Joel Rees: >> He told me to use Ubuntu instead. He explained that with the fact, >> that Ubuntu has more security features enabled than Debian (also >> more compiler flags for security) in a fresh install. He gave me a >> link to the following site: >> https://wiki.ubuntu.com/Security/Features >> > > That's a good list of all the currently fashionable "security" > features for Linux. Some of the items in the list are meaningful, > some are not. Most might be if you know what you are doing with them. > None of the meaningful items in that list are unavailable on Debian, > and the defaults are reasonably secure in Debian.
The problem is, that Debian lacks a page similar to: https://wiki.ubuntu.com/Security/Features As you can see, that https://wiki.ubuntu.com/Security/Features page looks impressive to new users. I guess Debian is losing a few users to Ubuntu, because Debian does not have such a page. > This will be an issue with any OS you > choose, even seriously secure OSses like openBSD. Is OpenBSD a seriously secure OS? Last time I checked, OpenBSD didn't provide signed packages for the package manager by default. Using OpenBSD signed packages for updating only seemed ridiculously complicated. http://www.openbsd.org/faq/faq1.html: "OpenBSD is thought of by many security professionals as the most secure UNIX-like operating system" Well, for experts eventually, not for normal users! And I am wondering which security professionals they are quoting and from when these quotes are. > Do not surf the web as root or as any administrator login id, of > course. > > Speaking of admin login ids, it's a good idea to have one non-root > login id that you only use for administrative tasks. And you should > avoid getting onto the web when logged in with the admin id. Which > means you need another id for general use, which makes two strong > passwords, three if you allow root login. After reading the following blog post http://theinvisiblethings.blogspot.fr/2011/04/linux-security-circus-on-gui-isolation.html it seems to me, that user account level isolation isn't very strong. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53774bb8.9020...@riseup.net