Hi everyone,
I'm planning to switch from Microsoft to Linux. MX Linux seems for my older machine the most fitting right now. I searched but couldn't find their source code. Where can I find it? The reason behind my question is: why and how can I trust this specific Linux distro more than Microsoft? Did some security experts actually test it for backdoors and datasending? I always have doubts that Microsft sends data or keystrokes back home but how could I feel more safe with Linux? The people who provide it seem to be kind to take their free time and program it, but I don't know them. If they were bad they could even put some hidden backdoors to their distro and get data from me too.
Can anyone convince me that it is safe to use and relieve me from my doubt?
Thank you in advance for your answers!

Sorry? The sources are just there, in their repo:
http://mxrepo.com/mx/repo/pool/

These are MX-specific packages or, at least, packages changed by MX. MX is based on AntiX which is based on Debian, so the rest is in their respective repos.

Or were you looking for git repos? They are here:
https://github.com/MX-Linux

1 members found this post helpful.

Thank you. And what about the last part of my question? How can I really trust this distro is safe to use and free from backdoors?

I'm afraid you will not find a single link to the source code of every piece of software included in MX Linux.
From the other hand if you were not really familiar with compiling/building/packaging software it will not help you anything.
You can find kernel related source code at www.kernel.org, but you will hardly identify the code part[s] which handle the key presses. Also would be hard to find the piece which sends your keyboard activity to anywhere.

But believe me, it was already checked by hundreds/thousands of people already, you do not need to do that.

1 members found this post helpful.

There is a certain amount of trust inherent in the use of any software. I trust open source simply because there are, for most large projects, far more eyes on the code than any proprietary project. Not to say Microsoft and Apple don't review their code, but they have to pay people to do it and are under intense financial pressure to keep schedules. Open source projects are not and the number of people that can look at a given project is essentially unlimited.

I have been using open source operating systems and software for over 20 years and have never had a single issue in terms of security or unusual traffic generated by an application or the operating system.

Yes, I am typing this from a Mac but of the 2 large commercial OS vendors, I trust them far more than the other.

1 members found this post helpful.

Do you trust Microsoft?

I never have - but I do trust the integrity of FOSS coders, be they Linux or BSD.

(I also have been using Linux, & BSD, since 1999 without any worries.)

As shruggy says - start here for MX Linux specific code: https://github.com/MX-Linux

Then do the same for Debian code.

Have fun! You'll be very busy!

1 members found this post helpful.

Security is about the balance between your effort and resources and the amount of effort and resources a hacker or malicious company is willing to invest.
Checking (all) code is probably far beyond the effort you as a person might want to spend, as previous answers tell you.
And then, after checkig the code? Start all over for all updates? Practically impossible.
You can always check outgoing and incoming traffic, to look for suspicious behaviour.
- Whireshark
- Maltrail
- TCPview
- Etherape
- etc...
Check open ports with zenmap or on grc.com
Check your logfiles.
Read articles about security.
I share your doubts about closed source and certain companies, but in the end the measurements you can take are not too different.
Trust or no trust, you have to deal with it.
Perhaps look at it from this perspective:
Do you trust the breaks of your car? Did you take them apart and refitted them? Or did you test them on the road? We're talking about something relatively easy vs risk of lives...
I guess you rely on the garage that does the yearly check-up of your car...

2 members found this post helpful.

With all the reservations. Don't use it.

Gift horses don't care. I know MX forums has a lot of old fogies using their distro for their bank needs.

Maybe a cute Puppy will make you feel better http://puppylinux.com/

Since old gear is mentioned.

Hi,

I have been using Linux as my main operating system for over 14 years and I have never had any security issues. I've used OpenSuse, Ubuntu, Mint, CentOS and Fedora.

Perhaps, you can install Debian with XFCE desktop. It is good for older hardware.

Good luck!

Thank all of you for your answers. You all trust your distros. Oh k. What else can a non-coder do? I have been doing this with Windows for years - but always with doubts. And now with Linux doubts come up in mind too. What I'm missing are sites or videos on y*utube where coders show how to decompile the distro ISO and check it against the source code. Because even though the source code is available, one still doesn't know if the system one is running actually uses THAT code...
I havn't found a video about that. Does anyone know of such a check page?

First of all when you buy a car, a mobile phone, whatever you need to trust.... There is no way to decompile/reverse engineer them, but you need use them without really knowing how are they working and how are they assembled (that is just impossible).

You do not even need to decompile an iso, because you can [re]create it any time you wish (and if you understand the steps required).
But anyway there are people out there who really check how does the given software behave and publish their findings (if they want).

Being a coder has zero to do with using open source products. Just use the products or don't. Keep in mind that Linux runs most of the Internet: DNS, web, etc so large organizations trust it. It is a decision you have to make. If you are OK with Microsoft watching everything you do then you should be fine with using an open source operating system that doesn't.

1 members found this post helpful.

Without knowing more about your actual situation, I have two thoughts:

Firstly - if you want to see a lot more involved/hands-on installation, try something like Gentoo or Slackware. I know, not probably 'newbie friendly' - but you will get a relatively good look 'under the hood' as you install the system in terms of exactly what packages are being loaded, where they come from, etc. If you actually intend to review everything exhaustively line-by-line it could take years.

Alternately - if your goal is to have something that adheres to some sort of published security standard, I know Oracle Linux offers that, as well as various audit tools, because they target it at business/government users who do that kind of thing. I've never gotten the nVidia drivers to work properly in OL (it works with EPEL so they exist in a repo it can use at least), but otherwise it seems to be a competent RHEL/Fedora-based OS. During install it can walk you through various options for encryption, FIPS-compliance, audits, etc but then its on you to do whatever with the logs/output of those tools. This isn't to say that more conventional desktop distros like MX, Gentoo, Slackware, etc aren't secure, its more that Oracle is trying to target a certain kind of user that needs compliance (on paper) - maybe that appeals to you as well. I'm unsure exactly what hardware you have, so I couldn't speak to performance.

More info:
Gentoo:
https://wiki.gentoo.org/wiki/Handbook:Main_Page (select your machine's architecture to view the appropriate handbook)
Slackware:
https://docs.slackware.com/slackware:install
https://docs.slackware.com/slackware:beginners_guide
Oracle:
https://www.oracle.com/linux/security/ (keep in mind many of the 'support' or 'automated management' options will cost money - that's how Oracle keeps their lights on - but the OS itself is free)

All of this said, I agree with sevendogsbsd - "If you are OK with Microsoft watching everything you do then you should be fine with using an open source operating system that doesn't." Even a 'bad' thing in open source, like when Ubuntu's desktop search app was starting to integrate with Amazon (which, from what I understand, was done because Canonical need(ed) revenue, and assumed people would find the feature useful), was met with massive backlash and very rapidly removed (and they no longer offer that app), but even the way that app worked was massively 'less worse' than some of the things I've seen come out of Windows in the last few years (as in, it still stayed in its own corner - it wasn't system-wide and it was removable). The fact that it was all out in the open for everyone to see is part of the reason I think a lot of people trust FOSS - even the problems are public, so there's no PR spin hiding things people don't like. I would personally say pick any up-to-date Linux distro that works with your computer and be happy.

3 members found this post helpful.

tux2x,

I am sure that your enquiry is totally genuine, but I cannot help thinking about the old joke:



I do apologise in advance.

4 members found this post helpful.