Maybe someone with more knowledge than me can explain - flatpaks seem way more secure than anything you would ever install in Windows by a long shot. It's also fairly trivial for me (and I'm by no means a hardcore user) to use a completely immutable version of linux such as Silverblue. The other complaints in these links also seem suspect. If the Linux kernel is insecure due to it being monolithic doesn't that make ChromeOS just as insecure? What about android? What about the "96.3% of the top one million web servers [that] are running Linux"?
Also there's something to be said for security through obscurity. My bet is I could go through my entire junk mail folder opening all attachments on Linux without a problem, but it'd take me less than 10 on windows to be fully owned. If you're careful on Linux aren't you far, far safer than if you're careful on Windows?
Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.
This includes Gimp, VSCode, PyCharm, Octave, Inkscape, Steam, Audacity, VLC, ...
To make matters worse, the users are misled to believe the apps run sandboxed. For all these apps flatpak shows a reassuring "sandbox" icon when installing the app (things do not get much better even when installing in the command line - you need to know flatpak internals to understand the warnings).
I guess I just don't buy it completely. Given that I myself have had a hard time giving permission to Flatpak to access even an unimportant network drive (Flatseal is a godsend for giving/denying permissions in any way you please) while the same app on windows will happily write anything to C:\Windows\System32 , I feel like we're talking about entirely different beasts. But perhaps I'm naive. I also feel like there would be a very large vested interest in making people feel more unsafe in linux than they do in Windows/MacOS for obvious reasons.
And given that the version of Fedora I use is immutable and even I have a hard time messing with it to the point of pain/exploit with full access to the system (and I've tried for fun in VMs) I feel like a trusted flatpak app I download from a trusted source is going to have a damn near impossible time doing much of anything. While I feel like a simple website hack that serves me a bad .exe could/would cripple every single file it can find on my network on a Windows machine.
You're right. I'm entirely unconvinced by anyone in this thread on that Linux isn't still WAY safer all around.
You can come up with theoretical threats all day that Linux is susceptible to, sure.
But at the end of the day, there is not a single serious cloud company (or just about any tech company that isn't MS) genuinely looking at "we should switch to Windows or MacOS for the backbone of our company," And it's Linux that gets the downstream security that comes with that.
Flatpak permissions are very broad by default in most applications. Even if you manually override them by using Flatseal, some permissions like X.org or PulseAudio sockets are very problematic because these legacy protocols are not designed to be secure. Even if you manage to lock down permissions and only use modern apps that support Wayland and Pipewire, the Flatpak sandbox still exposes a lot of kernel attack surface because it blocks very few syscalls. I think they should add something similar to Win32k lockdown (ProcessSystemCallDisablePolicy) on Windows and disable insecure components like io_uring.
As for immutable distros, AFAIK Silverblue and others are immutable in the sense of package management, but there is actually no process to ensure the integrity of the full boot chain because initrd can be trivially modified by the host and is unsigned. There is a UKI (Unified Kernel Image) proposal that will likely be the path going forward (at least on the Red Hat world), but I think it's still years away.
In my opinion, if you want to use Linux desktop securely, just use Qubes.
I fully agree with using Qubes, but I also think for most people in most cases that's akin to putting a bank vault door on the front of your house. I guess the question I would ask is: gun to your head you have a choice between running a random Setup.exe in Windows, a .sh/.deb/.rpm in linux, or a Flatpak. Which one are you choosing? 10/10 times I'm choosing the Flatpak myself. It might not be perfect, but it does seem better than most alternatives everyone uses all day every day.
> for most people in most cases that's akin to putting a bank vault door on the front of your house
If we are talking about a device in which you do banking, shopping, manage sensitive or work data, etc. then I think security should be a priority. For more casual use, I agree Qubes would be overkill.
> Which one are you choosing?
I'd rather execute Setup.exe inside Windows Sandbox or denying UAC prompts, or a random macOS binary (provided SIP is not disabled) than a Flatpak. To be clear, I think Flatpak is an improvement, I'm glad it exists and I hope it continues evolving. But in my opinion, the Linux desktop still has a long way to catch up to Windows and macOS on security.
Compared to the other desktop operating systems (Windows and macOS), it absolutely is. It might have other advantages, but security is not one of them, and users should be aware.
huh? Linux security is is soo annoying it won't let other apps spy on key strokes so no way to have push to talk or have OBS on a keybinding.... mean while on windows all apps are key loggers
A brief summary: No trusted boot, no clear security boundaries between system and applications, no application sandboxing, lack of mitigations (both on kernel and userspace), large kernel attack surface, insecure-by-design legacy systems (X, PulseAudio). Windows and macOS perform comparatively better on all of those.
Again, you're talking about a ton of mostly theoretical problems that haven't caused much in the way of widespread problems, which to me don't come close to the following fact:
No serious cloud, perhaps tech generally, company, is like "We're switching to Windows/MacOS to run the backbone tech of what we do."
That's Linux, and Linux will get the downstream security benefits of that. Given actual, real life history, I trust this far more than those other two, especially Windows, which just shat the bed ALL THE TIME. Your real life track record is far more reliable that a parade of imaginary horribles, even when they may be little things that only are on the Desktop.
>No serious cloud, perhaps tech generally, company, is like "We're switching to Windows/MacOS to run the backbone tech of what we do."
True, but it is also true that practically all the other companies, governments and NGOs in the world--the ones that do not have providing services over the internet as one of their core competencies--chose Windows and keep on choosing Windows.
There are strong economic incentives that keeps an OS or other piece of infrastructure dominant for decades once it becomes dominant in some sector of the economy--if that piece of infrastructure requires many specialists for its deployment and maintenance--even when that piece of infrastructure has major problems if a hobbyist or an individual were to install that piece of infrastructure on their personal computer.
>Linux will get the downstream security benefits of that.
Linux would be able to derive security benefits from that if Linus cared, but a reading of his writings on the subject reveals that he does not care much about security.
I'm using Linux to write these words--a distro I chose and installed. I am however aware that because I'm using Linux, it is significantly easier to pwn me than it would be if I were using iOS, Android, ChromeOS, MacOS or Windows, which used to be a joke security-wise in the 1990s, but which has become much better security-wise.
Actually I believe that Qubes is pretty good security-wise, but it is the only Linux distro that is.
I have no reasonable basis to believe your "Linux is easier to pwn" argument.
Saying that all those other non-techy big things "choose Windows" is a really stretchy definition of "choose." It's been long enough, we know the story, robber baron Bill Gates was able to jump ahead and cement Windows mindshare. It is what it is.
Again, I don't get what you're relying on when you say "desktop linux is the worst?" Sure, windows claims to be better, etc. But, and here's the important part, they've ALWAYS been cagey. You just can't ever REALLY know.
Now on the Linux side, sure -- there are lots of visible issues. That's good, because they are visible.
No one knows "all the code," and more importantly, no one can easily predict what Windows (and perhaps Apple) will do tomorrow to screw up the desktop, but we know they have the capacity to.
No thanks, I'll trust the thing that doesn't come with such possible arbitrary baggage.
>robber baron Bill Gates was able to jump ahead and cement Windows mindshare.
I agree and that is one of the thing I meant by my "strong economic incentives that keeps an OS or other piece of infrastructure dominant for decades". But Linux retains its niche in internet services the same way!
Linux became dominant in internet services in the 1990s when the only alternative was Windows (and unlike today, in the 1990s Windows was no more secure than Linux). Apple wasn't even trying to compete in this market (or in the "enterprise" market that Microsoft has dominated since the 1990s): there a nice transcript about an internal meeting at Apple where Jobs tells some engineer that Apple sells its products to consumers and if he want to learn how to sell to IT departments, he should go work for HP or something. The internet-services industry ended up using Linux on its server farms basically because in the 1990s, Microsoft didn't sufficiently appreciate the advantages of open-source licensing, so they ended up disqualifying themselves in the eyes of the Dot Coms.
Also, this conversation is about desktop Linux. What part of a typical Linux desktop (such as my Fedora Workstation install that I'm using to write these words) do you think runs on Google's servers? My guess is that it is just the kernel and a few libraries like libc. How dominant Linux is on servers at Google and Facebook has no bearing on the security qualities or lack thereof of all the other code (Wayland, Gnome, GTK, graphics drivers, media players, codecs, font and typography libraries) running on a typical Linux desktop.
