Linux vs Mac OS security

No. I did not at any time ever say that Linux is not secure. You cannot quote me as saying that - so your claim of a contradiction has no merit. There is no contradiction.
What I have said is that there is No Possible Operating System that is 100% secure. And in making points, we can point out vulnerabilities in any operating system without claiming that it must, therefor, be an insecure system.
I say that defining the terms in security is essential in order to justify claims of Security.
I point out that anything can be claimed as "insecure" or "vulnerable", since there are no absolutes.
And I finalize with that Linux is secure for the average user. It is simply - Secure enough to be considered safe. There is no perfect Security and there are no absolutes - so no one can feel 100% confident that they are safe and secure. But this does not mean that they cannot feel confident and secure. Since it is not perfect and cannot be perfect, users can augment the security of Linux or Mac OS or Windows by

• Browsing wisely
• Doing research
• Using available tools like UFW
• Avoiding clicking things without ensuring you know the results of clicking it.

This is because the present vulnerabilities in any operating system are less threat to most average users than their own mistakes are.
To add clarity so as not to confuse again - I offer this perspective:
Do you have 100% confidence and security in knowing you will not be struck by lightning tomorrow? No. It is within the realm of possibility that could happen.
But this does not mean that you are not confident and secure enough to leave your home tomorrow and run errands and go to work... because you are plenty secure enough to believe you are highly likely to not be hit by lightning.
Is Linux Desktop as secure as Server - while I could argue it isn't, it would not matter. Because Desktop needs different security. Not an insult but... the average user simply is not a target for exploiting a vulnerability that if it exists, would yield only one data point. An attacker looks for the Millions, not the one.

This is the argument of obscurity and I addressed it here:

I agree that malware and risks exist for Linux. So, be mindful of what things you click on webpages.

I do not agree with this statement.
What you are saying is that MacOS has only bugs that can lead to vulnerabilities and the Linux has vulnerabilities that are inherent in the system and cannot be patched.
I already rebutted and refuted this claim here:

It's a misleading Red Herring to claim that "Linux is less secure because X11 doesn't isolate such and such..." because that fallacy ignores, utterly, that X11 relies on other security features included and inherent in the Complete Distro.
Your other point that MacOS lacks any inherent system vulnerabilities can be examined carefully against the vulnerabilities of "shrootless" or "powerdir" that allow user access in exactly the same way that access could be granted through X11- at least it could be granted if sudoers weren't involved... But it is. On Linux.
You can call any of those vulnerabilities a bug just as easily as any other. That fallacy is misleading.
And "powedir" is far more problematic than X11 isolation, considering that patching X11 is not really necessary due to redundant security in Linux.
Whereas in Mac, it needed a patch (not a fix because a fix cannot just be made) due to a higher threat level it introduces. Which is exactly what you claim is not a flaw in MacOS but is in Linux - you can see clearly here that it is the very flaw in MacOS that you claim is only in Linux.

This argument becomes less about facts and more about Spin. How to present the data in such a way as to lead the reader to a conclusion.
It's called "Misdirection."

I agree with this statement. However, I can point out (again) that the proprietary nature also allows more control (For Apple, not for the user) over what the user can do. This helps their security, even if it frustrates the Mac User.

No. But you just gave another Red Herring.
I pointed out that comparing apples to oranges will get you nowhere.
Throwing a red herring in with the apples and the oranges will change nothing.
What I said was CLEAR:
You need to clearly define what security you are referring to before you can make any meaningful claim as to whether MacOS is "more" secure than Linux because I could easily give examples that make it seem Linux is more secure or Mac is more secure, depending on how you apply it.
That is just Spin and I am not about Spin. Just The Facts.

Are you ....

really...
Claiming now that Windows is equally secure as Linux?

Really?

This is a bold claim.

And the traditional packaging system is flawed as well which you did not deny. What does this say?
Linux Desktop is unsecure. Yet you say:

You never said Linux is unsrcure but all of your points did. Clear contradiction.

It is very easy to define "security". In computing sense, it means the protection of you and your data when you are using your computer.

How can you call Linux a secure OS for an average desktop user, when you can't even install apps safely. The traditional package systems are flawed, appimages are flawed and flatpak and snaps don't do what they say.

They feel confident because people feed them with inaccurate information. Now don't get me wrong. I am still yet to discover whether the information is inaccurate or not. I am one of those average user who felt confident when using linux until I decided to debunk the myths and look for reality.
Most Linux users claim Linux is more secure than other operating systems. They never provide the proof. They give the counter-arguments that I talked about*.

Yes I know..Thats why when you said:

I said that Linux is secure in the same sense Windows is. You go to a random webpage and click on the large green download button and it downloads a dangerous script. I am not interested in those security flaws. They are result of the user's negligence. I am interested in flaws that are "inherent to the system".

How can you say that an average user is safe when you can't install an app securely.

It's not just X11. There are other things too. See the link I provided at the end.

I don't disagree.
Too add clarity, what I am saying is, that security flaws occur in every OS but what I have noticed is that security vulnerabilities that occur in Linux are because the way things are carried out Linux is flawed. Bugs and vulnerabilities are spotted everyday and are patched every day and this is common to all operating systems. But when the way things work in the system is flawed by itself, the only thing you can do is ditch that method and get work done in a different way. And here is the problem.

1. This is way too common in Linux. The transition to Wayland and Snaps/Flatpaks is horrible. MacOS users and Windows users never had to go through a transition like this.
2. Even after selecting a different method, the problem persists. Infact giving rise to newer problems.

As you can see this is not about spin and neither is it a red herring.

Yes. Thank you very much. That is my point.

Did I not make it clear in my previous posts, what what kind of vulnerabilities I am talking about. You also rephrased that to add clarity to it.

Also not a red herring. You said Linux Servers are better than MacOS servers. I asked you, "what about the desktop users? Linux is not only made for servers is it?"

Not in the way you are perceiving my statements. I added clarity to this in the beginning of this post.

Did I claim anything? No. I only said Mac OS looks more robust in terms security to me. Unless someone can give a satisfactory argument to me.

When I started the thread I asked and am still asking, "Is Linux really as secure as people have been saying for more than a decade?"

https://madaidans-insecurities.github.io/linux.html#sandboxing

https://www.openwall.com/lists/kernel-hardening/2020/09/23/3

It does not say that. You assert that you believe that it means that Linux Desktop is not secure.
It is inappropriate and improper for you to suggest that my points are the same thing as your assertions.

No, because you are utterly distorting what has been said.
Let's examine what I actually said:

The points I make do not validate your assertions. There is no contradiction.

Because you can install apps safely. It's called SUDO.
Just because you claim otherwise does not change reality.

Neither have you. You have spun the points I make, while ignoring the very nature of the points I made - in order to falsely claim that my points support your assertions. I do not know why you continue to ignore

But you continue to ignore that very important detail - then claim that Linux as a whole is Insecure and inherently flawed.
This is meaningless. To give you another analogy - you would suggest, by your arguments made - that in order for an Airplane to be secure, all the passengers must wear wings. That the engines must have wings independently attached to them. And while at it- the engines must be isolated from the rest of the plane, in case something goes wrong with the engine.
The Flaw in this thinking is: The passengers do not need to wear wings, since they rely on the wings on the fuselage the same way that X11 relies on the inherent security features in Linux. The engines cannot be isolated from the system - or they are pointless.
Packages, whether in third party repos or in main universe repos all must be vetted and pass through Lintian. I have a repo - I upload packages - I know the security of it; I had to jump through all those hoops just to create a repository and get packages into it. Do you have a repository? Do you know how to meet the requirements and qualifications to do it?
There is far more to Linux security than one application - especially given that these applications mesh together to work together. You cannot just nitpick one application, claim it is flawed because it lacks totalitarian security while ignoring all the security features around it that it relies upon and claim Linux as a whole is now Insecure.
That's absurd. No operating system behaves in any manner as you suggest they would need to in order to meet your definition of security and most importantly: It us utterly impossible for any devised O.S. to do what you demand. In the same exact way that you cannot build an airplane with isolated engines since the engines must be attached to the plane and coordinate and respond to the pilots in order for the thing to WORK.

The points you are making are highly misleading, by deliberately neglecting important details about Linux security in order to paint a false image of insecurity.
You present my own points back at me - spun - in order to present the illusion that they support your claims.

I have no time to temper my responses for such Utter Dishonesty. When you are ready to debate the issue by examining the Actual Points and merit of them instead of Spinning them into meanings that only support your bold claims, feel free to let me know.

So far, I am the only poster in this thread that has gone into detail, explaining more how these vulnerabilities work and what the threat level is. No one else has - and you ignore those details and instead, misrepresent what I said.
You are strongly coming across not as a person trying to model the reality, but rather - just purely wanting to fight.
If you persist in just fighting and ignoring the points as you have done, then this thread really should be closed in order to prevent more Flaming.

I will let the other moderators examine your flag.

In the meantime:
What is inappropriate in this thread is that you have

• Made up your mind that Linux is insecure
• Once done, you ignore any rebuttals that you do not wish to hear.
• Then you use only the parts of rebuttals that you can distort into some form of agreement to your claims.
• And you consistently put words on another members mouth falsely.

You do not examine their merit. You do not debate the merit of those ideas. You do not challenge the points that disagree with your view.

Why should any member on here have to tolerate that abuse? Constantly having to post again and again that they did not say what you claim?
It is more productive if you simply address what you disagree with and examine the points made. But pretending that they supported your unsupported assertion is Just... Weird.

You did not flag the post because it truly is inappropriate - but because you dislike someone addressing your behavior.
And that... is just further dishonesty.

Thread Closed.

Thread reopened on request and with examination of behavior.

You quoted a different line that I did not refer to. I even quoted the points that I actually referred to, which were:

These points tell: X11 has vulnerabilities. You say they are minor and therefore there is no need to patch them. You said Wayland shares the same problems. You also told Flatpak and Snaps are not security oriented. I also said the Flapaks and Snaps are not ready yet. You also did not deny, when I said that the traditional packaging system is flawed until your very recent post. Your argument that UFW and sudo cover up for X11's vulnerabilities itself is prey to a fallacy. X11 lets a GUI app interact with anything in the desktop without any interference. You don't need sudo to run a GUI app in 99% of the cases. UFW does do its job when it comes to covering up for X11's vulnerabilities, but it has its own set of problems. Moreover, UFW does not come enabled by default in any distro that I know of which targets the "average user". Most distro's don't come with GUFW either. How is a linux newbie supposed to know that it exists? Windows prompts to enable the firewall whenever a software is performing a suspicious task.

Yes I have.

In fact you have completely ignored the others:

You ignored them.

This is misinformation. X11 was not built with sudo and UFW as its dependencies. X11 was not specifically built for Unix, although it was largely adopted by unix-like operating systems. I agree however, that it finally comes to the operating system when hardening the security but claiming that the OS include utilities that cover up vulnerabilities of another application is fine as long as they work. I have discussed sudo and UFW in this post.

You can insult my ignorance, instead of correcting me. I don't maintain a repo of my own. I can only believe what I read or listen. And mind you, I don't do that blindly.

Quoted from one of the links I provided.

The traditional application security model on desktop operating systems gives any executed application complete access to all data within the same user account. This means that any malicious application you install or an exploited vulnerability in an otherwise benevolent application can result in the attacker immediately gaining access to your data. Such vulnerabilities are inevitable, and their impact should be limited by strictly isolating software from one another.

Linux still follows this security model, and as such, there is no resemblance of a strong sandboxing architecture or permission model in the standard Linux desktop — current sandboxing solutions are either nonexistent or insufficient. All applications have access to each other’s data and can snoop on your personal information.

In comparison, other desktop operating systems, including Windows 10, macOS and ChromeOS have put considerable effort into sandboxing applications, the last two in particular:

*Windows still falls behind when it comes to sandboxing, but it has at least made some progress — Windows automatically sandboxes UWP applications and provides the Windows Sandbox utility for non-UWP applications.
*In macOS, all applications require user consent before accessing sensitive data, and all applications in the App Store are further sandboxed.
*All applications in ChromeOS are sandboxed regardless.

I have not created a false image of linux insecurity. I gave my points that tell the state of Linux security which are true unless proven otherwise.

This is an ad-hominem response and violation of the forum guidelines for wrong allegations that damage the integrity of others. Hence, I have flagged your post. I am not trying to fight.
I started this topic with a question. I did not get a satisfactory answer. I told that none of them answer my question. I added clarity to the question. And then this. I got alleged for causing a fight.
???

I did say Arch-based distros. Artix is probably the most secure arch-based distros as it clearly does not allow users to be part of sudoers or wheel. And it has it's own repositories so not dependent upon Arch - I would have stuck with Artix, had it not been for the fact that it does not have Canon listed in Printers. I did manage to install the printer driver using a bizarre command, but unable to print so that is why I am with Devuan.
These are all the groups I am a member of as a standard user:

image1920×1080 150 KB

By this statement, you can see that it is not a fallacy. How does one get to the point of being able to run the GUI on the desktop without going through Linux Security Checkpoints, first? Do you need to first log in with your password?
Please answer this question directly.
Once you answer it, you will see what I mean when I say that the system components work together as a whole, relying on the inherent security.
Just as my "airplane analogy" shows.

I did not ignore them, we never reached them.
We have been halted at the constant back-and-forth of who said what.
Yes, I will say this yet again:
ALL Operating Systems have vulnerabilities. And to this end, All O.S.'s occasionally are reviewed to see what can be done about it.
This in itself, does not mean that Linux is "inherently insecure."

I never said that they were dependencies.
It does not matter in any way, whatsoever, whether or not X11 was developed alongside, for, with or to SUDO, UFW, or any other example. The only thing that matters is how they are applied in a Working Desktop Today.
It is not misinformation. It is 100% Accurate Information.

I understand that it is not always so easy to know what an Ad Hom attack is and what isn't.
Allow me to explain:
An Ad Hominem attack is when a person tries to refute the points you make in the debate by attacking your character. For example, "You are wrong about Linux Security because you're too intellectually deficient to understand it" < This would be an Ad Hominem attack.
Noting that your pattern of behavior in thread that disregards a refutation, then repeats your initial claim as though it was not refuted; then even goes so far as to claim I spoke as Supportive of your claim when I had not - is not an ad hom, it is an observation about your actions. It does not base the merit of the debate or the thread on your personal character; Instead it expresses that it is difficult to discuss the topic due to your behavior.

No one can ever prove a negative. Nor can you assume that any old claim is true unless "proven false."
The onus is on you to support your claims with merit, not to simply assume it to be true and then demand that others prove you wrong.
"I have an invisible elf on my shoulder. Prove me wrong." (Any attempt would be an effort in futility.)

The processor argument comes into the discussion because Macs use Intel Processors (Perhaps they should have stuck with Motorola processors!) and meltdown was cross platform, apart from AMD processors which suffered from Spectre. I don't know if Intel speed-step exists on Macs but that is yet another security issue that has been around for at least 10 years and only relatively recently been acknowledged.

The reddit thread in question was a mixture of facts, false claims, and opinions.

There is an almost inifinite amount of variables that come into play with operating system security. That is further complicated by flaws and vulnerabilities in hardware, software, libraries used by programming languages and so on and so on.

To have a proper discussion about it you first need to clearly define what is being discussed / debated. That was never done. It was all over the place.

Having " link wars " where all you do is post link after link in response to links posted by others gets you nowhere in the end. You can always find at the bare minimum thousands of posts that support your claim or sound good.

The OP in this thread linked to what he called a blog post that won him over about Apple security. That was marketing material from Apple and not what I would call a blog post.

Linux, Apple , and Microsoft are all concerned about security. Microsoft and Apple have faced additional challenges by having to maintain ease of use / convenience while keeping their products secure as possible. All the systems know there is room for improvement.

I think that products such as SilverBlue from Fedora and MicroOS from Suse will receive more attention in the coming years. The use of an immutable file system would have a big impact on Linux security as well as stability.

DJ Ware recently did a video on Is Ubuntu more secure than Debian

I hope people that watch the video are able to learn from his approach.

All are creative videos. Suberb

Forgot as i have stated elsewhere in the past - OS's are written by humans so won't be secure. OS's written by AI would be the most secure - you just wouldn't be able to access them!

A most strange system. The only winning strategy is not to access.
How about a nice game of Chess?

Macs use their own chips now called the M1, M1 pro and the M1 max. Intel processors are no longer included in macs since 2020.

Yes you do. You can't use your computer unless you log into the desktop and therefore I don't see how this argument stands straight. You can't even use cli apps unless you login either in your personal user account or the root account or a dummy account like in a live session via USB. Once you login, an un-sandboxed app can then freely interact with your desktop and can access all files and folders, unless you change permissions, which you can't do in traditional packaging formats.

Then it was wrong of you to say that I never provided proofs of what I claimed.

And I did that very well. I added links to support my points and my points were well explained as well.

Easy hit a stone in that general direction. It is bound to hit the elf unless it is minuscule in size

Yes - you must Log In using your Security password.
You must address how "interact freely" gets past the users password credentials given that the user must input their credentials prior to using the desktop.

You have not supported your argument - at all.

You posted links that address the fact that All OS's continually examine how to address security concerns.
This does not demonstrate, in any fashion - that Linux is Insecure. It also does not show that Mac is clearly More Secure.
The most you have done is post a Reddit post where some-guy-on-the-internet said some stuff that doesn't actually make sense or add up.

My elf dodged your stone.
Moreover, not only may the elf dodge, but even if you strike with the rock- this will not "prove me wrong" - a stone may have struck an unknown invisible object but this does not show that it was, in fact, an invisible ELF* that it struck.
Simply put - you cannot "Prove that something isn't there."
You cannot prove a negative. You can only provide evidence that something is true, likely or present.
Even your Stone Throw attempt was not an effort to prove there is no Elf but an attempt to try to show that it is there.

The posts are long and I get it that it's easy to miss a line or two.

To add even more clarity. There are three kinds of vulnerabilities.

1. Malwares and dangerous scripts: These are results of user negligence and is common to all Operating Systems.
2. Vulnerabilities in the code: Also common to all Operating Systems. Severity varies time to time but the get patched almost immediately after spotted.
3. Vulnerabilities in the system of things: This is the one I am talking of in particular. When the way things are done or to be precise the system of doing things is flawed. The only way to fix it is by replacing it completely with a new system. In Linux this is way too common than other operating systems and even the transition is not smooth.

The Pop!_OS switch to Pipewire, broke my speakers. Things in Wayland don't work properly. For example the cursor is not visible when I am playing CS:GO when I am logged into wayland. The startup time of an app after cold boot is too long if the app is a flatpak or a snap. Even the permissions are not set properly. For example, after you install WPS Office snap, you must also give it printing permissions and most other communication apps like discord and telegram can't upload or download from/to a user file unless given the permission.

No security concerns with Pipewire though.