Which is better between Macos and Fedora Workstation (KDE)?
My main concern is someone hacking me through malicious files (pdf, office docs) and through the browser.
I have never used Macos so i know only a little bit about its security features but i know that on Fedora i can use a pdf viewer, office program as flatpak for sandboxing and Selinux provides some protection for the kernel if my Browser is compromised. What about Macos?
I read that on Macos apps are sandboxed. Does that include the browser? Like if i install Brave browser or Firefox thorugh the App store will i get any additional sandbox besides the browser sandbox itself?
What about opening pdf and office docs on Macos? Is the default app for opening those files sandboxed?
Mac’s are superior when it comes to security and all the options it offers.
If this is your concern, I highly recommend checking out QubesOS too. It is infamous for incompatibility with a lot of hardware but when it works, it works really well for what it is and supposed to do for your security.
Installing these apps from the app store on the Mac is not possible. They are not available on there. But yes, otherwise, Mac App Store apps are technically ideally the best way to install apps. But that also means Apple knowing what software you use.
Without a clear threat model, it’s quite challenging to make effective recommendations. One of the best options would be Qubes, but it may not be particularly useful for the average user.
Use secureblue if you want good security with minor drawbacks.
I don’t think knowing details of a threat model is necessary here. OP is asking about a particular concern that appears to be threat model independent. Suggested solutions should do the trick.
If you are actually at risk of targeted attacks, simply picking the “most secure” desktop OS from the options you listed will not protect you from more sophisticated attackers.
Yes. macOS apps can be sandboxed. All apps from the App Store is sandboxed. If you get apps from other sources, you have to check them manually.
Only Safari uses macOS’s sandboxing feature, which can be hardened with Lockdown Mode. Other browsers implement their own sandbox. Also, please stay away from Firefox if you worry about this attack vector.
Yes. In addition, Microsoft Office and Libre Office, when downloaded from the App Store, is also sandboxed.
I don’t know about your level of tech, but for macOS’s firmware-level security, you can consult Apple Platform Security Crash Course written by the team behind Asahi Linux.
Other than macOS, you can also consider Qubes OS. But you shouldn’t think that Qubes OS is secure by default.