Regular readers probably already know this, but the main consideration that persuaded me to try Linux was security. With the many devastating breaches and unsettling privacy encroachments revealed in the past few years, I wanted to take control my digital life.
My journey enriched my digital life in many other ways, some of which I’ve related in previous columns. In this installment, I want to pay special attention to that first pivotal step I took by discussing the distinct advantages Linux provides to the security-minded. Digital security may be a lifelong pursuit, but I hope that by sharing my experience, I can encourage others to appreciate the basics.
Crowdsourcing Security
Meaningful security is more than an app or an operating system. It’s a mindset. While I will highlight some security tools Linux offers, by themselves they will not make you or anyone more secure. Security requires trade-offs in convenience, so these tools are not recommended as “daily drivers.” Only you can determine your ideal balance point.
Perhaps the single greatest strength of Linux is that it is one of the few open source operating systems, and among the most widely developed.
“But wait,” you might ask, “wouldn’t releasing the source code make a system less secure?”
Framing open source software as secure understandably confuses people, but a close look reveals why that is true. When source code is published online (the defining convention of open source software), it could allow an attacker to locate weaknesses. However, in practice it allows many more observers to identify and disclose bugs to the developers for patching.
On the whole, most people who find vulnerabilities want to get them fixed, and presenting the code for anyone to view allows many more security professionals to participate in the process, making the final product that much better. It’s crowdsourcing applied to digital security.
Because Linux is a whole open source OS, practically every snippet of code running on your hardware is subjected to this crowdsourced analysis. As such, it is one of the only OSes that has been proven to be reasonably secure. Because Windows or macOS code is not publicly available, users have to rely on their developers — and only those developers — to catch every error. They also must be trusted never to do anything malicious on purpose.
Two Security Heavy-Hitters
All Linux distributions benefit from open source development, because the sheer number of eyes on the code gives them the edge over commercial OSes. However, there are some that are locked down even tighter than the average distribution.
One of the more specialized of these is Tails, which stands for “The Amnesic Incognito Live System.” In fact, it’s so locked down that you can’t even install it on your computer — you have to boot it live from a USB drive.
Once up and running, Tails doesn’t let you save any files unless you create an encrypted stash on the same USB drive (and even then it tries to discourage doing so). It routes all your Internet connections through an anonymity network so your online activity isn’t pinned to you.
Possibly the coolest feature of any OS, if a user fears being physically monitored, is the ability to yank the USB, immediately shutting down the system. Because it is a purely live-boot system, once you shut it down, there’s no trace of your Tails session on your hardware.
The spirit underlying these and other safeguards — such as the copious dialog boxes preempting relatively risky operations — is that Tails wants to make bad user decisions hard to make.
For instance, you can’t contract a virus if you can’t download files, and sensitive browsing can’t be associated with you if you’re anonymous. Nothing, however — not even Tails — can save users from themselves completely. If you open up Tails’ browser and log into your Facebook, for example, all the anonymity technology in the world won’t keep you from outing yourself. Still, Tails represents a significant step up compared to mainstream Linux distributions.
QubesOS adopts an equally meticulous security model, but from a different angle. Instead of keeping all your activity separate from your permanent system (by live-booting), QubesOS replaces your permanent system and keeps every bit of activity on it separate from the others.
It does this by using the power of virtual machines, little software-simulated computers (guests) running on a hardware-installed computer (host), to initiate and contain every app in a virtual machine.
Unlike with traditional VMs, which require all the time and resources to boot as non-virtual operating systems, VMs in QubesOS are extremely lightweight and boot up at the launch of an app in the same time as normal system would take to open the app. All the user sees is the app, but behind it is an entirely simulated guest computer.
Depending on the software, its VM is given more or less access to actual system resources, but each one still thinks it’s the only one running on its own system. That way, even if an app is exploited, it would compromise only the tiny simulated guest, leaving the host (and other guests) unaffected. The result is a system that feels natural, but packs powerful isolation operating smoothly under the hood.
The major drawback to this model is that users need enough expertise to know which privileges to give which software. Unlike with Tails, which implicitly distrusts the user and as a result locks down all software as much as possible, QubesOS assumes skilled users, trusting them with choosing security templates for each app and, most crucially, updating and implementing them properly.
Whereas Tails second-guesses every settings change, QubesOS won’t save you if you give your browser the run of your system. However, QubesOS’ hands-on approach allows users to tailor security to their needs in a way Tails can’t. Only in QubesOS can you plug in a USB you know is infected and watch the malware impotently thrash in a completely unprivileged guest container.
Of the two distributions, if you’re looking to experience hyper-secure computing, Tails offers the gentlest introduction, since by design there are no consequences for your installed operating system.
Admittedly, neither operating system is meant for common use cases, but it is important to appreciate the full range of options at users’ disposal. It speaks to the versatility of Linux that two of the most cutting-edge security projects are based on it, and it empowers all users to know that the choice to secure their digital lives is one that’s within their reach.