*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It is often said that security is a process, not a product. You can secure both Linux and the BSDs equally well. Some distros and BSDs do have a security focus, however, like OpenBSD, as hitest said.
... and I read that BSDs are theoretically more secure than linux.
Can you explain to me what that means? In particular, how can anything be 'theoretically' secure. I understand what 'practical' or 'in practice' security might be (and it certainly isn't just the stuff that you get on the DVD that determines the practical security of some operating system).
You argue about 'potential for security', and that might be a worthwhile discussion, but it isn't necessarily decisive; most people don't configure their systems to anywhere near their maximum potential, for whatever reason, so that might not be all that relevant.
And what about all of the 'add-ons'; you could look at stuff like Snort, SELinux/AppArmor, Bastille, GRSecurity, Nikto, RKHunter, etc, etc as not being part of the operating system, but being add-ons that improve security. So, what value do you place on easy install and easy configuration of these add-ons? Certainly there are things that improve the basic security of the system, and you end up with a pretty secure system if you use the potential of all those utilities, but do you take points away from a system that just doesn't make it easy to get that advantage?
And, quick availability of security fixes has got to be an important security aspect (and even some Linux distros do better on this than others); if package management isn't up to scratch (again some Linux distros better than others) you'll probably be a bit nervous about applying that security fix to your critical server, which is a factor, and (usually) your distro has to make it available in the first place.
And, I'd accept that BSDs can have some advantages in some security aspects over Linux, I just don't understand how to discuss the question further without more information, and, even then, it might be difficult.
Quote:
Originally Posted by justlooking
... more secure than linux. Are these claims true or false?
Well, if someone just says one is more secure than the other as a blanket statement, that's probably either false or meaningless. OTOH, you could probably define the conditions more clearly (...on a server, on a desktop, in the enterprise, for a start, with a competent admin or just 'using defaults', for a second, how much attention given to improving security over 'the default', for example) and get at least a slightly meaningful answer.
Quote:
Originally Posted by justlooking
I have little knowledge of the BSDs and I read that BSDs are theoretically more secure than linux. Are these claims true or false?
Bear in mind that I could easily (!) come up with a much more secure version of Linux; I'd just rip out all of the networking code and ensure that the system was locked away to prevent 'bad' physical access. For some reason, most people don't do this.
Your question almost comes off as a bit of a troll bent on inciting a religious war. I'll give you the benefit of the doubt here though and share some of my thoughts. I'm sure there are many here who will take exception to my opinions. With that in mind, please don't shoot me...
I have used both FBSD and OBSD extensively. I would say that the BSD's are more secure than Linux. I'm talking default installs here. Sure, Linux can be made to be secure, but I think it takes more work to get there than either of the BSD's I referenced.
One reason being that they start from more minimal install and build up what you need from there. Contrast to many Linux distros installs that include many server packages as part of default install so people who're not yet experts sometimes inadvertently enable things they aren't necessarily aware of. This trend was pretty bad in years gone by when some Linux ditro's were competing/prioritizing on "ease" of install and convenience. This resulted in a default install where you'd have to be figuring out what to back out, and how, so it often never got done or at best backburned in favor of the next task management had loaded onto already overworked admin's plates.
BSD's also follow a different develpement model than Linux. Or I should say organizational model. Linux development tends to be much faster paced and sometimes less thoroughly tested stuff gets rolled out sooner than it perhaps should. The upside to this being that bugs are discovered early. The downside being that these bugs are sometimes exploitable. Linux is more willing to take that risk, than, for example OpenBSD.
Additionally, BSD's are a compelte ecosystem: kernel and userland. Whereas Linux is technically only a kernel that subsequently gets packaged into various "Distributions". Hence, I'm of the opinion that the BSD's tend to be more "cohesive" when taken as a whole.
This cohesiveness also extends to documentation. FreeBSD, in particular, has some of the best documentation, e.g. the online FreeBSD Handbook. Well organized and comprehensive. The documentation of various Linux distros can often be much more "haphazard" by comparison, and while some of the commercial distros well documented, the freely available online docs can be more remniscent of a teaser to incentivize management to shell out for a support subscription to get the "good stuff". This is not to say that Linux documentation sucks. Archlinux, for example, has a pretty high quality wiki.
But in the end it really boils down to your objectives. I'm running a Linux desktop because I get better driver support for desktop/workstation use, e.g. video drivers. Also a wider package selection of stuff I want to run on my workstation than, for example, OpenBSD. If I needed to build a dedicated firewall, NID, etc., however, OpenBSD would be my top pick.
But in the end it really boils down to your objectives. I'm running a Linux desktop because I get better driver support for desktop/workstation use, e.g. video drivers. Also a wider package selection of stuff I want to run on my workstation than, for example, OpenBSD. If I needed to build a dedicated firewall, NID, etc., however, OpenBSD would be my top pick.
I like the best of both Worlds, so I dual boot Slackware and OpenBSD. Slackware is a very full-featured, mature distro. OpenBSD is a second to none secure BSD.
I like the best of both Worlds, so I dual boot Slackware and OpenBSD. Slackware is a very full-featured, mature distro. OpenBSD is a second to none secure BSD.
I use Slackware as workstation, NetBSD as server. Great couple.
A day I'd like to invert
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.