Safest OS from your experience

Hello ,

Have been looking stable , safe and OS

( basically for: businesses , banking and safe communication)

From Free OS have found that Tails OS works quite well but it goes through TOR and TOR doesint support such programs as Skype ( of course skype isint safe communication way)

Maybe somebody have tried or know similar products to:

Black Box Laptop OS

http://www.pi-products.nl/pi-products/PDF/Secure Communication/Secure Computers/blackbox.pdf

 

i dont go with unknown OS best safest for me which are backed my biggies like open suse redhat Canonical....etc

for banking i have used scientific linux and Ubuntu so far

also you can consider LPS but i didnt try it yet

 

Any one you choose.
Mrk

 

Another stunning post by Mrkvonic. Bravo.

Anyways...

Chromium OS is very safe. You can set up most Linux distros to be quite safe, I highly suggest NoScript with Firefox if you're going to be doing banking.

 

have tried LPS , Cyber Shield and few others , Tails OS looks better

this one have quite good test http://ip-check.info/?lang=en


Im using PCBSD Mozila and No script but getting lots of reds in this test , PCBSD needs VPN service

Anyway safe OS should from live CD or USB ,so I didint find anything better that is for free than Tails OS

Im interested in that Blackbox laptop but it costs near 4700 EUR, as I understood that is a price for unlimited VPN service as well. Have sent them a letter did-int got response yet.

 

From a purely practical standpoint, I think Linux wins by a wide margin.

- Software repos make updating software easier

- Updates are applied locally faster than on Windows

- Package management is generally more convenient than on UNIX

- More applications are compiled natively for 64-bit processors (and so can take advantage of improved memory protection mechanisms)

- Desktop usage is still very low, so malware is uncommon

However, you should still take some basic precautions. A badly configured Linux desktop will be insecure, and some distros (e.g. Mint) have terrible default configurations.

- Make sure Samba, FTP, and other listening services are turned off on a desktop or laptop; same with SSH if you don't actually use it. If you do use SSH, it should be set to require login by public key, and never by plaintext password!

- Use a password manager. Yes, really. I cannot begin to tell you how incredibly useful and important these things are. Any decent GPG frontend can also work as a password encryption tool, and tools like pwgen can produce decent passwords. Or you could use KeepassX for a really complete, cross-platform solution.

- Use Chrome/Chromium if possible, or Firefox with Noscript. At the least, enable click-to-play for plugins, to avoid automatic pwnage.

- Use an inbound iptables firewall, in case some stupid program decides to open a listening port without notifying you.

For Mint this probably isn't enough, because there are other insecure settings... I'd recommend avoiding that distro altogether actually.

 

Although I don't understand them all, Ubuntu and its derivatives look to be fortified with a good number of security measures...

https://wiki.ubuntu.com/Security/Features

Any of these default Ubuntu-based installs can be secured rather easily. The information's readily available all over the 'net. Anyone willing to learn can take things a big step further and Apparmor their browser at least. Actually, Chromium and Firefox already have profiles available for them, although I don't know how well they secure the browsers as compared to a carefully configured customized profile.

 

i disagree with you mrk on this all linux are not safe.............for example anonymous OS said to be hidden rootkit in it

 

most serious servers runs on unix , but its a little bit difficult with unix desktop , Im using PCBSD it is quite stable and safe has lots off programs , but configuration is more difficult for specific tasks, this is for everyday work.

But for real security OS should run from Live CD / USB device with restricted modification , so no one could modify or add new files to configuration.

Also it depends from PC hardware and internet router/firewall

As for big OS distribution like Windows , Ubuntu , Mac... serious hackers know their way around , even Java and Flash player are serious threats...

didint try this one yet http://www.ipredia.org/

 

hi
Safe about what?
If this terminology is related to an infection time survey, then any MS alternative is enough.
There is already hardened and security focused OS and distributions available, that have been discussed many times on this area (even if a specific thread is welcome).
At last, an exotic OS provides less career opportunities for malwares, but client/server side attacks remains the same due to cross platform languages and protocols.
kernel virtualization is currently in vogue for military grade OS.
Then, it is not difficult to build his own Safe OS, by choosing the right OS or distro, and extra security/privacy features like hardware encryption and VPN...

And why not an instant on OS?
http://wiki.mandriva.com/en/Mandriva_InstantOn
http://event.msi.com/mb/winki/index.html

Rgds

 

Would a Linux LiveCD running outside of Windows XP and used exclusively for financial transactions be as/more safe than a properly configured Linux install ?

 

Hi John Smith Junior,

You mjght want to investigate/try the Qubes OS.

-- Tom

 

Not to nit pick, but what about Chrome OS?

 

Chrome OS gives you Google's propensity to snoop.

-- Tom

 

I don't know if there are any rips of ChromeOS online, so you'd have to be a Chromebook. ChromiumOS is free.

 

Would it be fair to say that Chromium OS is better with privacy and Chrome OS is better with security, since a Chromebook includes the full suite of security features such as verified boot?

 

I would consider them about equal, but only one is available to the general public.

 

not really, since is an majors in the market and knows NSA well even decent hackers are able to crack gmail... so OS could have an backdoor

http://news.cnet.com/8301-13578_3-5...ch-firms-over-prism-says-latest-snowden-leak/

http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet

have found interesting mail option www.valeso.com

 

Only live bootable OS and if you are using flash drive rather than a CD it should have manual write protection button

Linux on hard disk also not the best choice , main OS should be safe as possible from modifications and updated with prepared update packs

 

two more options :

http://www.lynuxworks.com/virtualization/secure-client-virtualization.php

http://www.ghs.com/WhyChooseGreenHills.html

 

Or on ubuntu you can press F6> add the command toram
and the live cd installs to ram and runs from it, same can be done with a usb flash drive and then the flash removed.

I feel live cds are best, no hdd even in the system to recover any files or data from. Only when its logged in and running would it pose an issue, a good kill switch or perhaps I am unsure of this if there is an option to lock the system without password may help!

 

hi
Regarding GreenHill and LynuxWorks OS, they are mostly RTOS, different from desktop OS http://en.wikipedia.org/wiki/Real-time_operating_system
Polyxene uses the same architecture http://www.polyxene.com/secure-operating-system.aspx

For more information, Qubes leader developper provides interesting answer and info on his blog
http://theinvisiblethings.blogspot....howComment=1347126709621#c4893499838894776599

http://theinvisiblethings.blogspot.fr/2012/09/how-is-qubes-os-different-from.html

With Fortress linux ( https://www.fortresslinux.org/ ), the Joanna baby is the most interesting project of Secure OS available for those who are looking for the Graal of Safest OS...even if this Graal, by experience, appears to me as a dead end...

Rgds

 

Fortress Linux seams to be serious but why everybody use linux not unix ?

Im using an PCBSD (unix) is not going through vpn by default or something but is really hard to break down harder than linux

 

thanks, that fortress linux looks great an os built with privacy and security to mind, but can't see much info on its privacy features.

Does PCBSD built for privacy ie logs and security ?

 

Lots of serious servers are build on FreeBSD so by itself PCBSD has a good background also Tor (Tork) Open VPN are available to use but its difficult to configure

PCBSD goal is to built OS for for more advanced user and after get it done for simple user I have already wrote to them to make some security levels that it would be possible to choose on the boot , like using VPN I2P or TOR as standard modes