Re: Debian Desktop Environment

[Elmar Stellnberger <estellnb@gmail.com>]

I would believe that it will heavily depend on how you configure your 
desktop environment:
* One feature I do always turn off is desktop auto indexing because 
otherwise even storing an email attachement just for invoking it with an 
online view-as-jpeg service could cause an infection. Note that you may 
have to do this twice (once for Gnome and once for KDE) if you have 
installed according programs of both environments.
* select starting a new session on every bootup (the session restoration 
can be used as a hook for ephemeral and home directory rootkits)
* under KDE there is a list of background services that always run; you 
may reduce it to what you really need (invokable via systemsettings)
* likely there are other important configuration options (ask for your env.)
* get some understanding of what your X-server does (f.i. 
http://www.elstel.org/xchroot : problems with a pure chroot, trying to 
resolve these problems by hand)
* double check the security of the underlying system (netstat -atupn)
* note that your email program and your browser are the two most 
vulnerable parts of your desktop environment; consider running them 
under qemu in a virtual machine

Once you would comply with all these hints you may likely discover a 
rootkit inside the virtual machine for emailing or browsing as I did 
lately. The KDE environment of the host system did not appear to have 
compromised the security of the whole system so far at me.

Elmar



On 27.10.2015 12:29, Mateusz Kozłowski wrote:
> Hi,
> Could You tell me which debian desktop environment is the most security and the best privacy and which You recommned for debian users? (KDE, XFCE, GNOME etc.)?