[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Desktop Environment

Hi Mateusz,

I'm not a security expert. And also I'm not an English expert ;-)

On 27/10/2015 12:29, Mateusz Kozłowski wrote:

Could You tell me which debian desktop environment is the most security
and the best privacy and which You recommned for debian users? (KDE, XFCE, GNOME etc.)?

I think that your question is not correct or it is a nonsense.

Today the most security DE can be XYZ, but tomorrow it can be another one.
The worst security DE can be the best one for your DE usage.
Note: I think that nobody can say what is the most security DE
You must define what is "security" for you. So what is mandatory to you and what it isn't. Also you must define a maximum "cost" for your security (probably you won't spend 1B$ or spend 23 hours/day in your life to take your browser history secret) and... Note: I think security is subjective and can have a different definition in different time, situation, ...
and so on...

First you can start installing some interesting packages (Note: I'm using Stretch and I don't know which Debian version are you using, so I don't know if you can install all the following packages) that can be used for monitoring and improving security in your system:

1) debian-security-support
with this you can have:
- during package installation/upgrading a warning for each package without or limited security support
- invoking the command
  $ check-support-status
you can have a list of installed packages without or limited security support

Note: in Stretch you can see that there are some KDE important packages without security support

2) apt-listbugs
with this you can have, during package installation/upgrade, a list of severe bugs or security bugs

3) apt-listchanges
with this you can have a list of important changes (or also lesser important changes, if you configure it properly) in packages

4) apt-show-versions
whit this you can search for packages that are not in the sources.list repositories or are not anymore, with a command like that:
$ apt-show-versions | grep availab

If a package is not in the Debian repository... so it can be a security risk

Also you can search other package related to security, for example:
$ axi-cache search check security

if you don't have the axi-cache package you can install it with
# apt-get install apt-xapian-index

You can also read some security books, you can find someone in the Debian site.


Reply to: