Originally posted by Charlie68
View Post
For most users it's just not ready yet, the average distro is still using Xorg, also Wayland is just a part of a larger system, if there is no sandboxing having Wayland does not improve the security by much, therefore the average Linux Desktop RIGHT NOW is not really secure.
It will NOT do that well if pitted against Windows-levels of malware development.
I never said that Linux is 100% secure
looking for something 100% secure?
To protect the / home can encrypt it or you can only encrypt the data to be kept confidential and you should know this too.
Partition encryption protects against Evil Maid attacks (which are kind of unlikely imho) and keeps your data secure if someone just steals the laptop whole (a normal laptop thief, nothing fancy) and then rummages through its memory in search of a quick buck (in addition to the laptop's own resell value on ebay).
To protect against malware you need sandboxing, which is what is done on servers by running the service with a different user that has no privileges and no shell access, and on a desktop system has to be done with something like firejail.
For the sake of beating a dead horse, on Android this sanboxing is the norm and it is pretty strict. Applications can't read other application's data, nor do more than a whitelisted list of actions, period. Some folders like downloads and music and whatnot are free for all, but apart from that it's all locked down. Even if an application is compromised by a malware attack or downright malicious it won't read anything it shouldn't be able to.
Leave a comment: