Re: Debians security features in comparison to Ubuntu

To: debian-security@lists.debian.org
Subject: Re: Debians security features in comparison to Ubuntu
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 17 May 2014 11:44:56 +0000
Message-id: <[🔎] 53774BB8.9020006@riseup.net>
In-reply-to: <[🔎] CAAr43iNLXO_DxSP_B+q1MxUUnYefuyNyCEJ_mQW3bkrw+yStTw@mail.gmail.com>
References: <[🔎] 1WlNxN-1QSFPM0@fwd38.aul.t-online.de> <[🔎] CAAr43iNLXO_DxSP_B+q1MxUUnYefuyNyCEJ_mQW3bkrw+yStTw@mail.gmail.com>

Joel Rees:
>> He told me to use Ubuntu instead. He explained that with the fact,
>> that Ubuntu has more security features enabled than Debian (also
>> more compiler flags for security) in a fresh install. He gave me a
>> link to the following site: 
>> https://wiki.ubuntu.com/Security/Features
>> 
> 
> That's a good list of all the currently fashionable "security" 
> features for Linux. Some of the items in the list are meaningful,
> some are not. Most might be if you know what you are doing with them.
> None of the meaningful items in that list are unavailable on Debian,
> and the defaults are reasonably secure in Debian.

The problem is, that Debian lacks a page similar to:
https://wiki.ubuntu.com/Security/Features

As you can see, that https://wiki.ubuntu.com/Security/Features page
looks impressive to new users. I guess Debian is losing a few users to
Ubuntu, because Debian does not have such a page.

> This will be an issue with any OS you
> choose, even seriously secure OSses like openBSD.

Is OpenBSD a seriously secure OS?

Last time I checked, OpenBSD didn't provide signed packages for the
package manager by default. Using OpenBSD signed packages for updating
only seemed ridiculously complicated.

http://www.openbsd.org/faq/faq1.html:
"OpenBSD is thought of by many security professionals as the most secure
UNIX-like operating system"

Well, for experts eventually, not for normal users! And I am wondering
which security professionals they are quoting and from when these quotes
are.

> Do not surf the web as root or as any administrator login id, of
> course.
> 
> Speaking of admin login ids, it's a good idea to have one non-root 
> login id that you only use for administrative tasks. And you should 
> avoid getting onto the web when logged in with the admin id. Which 
> means you need another id for general use, which makes two strong 
> passwords, three if you allow root login.

After reading the following blog post

http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html

it seems to me, that user account level isolation isn't very strong.

Reply to:

Follow-Ups:
- Re: Debians security features in comparison to Ubuntu
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Debians security features in comparison to Ubuntu
  - From: Sven Bartscher <sven.bartscher@weltraumschlangen.de>
- Re: Debians security features in comparison to Ubuntu
  - From: Reid Sutherland <reid@vianet.ca>
- Re: Debians security features in comparison to Ubuntu
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Debians security features in comparison to Ubuntu
  - From: Joel Rees <joel.rees@gmail.com>

References:
- Debians security features in comparison to Ubuntu
  - From: "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de>
- Re: Debians security features in comparison to Ubuntu
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: Re: Debians security features: Which are active?
Next by Date: Re: Debians security features: Which are active?
Previous by thread: Re: Debians security features in comparison to Ubuntu
Next by thread: Re: Debians security features in comparison to Ubuntu
Index(es):
- Date
- Thread