The Myth of Linux Security: What You Need to Know About Choosing Your Linux Workstation Distro
When friends and colleagues see me running Linux, it often comes with the question or statement:
Is it because Linux is more secure?
Is that even the case though?
While this is a common assumption, it’s important to understand that the security of Linux is more nuanced than that. In fact, while there are certainly security advantages to running Linux, there are also some challenges that can make it less secure for new users than recent version of MacOS or Windows even. In this blog post, we’ll explore some of the security features of modern Linux distributions and provide recommendations for choosing then running a secure Linux workstation.
What contributes to making an OS secure - and any OS?
So, what makes an operating system secure? Here are a few key factors to consider:
- Vetted OS code: It’s important that the code of your operating system has been thoroughly reviewed and tested for security vulnerabilities.
- Sandboxing: Sandboxing is a security technique that isolates applications and services from each other, making it more difficult for malware to spread.
- Code signing: Code signing verifies the authenticity of the software you’re running, preventing tampering or hacking.
- System protection: System protection features, such as secure boot, help prevent malware from taking over your system at low level.
- Malware protection: Windows and now MacOS operating systems come with malware protection built-in. This arguably makes it more difficult for malicious software to infect your system - at least with less advanced threats.
One of the strengths of Linux is that you can customize your OS into a distro that meet your specific needs: choose your desktop environment, how your system starts programs, etc. You can piece together different open-source software components to a unique system.
However, the downside of this flexibility is that many smaller distros ignore or overlook security elements listed above, leaving users vulnerable.
How do we choose then?
Key recommendations about Linux
Now that we have identified a few key elements helping to make an operating system secure, let’s take a closer look at the security features of modern Linux distributions and how they match-up.
Top Linux distros now come with built-in security features such as sandboxing, code signing, and malware protection. These features can significantly harden your system and make it more difficult for attackers to compromise it.
However, not all Linux distributions are created equal. A large number don’t incorporate, and sometimes even remove from the upstream project some of the aformention security features, meaning some distros end up being much more secure than others.
To be reasonably secure, it’s important to keep in mind a few key recommendations :
- Avoid first and second cousins: i.e. distributions that are closely based on another distribution and customize its core components and packages. Sub-generation Linux distributions are more likely to have security vulnerabilities and outdated software. They are heavily customized at times, with little code review compared to the upstrem project. It’s best to stick with mainstream, more established distros.
- If you’re a high-profile individual (journalist, politician, tech or crypto founder, etc.), use Qubes OS: Qubes OS is a highly secure Linux distribution that primarily focus on security, at the expense of convenience and usability if need be. It leverages virtualization to isolate applications and services; in practice, you are effectively running a hypervisor and split your activities based on their purpose and risk (email, web browsing, etc.), making it much harder for attackers to compromise your system.
- SELinux, AppArmor, and immutability: Pick a distro that is immutable and/or has SELinux or AppArmor enforcing by default, and don’t turn it off!
Immutable distros prevent changes to the core operating system, making it more difficult for attackers to install malware.
SELinux and AppArmor are also powerful security tools that provide an additional layer of protection. When well configured, they siginificantly elevate the bar to exploiting vulnerabilities by preventing apps and software to act outside of the scope it is intended to. Mainstream distros - such as Fedora - usually come with an extensive list of SELinux profile shipped-in.
Some distros such as Silverblue combine both immutability and SELinux. - Install third-party software from trusted repos only: it’s worth noting that third-party software packages can also introduce security vulnerabilities. Before installing any software, it’s important to review the package’s security reputation and verify that it’s signed by a trusted source. A good practice is to stick with software available in the official repositories of your distribution, as they have been vetted by the distribution maintainers for security and compatibility issues. However, if you do need to install software from outside sources, always make sure to verify its authenticity and favour sandboxed packaging formats such as Flatpaks or Snaps.
Beware that Flatpaks / Snaps are not always shipped by the official app maintainer and you obviously should be checking that it is before installating one. - Follow the Linux Foundation guide on securing a Linux workstation: the Linux Foundation provides a fantastic checklist, […] aimed at teams of systems administrators who use Linux workstations to access and manage your project’s IT infrastructure Absolutely something to go through when setting up your own systems.
Last words
So, what to look for?
When choosing a Linux distribution for a secure workstation, consider its security features and notoriety. Look for distros like Fedora, OpenSUSE, Ubuntu, and Debian, which ship with immutable or hardened kernels, SELinux or AppArmor enforcement, and secure boot.
While Arch Linux offers customization and lightweight profiles, it’s harder to get right and may not be recommended for beginners and production use.
Smaller distros may also be attractive, but they often lack robust security features and community support, so it’s best to avoid them for production use.
Last, remember that ultimately, security is a practice.