Qubes
Yes, its technically a “Xen Distro”, but the qubes themselves are linux VMs.
“Linux is less secure than Windows” is a very misleading statement at best. For the following rationale below, I would say pretty much any Linux distro is more secure than Windows in practice:
While yes, its just somewhat more easy (likely) for exploit brokers to find bugs like local privilege escalation (LPE) exploits or sandbox escapes for standard Linux desktops than it is Windows. While this might mean for an APT buying exploits, that a linux LPE exploit might cost a few thousand dollars more to buy than LPE for windows, it doesn’t equal out to much if they already stockpiled exploits for most systems.
If your threat model includes some government APT or spyware company, or even a well-resourced criminal organization, whether or not you use Fedora or Ubuntu will seldom matter; they will most likely attempt to deliver 0-day or N-day exploits through your browser, or by redirecting traffic or sending you an infected file through social engineering. The issue is that the most threatening organizations just develop or purchase arsenals of exploits to ensure they have coverage against a variety of browsers, OSes, kernels etc.
Look at this table and ask yourself, how much it would it cost to compromise your computer?
Indeed, against well-resourced adversaries, your best options are to:
- Hide, resisting fingerprinting and advertising if possible,to prevent them from having a vector to deliver malware to you in the first place.
- Compartmentalize, with either VMs or seperate computers, to prevent an adversary from compromising all of your activity,
- Be Amnesic, with either disposable qubes, VM snapshots, or live OSes to prevent a compromise from lasting
Some OSes may include exploit mitigations that prevent LPE in some cases, but how much does this matter to the regular user,? Relevant xkcd:
If you’re not following a security by compartmentalization approach that Qubes does, even if you have a very secure kernel, and the attacker executes their malware on your device through a more vulnerable program (i.e. browser, video player, PDF file reader), this is already a catastrophic scenario for most users. If an decently sophisticated adversary managed to run arbitrary code on your device, not in the bounds of a sandbox or VM, then whether or not you have X11 or Wayland probably doesn’t matter; you’re already hosed.
In summary, this is why most Linux’s weaker kernel security may not matter at all against well-resourced adversaries.
In fact, Linux has three strong security advantages over Windows:
- Low attack surface (less bloatware)
- Lack of telemetry and forced advertising
- Reliance on centralized, vetted software repository
1: For one of the most disastrous mass compromises of windows devices happened because Windows turns its printing services on by default., unlike a lot of Linux distros. Pre-installed such as Outlook, file transfer services, remote desktop services introduce unnecessary vulnerabilities if they aren’t needed.
2: Windows is very aggressive with pushing advertising on its users, which assists criminals with delivering malware to specific individuals. If you’re targeted by an ISP-level adversary, Windows’ telemetry can uniquely identify you by your traffic alone, which will assist the adversary in delivering malware to you. With Linux, not only do you usually lack telemetry, you can even easily modify your OS to route itself through Tor (whonix), or through a VPN, etc. While of course, privacy !=
security, in practice, denying a resourced adversary the ability to identify/fingerprint your can largely interfere with their ability to exploit your computer.
- Linux’s reliance on vetted repositories rather than the Window’s approach of finding most software on random websites is one of the primary reasons why Linux users far are less likely to be compromised. This security benefit is what matters to most users who are concerned with unsophisticated criminals rather than powerful APTs. Convincing users to install malware by duplicating legitimate websites or social engineering is one of the most common, and simple ways Windows users are infected, but this rarely happens with most Linux distros (or iOS). After all, it is far safer for a regular user to type “sudo dnf install libreoffice” than to try to find and download OpenOffice from a website that may or may not be real.
In practice hese issues specific to Windows are far more likely to get you compromised than the Linux kernel’s lack of certain security features.