Linux vs Mac OS security

According to this reddit post, all of which I checked is true, Mac OS is more secure than Linux. I still doubt whether Apple steals data or not. But even if it does..That thing goes down to privacy. The question is, "Is Linux really the best operating system for security?"

1 Like

The mac os is a locked environment where the users don't have much freedom to do things like admin privileges are limited in mac
the story is different in the case of Linux. Linux gives all the freedom to users (literally all) so the user can make mistakes, that may cause security flaws
In my opinion, the security of the operating system lies in the hand of users
(Example: for a normal user windows is secure but for a power user it isn't because he is constantly testing things and can have a security breach)
Security in OS lies in the hands of the one using it (that's my conclusion)

4 Likes

Much of security also comes down to the user. The more control you assert over the user, the more security you can attain.

3 Likes

Well it's swings and roundabouts, but here are several instances where MacOS has been vulnerable, one only 2 weeks ago in May!:

As has been stated elsewhere, like a bad driver of a car is sometimes referred to as "The nut behind the steering-wheel!", so it goes for Computer users in general - PICNIC - Problem In Chair, Not In Computer!

One of the worst security flaws in Windows was their XP Home editions. The administrator user was hidden and no password set for it - a user would have to boot Windows XP Home into Safe mode to set password for Administrator! What I like about Devuan is that you have a separate 'root' account from the user. I have to su in a terminal and enter the admin password before I can sudo apt-get install!

For Zorin users I would advise that you create two accounts - the first one with root permissions, the second one as a standard user, which you should use on a regular basis whilst using your machine for daily tasks.

3 Likes

What the heck? All those expensive well payed programmers and no one could think about a temporary password for de admin-account?

1 Like

My gf likes to say 'there will always be someone better off than you and worse off than you'. needless to say this doesn't change my choice in operating system, but it was still an interesting read. thanks for sharing!

2 Likes

Sure, Mac OS is not secure either. I have never in my life used Mac OS. But what I gathered from those links that you provided is that those security flaws were mostly bugs and hence, Apple was able fix them. Linux also encounters such security flaws that get patched as soon as they are spotted. However, The Linux security flaws that were listed in reddit post, are not mere bugs that can be patched. Those are flaws that can be solved or to be precise, are being solved using alternatives. The Xorg security flaw is being fixed by adopting Wayland, which is not ready yet. The lack of control of apps is being fixed using Flatpaks and Snap but they are also not people's favourite way of installing apps.

Then there are problems that have no proper solutions yet:

Linux also lacks the concept of verified boot or system integrity verification. In fact, most distros don't even do UEFI Secure Boot right - the verification ends at the kernel and the initrd is left unverified, unencrypted and vulnerable to evil maid attacks. There is no protection against persistent malware whatsoever too, even if you manage to protect the initrd, because there is no verification that extends to /usr, /bin, /sbin, and various other directories. macOS on the other hand has proper verified boot from the firmware to the system volume, protecting it from both evil maid attacks and persistent malware. Beyond verified boot, it also has system integrity protection, limiting what the root user can do.

There is also no proper solution yet to prevent a "malware" from gaining access to root files. Malwares in Linux is rare but it is still there. In Linux, you can make changes to root files just by using "sudo" and enter the password. In Windows and Mac OS, even if you gain admin privileges you will still not be able to delete or access critical files.

What you said is true, but what about the underlying security flaws that come along with the OS? And like I said privacy!=security. Mac OS does brag about being more privacy-friendly than Windows, which I truly believe in but I still don't believe that they are more privacy friendly than Linux. Telemetry in Mac OS is largely optional and unlike Windows, which tends to collect information even after you disable telemetry, Mac OS does not collect info after you disable telemetry. Privacy is I think a topic for another thread.

I would like to believe that, but I don't think the point stands straight. The more control you give to the user the more likely it is that the user will let a malware (or run a dangerous script) to do its thing. Windows and Mac are already more secure in that respect.

Edit: It stands straight! My poor Grammar skills... -sigh-

1 Like

Actually, you just said the same thing I said. :wink:

1 Like

?? I spoke against the statement..The more control you give to user the more likely it is that the user will run a script or an app that may potentially harm their system.

The more control the OS develoepr asserts over the users, then the more security the OS Developer can attain, since they limit the users ability to perform actions that could compromise the system.

1 Like

Ah...You see I am not very good in English especially prepositions! Sorry.

Me, either. You can see how I need to go back in and explain myself, time to time.
Frankly, I find your ability to fluently speak multiple languages utterly amazing.

1 Like

But Devuan does not allow standard user to use sudo, nor does it make standard user created at time of install part of the wheel group - and that is where Arch based distros also score highly by preventing such shenanigans. Whilst security is an important issue, Windows since version 7 is spyware. Mac has some clear vulnerabilities too if you look at that article in the link I entered at the top of this posting. Privacy is yet another aspect of security which is being overlooked:

The same could be said for Chrome:

Also:

And then there is the CPU Chip vulnerabilities that no OS can control without a patch being applied:
https://www.consumerreports.org/digital-security/staying-safe-from-meltdown-spectre-security-flaws-in-computer-chips-a4592702030/

It has...The same kind of vulnerabilities that linux and Windows and Chrome OS has. The kind of security flaws that I mentioned are flaws that cannot be cured until you create an alternative like X11 has to be replaced Wayland. And even when alternatives are created, they have flaws of themselves. The recommended way of installing apps in Ubuntu is by using a third party repo or a .deb file, because apparently flatpaks and snaps are not ready for use yet. The apps installed using a third party repo can have permissions that could potentially harm the OS and you can't even change these permissions "the proper way".

To be precise, I am talking about security flaws that have existed for so long and even after people knew about it they could not fix it because, it is simply not possible to fix it. The only way you fix it is by replacing it completely. The links you provided are security flaws indeed. But they are of the kind that get fixed as soon as they are spotted. -because they are just bugs- . Linux to has these kinds of bugs, that get patched immediately when spotted.

I would like to know more about how Arch prevents this. However, Arch too has severe security problems and the devs are not even interested to fix the problem. The way of installing apps is way more unsecure than any other package management system I know of.

Like I said, privacy!=security.

https://www.howtogeek.com/765272/privacy-vs-security-whats-the-difference/

Also read my text:

Indeed. But I don't see how that comes into the discussion.

I read this blog by Apple and it truly won over me by the way.

1 Like

My Top beautiful Linux homepage list is :

It is worth weighing in on this, since the concept of what counts as "secure" may be inflating the severity of issues in this discussion.
For example, X11 security vulnerabilities are very Minor, not worth exploiting and are only exploitable with Direct Access, not remotely:

Is Wayland more secure than X11?
No... It just has different vulnerabilities. So, if you consider it to be more secure when comparing only what it is secure of against what X11 is vulnerable to; it might appear more secure. But look at the vulnerabilities that it has and it clears that illusion.
Moving back to the vulnerabilities in X11 - this is partly due to X11 accepting that other security features cover the known vulnerabilities (though minor) in X11. This is a very important distinction, since this is how most systems within almost all Operating Systems all work. For example: UFW. SUDO. etc.
Wayland lacks this.
One of the noted things security-buffs point out is a lack of isolation as being the primary vulnerability in X11.
Wayland has no isolation and cannot as Wayland cuts out the interpreter entirely and communicates directly with the kernel.
I mean... that is the entire selling point for what makes Wayland better as a compositor. Without that, it has zero advantage over X11.
And let's be honest - that is its only advantage.
So if Isolation is an issue... then Wayland has a big problem. Except, as covered above, isolation is not really an issue since other security features in Linux are tasked with covering that side.
This really flops the argument - as only if isolation is somehow essential to security can the argument even be made.
Which makes sense when you think about it...
It is functionally impossible to make any desktop environment, Mac, Windows or Linux, so secure as to have total isolation within its system. You can well believe that if that was possible, then it would have been done already.
Isolation is great - if it worked. But it doesn't.
We see this with Flatpak and Snap which were developed not for security, but entirely for ease of Package Portability- that the devs then used that sandboxing as a supposed selling point to promote Flatpak or Snap as "more secure." Except... that sandboxing inhibits flatpaks and snaps from communicating with necessary components of the system, causing them to ...
Not
Work.
Thus- flatseal was born... which completely undercuts and removes that sandboxing security that the devs touted the app for in the first place.
Is Wayland more secure than X11? No...
For example:

Finally,
Is MacOS "more Secure" than Linux?
This is a loaded question. It is like asking, "Is Chocolate ice cream better than vanilla?" Any answer is only meaningful when compared against how it is applied.
A worse question that still would apply would be: "Is chocolate ice cream better than a Ford F-150 ball joint?"
The thing is, they are both equally Generally secure.
Mac OS has better security for Desktop Users because it limits Desktop Users more severely than Linux does, inhibiting the users ability to infect their own machines.
However... Server side, Linux is more secure than Mac OS for running servers, when properly configured. Not just due to operational obscurity, but due to actual configuration.
Much like, "What is the perfect ___ for..." or "What is your favorite_____?" the questions only have meaning to the individual, not to the masses.

Is Linux secure for the desktop user?

YES.
Linux is a very secure system that the desktop users can feel comfortable and confident in using. Like any computing system, it is not absolutely secure. And no OS is.

Does this post belong here? I am confused.

Yeah this was the counter-argument I wanted. Thank you for the insights.

That is what I was saying also. Neither Wayland nor Flatpak and Snap are ready yet. And other packaging systems and X11 are not better than them either. What's the point of getting rid of the others if the new ones aren't any better either.

Also, I am confused. Your points tell linux is not secure, yet you say linux is secure for desktop users later in the same post? Isn't that contradicting your points?

Uhh, I can't understand this.

The only counter arguments that I received were:
1: Linux is more secure because Linux is less popular. Which is totally wrong because malware may be less but they exist for linux as well.
2: Mac OS has vulnerabilities also. But Linux Desktop has flaws within the utilities like the
the display protocol and package management. Package Management is an issue for the servers as well. Mac OS has vulnerabilities that can't actually be called flaws. Bugs would be more apt, as they can easily be fixed and patched.
3: Mac OS is proprietary and potentially collects data, hence it is less secure. Privacy!=Security.

Fair. I am sorry for not being clear, that I was speaking for Linux desktops.Mac OS servers have been discontinued.

Is linux only for server users?

Yes it is. In the same sense Windows is.

Why have people gone on saying that Linux is the most secure usable desktop for more than a decade, when it is clearly not? Mac OS to me seems more secure.