Linux vs Mac OS security

Chat about Zorin
, ,
18

It is worth weighing in on this, since the concept of what counts as "secure" may be inflating the severity of issues in this discussion.
For example, X11 security vulnerabilities are very Minor, not worth exploiting and are only exploitable with Direct Access, not remotely:

Is Wayland more secure than X11?
No... It just has different vulnerabilities. So, if you consider it to be more secure when comparing only what it is secure of against what X11 is vulnerable to; it might appear more secure. But look at the vulnerabilities that it has and it clears that illusion.
Moving back to the vulnerabilities in X11 - this is partly due to X11 accepting that other security features cover the known vulnerabilities (though minor) in X11. This is a very important distinction, since this is how most systems within almost all Operating Systems all work. For example: UFW. SUDO. etc.
Wayland lacks this.
One of the noted things security-buffs point out is a lack of isolation as being the primary vulnerability in X11.
Wayland has no isolation and cannot as Wayland cuts out the interpreter entirely and communicates directly with the kernel.
I mean... that is the entire selling point for what makes Wayland better as a compositor. Without that, it has zero advantage over X11.
And let's be honest - that is its only advantage.
So if Isolation is an issue... then Wayland has a big problem. Except, as covered above, isolation is not really an issue since other security features in Linux are tasked with covering that side.
This really flops the argument - as only if isolation is somehow essential to security can the argument even be made.
Which makes sense when you think about it...
It is functionally impossible to make any desktop environment, Mac, Windows or Linux, so secure as to have total isolation within its system. You can well believe that if that was possible, then it would have been done already.
Isolation is great - if it worked. But it doesn't.
We see this with Flatpak and Snap which were developed not for security, but entirely for ease of Package Portability- that the devs then used that sandboxing as a supposed selling point to promote Flatpak or Snap as "more secure." Except... that sandboxing inhibits flatpaks and snaps from communicating with necessary components of the system, causing them to ...
Not
Work.
Thus- flatseal was born... which completely undercuts and removes that sandboxing security that the devs touted the app for in the first place.
Is Wayland more secure than X11? No...
For example:

Finally,
Is MacOS "more Secure" than Linux?
This is a loaded question. It is like asking, "Is Chocolate ice cream better than vanilla?" Any answer is only meaningful when compared against how it is applied.
A worse question that still would apply would be: "Is chocolate ice cream better than a Ford F-150 ball joint?"
The thing is, they are both equally Generally secure.
Mac OS has better security for Desktop Users because it limits Desktop Users more severely than Linux does, inhibiting the users ability to infect their own machines.
However... Server side, Linux is more secure than Mac OS for running servers, when properly configured. Not just due to operational obscurity, but due to actual configuration.
Much like, "What is the perfect ___ for..." or "What is your favorite_____?" the questions only have meaning to the individual, not to the masses.

Is Linux secure for the desktop user?

YES.
Linux is a very secure system that the desktop users can feel comfortable and confident in using. Like any computing system, it is not absolutely secure. And no OS is.