Shell Scripters
    It used to be one of the joys of writing embedded software was never having to deploy shell scripts. But now with platforms like the Raspberry Pi becoming very common, Linux shell scripts can be a big part of a system–even the whole system, in some cases. How do you know your shell script is error-free before you deploy it? Of course, nothing can catch all errors, but you might try ShellCheck.
  • Android: Enabling mainline graphics
    Android uses the HWC API to communicate with graphics hardware. This API is not supported on the mainline Linux graphics stack, but by using drm_hwcomposer as a shim it now is. The HWC (Hardware Composer) API is used by SurfaceFlinger for compositing layers to the screen. The HWC abstracts objects such as overlays and 2D blitters and helps offload some work that would normally be done with OpenGL. SurfaceFlinger on the other hand accepts buffers from multiple sources, composites them, and sends them to the display.
  • Collabora's Devs Make Android's HWC API Work in Mainline Linux Graphics Stack
    Collabora's Mark Filion informs Softpedia today about the latest work done by various Collabora developers in collaboration with Google's ChromeOS team to enable mainline graphics on Android. The latest blog post published by Collabora's Robert Foss reveals the fact that both team managed to develop a shim called drm_hwcomposer, which should enable Android's HWC (Hardware Composer) API to communicate with the graphics hardware, including Android 7.0's version 2 HWC API.

today's howtos

Reports From and About Cloud Native Computing Foundation (CNCF)