-3

This question will encompass several topics and may also include user opinion. Here is the question, and how I want you to qualify it:

 Question: What is the most "out-of-the-box" secure OS for a home user?

To qualify this, I would want you to answer the following:

  • How long is this OS supported for and can I do a rolling update?
  • Is this a desktop environment for a home user, or server side OS?
  • Does this OS come with pre-deployed security features? (Tor, EncFS File Manager as an example)
  • Is this OS only able to run in memory or can it be installed to the hard drive?

There are currently three main operating systems I am looking at for this:

  1. ParrotOS
  2. Kali Linux
  3. Tails

I understand that option 2 and 3 are not the appropriate solution for me. Also, I understand that almost any OS will work for me if I implement the appropriate security changes, such as:

  1. Secure traffic through the TOR network or use a VPN
  2. Encrypt your install drive when preparing the system
  3. Use secure storage such as EncFS

The reason this OS needs to be Linux however is that I am at point's end with all the scrutiny about Microsoft and their OS. I have recently upgraded to Windows 10 and have read several of the new "spying features" that have been included, such as:

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

I have used several Linux variants in the past and am comfortable enough to ditch Windows entirely for a Linux Distro. I have recently trialled several OS only to have the issue where the PC will not boot after I elect "Install XXXX", but this is another question.

Philipp
  • 48,867
  • 8
  • 127
  • 157
DankyNanky
  • 127
  • 1
  • 7
  • 4
    MS-DOS 3.0. Because it has no networking at all, and so prevents any kind of remote exploit of your computer. Basically, the most secure OS is one that doesn't let anyone, including you, do anything. – Mike Scott Oct 17 '15 at 06:17
  • 2
    This is a product recommendation question and it is [off-topic](http://security.stackexchange.com/help) –  Oct 17 '15 at 09:04
  • 2
    **Do not use Kali as your daily driver! It is extremely insecure**. Kali is only designed to make pentesting easier, not to protect you from compromise. That distro runs everything privileged by default and has many out-of-date exploitable executables all over. It gets security updates only very rarely. – forest May 20 '18 at 00:10

1 Answers1

1

You clearly need to take a look at QubesOS. This is a security oriented desktop OS based on the concept of Security by Compartmentalization. It has tons of security features which simply blows all the other mentioned out of the water.

  • Based on a secure bare-metal hypervisor (Xen)
  • Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
  • USB stacks and drivers sand-boxed in an unprivileged VM (currently experimental feature)
  • No networking code in the privileged domain (dom0)
  • All user applications run in “AppVMs,” lightweight VMs based on Linux
  • Centralized updates of all AppVMs based on the same template
  • Qubes GUI virtualization presents applications as if they were running locally
  • Qubes GUI provides isolation between apps sharing the same desktop
  • Secure system boot based (optional)
  • TorVM/WhonixVM
  • Can run seemless Windows VM
  • etc
northox
  • 1,403
  • 16
  • 26