[SOLVED] Everyday distro for security and privacy?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To encourage someone is to let them see beyond their own limitation.
Quote:
Originally Posted by jsbjsb001
Kali's own developers say that it isn't meant to be used as an "everyday" system. It's only meant to be used by experienced Linux users, and even then only for network penetration testing, and not for general purposes. So why you would be encouraging people to use that distro out of all distros for general purposes is simply beyond me..
To encourage someone is to let them see beyond their own limitation. Also it gives people an idea of what they are interested in instead of the "usual" have this, get that attitude. Kali CAN be locked down just like other Linux systems.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by PECONET009
To encourage someone is to let them see beyond their own limitation. Also it gives people an idea of what they are interested in instead of the "usual" have this, get that attitude. Kali CAN be locked down just like other Linux systems.
IF you do NOT learn, you will not learn at all.
That doesn't change the fact that Kali's developers explicitly say on their own website that it's once again only for experienced users, and again, even then only for network penetration testing purposes. Or are you saying you know more than them? Sorry, but you don't. So it's still bad advice to be giving to someone who is a new user.
While no one said Kali can't be "locked down" this is beside the point. You don't learn a distribution to do penetration testing, you learn the tools, which can be installed on virtually any other distribution. But before you learn the tools you find in Kali by default, you need to learn about Linux. Otherwise, how do you reasonably expect someone to be able to hack any system? Well, you need to understand the basics of Linux before you can do anything don't you ? And tell me how a far more suitable distribution won't allow you to learn ? Almost any other distribution would not only allow one to learn, but would be far more suitable. And tell me how a distribution that runs as root by default is "more secure" than a far more suitable distribution ??
So sorry, but spare me the nonsense arguments please.
That doesn't change the fact that Kali's developers explicitly say on their own website that it's once again only for experienced users, and again, even then only for network penetration testing purposes. Or are you saying you know more than them? Sorry, but you don't. So it's still bad advice to be giving to someone who is a new user.
While no one said Kali can't be "locked down" this is beside the point. You don't learn a distribution to do penetration testing, you learn the tools, which can be installed on virtually any other distribution. But before you learn the tools you find in Kali by default, you need to learn about Linux. Otherwise, how do you reasonably expect someone to be able to hack any system? Well, you need to understand the basics of Linux before you can do anything don't you ? And tell me how a far more suitable distribution won't allow you to learn ? Almost any other distribution would not only allow one to learn, but would be far more suitable. And tell me how a distribution that runs as root by default is "more secure" than a far more suitable distribution ??
So sorry, but spare me the nonsense arguments please.
You have your flavour of Linux. I have mine and it does me just fine.
Oh by the way my Kali does not run as root.
-------------------------------
If you do not learn, you never will.
Last edited by PECONET009; 11-06-2019 at 09:17 AM.
Reason: Additions.
If you must stay free unfortunately the only way is combining various systems. Like starting with Gentoo and portage and converting results with alien into debian style system or similar. Or use MacOSX (hackintosh) with macports or similar.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
My point was that much of the same code goes into all distributions and much of the same security practices apply to all OSs.
There is no "sucurerer OS" -- most OSs, including the Windows ones, now have security at the core. It's how you use it that counts.
Don't get hung up about "the best for security" just pick one hou like and run the process of securing it.
Thanks for your answer and the information provided, beachboy 2. Just a couple of clarifications:
- I am looking for an everyday distro security- (strenghtened by default against external threats), privacy- (not sending data home), and stability-oriented (few bugs, crashes...). I am aware that those three concepts do not always go together hand by hand on the same distro, that's why I am asking for one that may 'balance' the three. Also, I explicitly mentioned that I was not talking about Tails, Quebs, etc. (which provides you tighter security, privacy, and anonymity), but are not for everyday use.
-I don't use Duck Duck Go. I use Startpage. DDG has a close partnership with Yahoo, which makes me very suspicious, considering that Yahoo sends data to the NSA. Besides, DDG is based on US, and can be 'forced' by law to start collecting users' data without any prior notice.
Thanks.
I would go with Parrot OS for the security all in one distro. I do like Parrot OS and have tried it but I like Kali more since it has many books on it of which I have purchased. Parrot OS is built from some of Kali Linux so you can choose either one really, give it a go on either and see if you like it.
Last edited by PECONET009; 11-06-2019 at 02:30 PM.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by lisamint
Thanks, fatmac. I also checked out MX Linux. Although different, I came to the conclusion that Linux Mint could do the same job in terms of stability (maybe I am wrong).
If you use LMDE3 then it is Debian, just currently Debian oldstable with a few Mint conveniences.
Hi 273. Thanks for your comment, but I don't get it.
Just to clarify: A Web search for Security is a process shows that we did not invent this statement. You might want to read Bruce Schneier's essay.
Quote:
Parrot OS, for instance, is a 'security- and privacy-oriented distro' (apart from the testing and hacking) because it comes with several tools installed to achieve those goals (e.g., Tor, encryption software, Anon, Firefox with HTTPS and Ublock Origin preinstalled. Anyone using a different distro can also install those pieces of software and achieve the same level of security, privacy, etc. So, maybe, what I was really asking for in my original post had to do more with the code of the software itself; I mean, regardeless of the software pre-installed in each Linux distribution, is there any distro(s) that provide more security, privacy, and stability than others based uniquely on how they are built (in terms of code)?
I would argue that something like Parrot OS provides less security because it "sells" you some buzzwords and the warm fuzzy feeling that "all that" is taken care of and you can just start browsing.
Because that will make you more vulnerable than, say, someone who just uses any mainstream Linux distro and installed those addons themselves.
I would go with Parrot OS for the security all in one distro. I do like Parrot OS and have tried it but I like Kali more since it has many books on it of which I have purchased. Parrot OS is built from some of Kali Linux so you can choose either one really, give it a go on either and see if you like it.
Thanks, PECONET009. So, using my example, do you think that by installing the same security/privacy tools available in Parrot I would achieve the same/similar level of security/privacy in Mint? Or, asking the same question differently, if you don't take into account the sofware that comes pre-installed, do you think that Parrot OS is less/more/as secure as Linux Mint?
Just to clarify: A Web search for Security is a process shows that we did not invent this statement. You might want to read Bruce Schneier's essay.
I would argue that something like Parrot OS provides less security because it "sells" you some buzzwords and the warm fuzzy feeling that "all that" is taken care of and you can just start browsing.
Because that will make you more vulnerable than, say, someone who just uses any mainstream Linux distro and installed those addons themselves.
Thank you, ondoho. I think that's the approach I am taking myself. As I am not sure whether other 'everyday use' distros will provide me with more/better security and/or privacy, I strenghtened the one installed on my laptop (Linux Mint), installed the right apps (e.g., Firefox, VPN, Veracrypt, Keepass...), and use 'common sense' to remain secure.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
There are very few, if any, distributions which provide something that the others do not have available when it comes to security. They all use the same codebase but just package it differently.
Really, just use something you find easy to use and install and read up about best security practice. One thing I have found useful, for example, is NoScript in Firefox (so not even OS dependent) and I know it prevented a (Windows) machine I was using from being infected by a worm because I was in a positio to turn the protection off and let the anti-virus remove the worm.
Just for the record and to make it very clear:
I do NOT recommend a pentesting distro to someone who wants "security and privacy". These are two different pairs of shoes.
This certainly goes for Kali, which is designed to run (read-only) from a USB stick anyhow, but also for Parrot OS which just parrots popular demand and is neither fish nor flesh, an accident waiting to happen.
I also do NOT recommend an advanced user distro that will leave the OP help- and clueless and therefore less secure.
I do recommend Debian Stable, MX Linux, and a few others.
Out of the box Parrot has all the security that you need.
Quote:
Originally Posted by lisamint
Thanks, PECONET009. So, using my example, do you think that by installing the same security/privacy tools available in Parrot I would achieve the same/similar level of security/privacy in Mint? Or, asking the same question differently, if you don't take into account the sofware that comes pre-installed, do you think that Parrot OS is less/more/as secure as Linux Mint?
Thanks.
Out of the box ParrotOS has all the security that you need.
With other Linux distros you can make them similar to Parrot, BUT, you will either have to search for the security software or rebuild them from the source code yourself, not hard to do but it does take some time. I did, and still do, like ParrotOS but it does have some issues with some updates that keep on breaking the operating system itself. I would suggest that you try out ParrotOS and get a feel of it first. Kali Linux and ParrotOS are very similar except in name. Kali Linux, to me, is the best bet. Many people on here are going to suggest the opposite and will try and get you to stear clear of these two operating systems, I have no trouble with any of these two except ParrotOS now and again with its updates that does break now and again. Kali Linux does not, touch wood, have these issues. I do not have any issues with any attacks from any outside sources since I am not having anything running as root which seams to be the problem with many others on here that do state that it does. I have been using Kali Linux for near on six months with no problems, except from the start when I did remove a very important base code and tried to reboot the system and had found out that it would not boot. I just learned my lesson on that one, but now Kali Linux is running nice and smooth, Kali Linux has everything that you need and then some extras if you need them.
If you do need more help with setting up Kali Linux then contact me on here and I will take you through the installation that I use, or I can sent the full info to you in an email, if you would like to me to do that.
-----------------------------------
IF you do not learn, you never wiil.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by ondoho
Just for the record and to make it very clear:
I do NOT recommend a pentesting distro to someone who wants "security and privacy". These are two different pairs of shoes.
This certainly goes for Kali, which is designed to run (read-only) from a USB stick anyhow, but also for Parrot OS which just parrots popular demand and is neither fish nor flesh, an accident waiting to happen.
I also do NOT recommend an advanced user distro that will leave the OP help- and clueless and therefore less secure.
I do recommend Debian Stable, MX Linux, and a few others [Slackware].
Nailed it.... I made a slight modification to your last sentence.
There are very few, if any, distributions which provide something that the others do not have available when it comes to security. They all use the same codebase but just package it differently.
Really, just use something you find easy to use and install and read up about best security practice. One thing I have found useful, for example, is NoScript in Firefox (so not even OS dependent) and I know it prevented a (Windows) machine I was using from being infected by a worm because I was in a positio to turn the protection off and let the anti-virus remove the worm.
Thank you, 273. That's possibly the answer I was looking for. Since the codebase of each distro is similar, the way to go is to find the distro that meets your needs and equip it with all the security and privacy tools at your disposal.
By the way, YOU are a free man (not just a number): you are using Linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.