I'm curious about how you were infected by a rootkit, which one it was,
and what you did to discover it? Using a Sandbox is a great idea for
those two, except of course those are generally the applications with
the most sensitive data as well. I always try to disable html email,
but people insist on using it...
On Tue, 2015-10-27 at 16:25 +0100, Elmar Stellnberger wrote:
I would believe that it will heavily depend on how you configure your
desktop environment:
* One feature I do always turn off is desktop auto indexing because
otherwise even storing an email attachement just for invoking it with
an
online view-as-jpeg service could cause an infection. Note that you
may
have to do this twice (once for Gnome and once for KDE) if you have
installed according programs of both environments.
* select starting a new session on every bootup (the session
restoration
can be used as a hook for ephemeral and home directory rootkits)
* under KDE there is a list of background services that always run;
you
may reduce it to what you really need (invokable via systemsettings)
* likely there are other important configuration options (ask for
your env.)
* get some understanding of what your X-server does (f.i.
http://www.elstel.org/xchroot : problems with a pure chroot, trying
to
resolve these problems by hand)
* double check the security of the underlying system (netstat -atupn)
* note that your email program and your browser are the two most
vulnerable parts of your desktop environment; consider running them
under qemu in a virtual machine
Once you would comply with all these hints you may likely discover a
rootkit inside the virtual machine for emailing or browsing as I did
lately. The KDE environment of the host system did not appear to have
compromised the security of the whole system so far at me.
Elmar
On 27.10.2015 12:29, Mateusz Kozłowski wrote:
Hi,
Could You tell me which debian desktop environment is the most
security and the best privacy and which You recommned for debian
users? (KDE, XFCE, GNOME etc.)?