[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debians security features in comparison to Ubuntu

Joel Rees:
>> He told me to use Ubuntu instead. He explained that with the fact,
>> that Ubuntu has more security features enabled than Debian (also
>> more compiler flags for security) in a fresh install. He gave me a
>> link to the following site: 
>> https://wiki.ubuntu.com/Security/Features
> That's a good list of all the currently fashionable "security" 
> features for Linux. Some of the items in the list are meaningful,
> some are not. Most might be if you know what you are doing with them.
> None of the meaningful items in that list are unavailable on Debian,
> and the defaults are reasonably secure in Debian.

The problem is, that Debian lacks a page similar to:

As you can see, that https://wiki.ubuntu.com/Security/Features page
looks impressive to new users. I guess Debian is losing a few users to
Ubuntu, because Debian does not have such a page.

> This will be an issue with any OS you
> choose, even seriously secure OSses like openBSD.

Is OpenBSD a seriously secure OS?

Last time I checked, OpenBSD didn't provide signed packages for the
package manager by default. Using OpenBSD signed packages for updating
only seemed ridiculously complicated.

"OpenBSD is thought of by many security professionals as the most secure
UNIX-like operating system"

Well, for experts eventually, not for normal users! And I am wondering
which security professionals they are quoting and from when these quotes

> Do not surf the web as root or as any administrator login id, of
> course.
> Speaking of admin login ids, it's a good idea to have one non-root 
> login id that you only use for administrative tasks. And you should 
> avoid getting onto the web when logged in with the admin id. Which 
> means you need another id for general use, which makes two strong 
> passwords, three if you allow root login.

After reading the following blog post


it seems to me, that user account level isolation isn't very strong.

Reply to: