Linux Distros For The Paranoid: What Are The Most Secure Distros?

tux big   Linux Distros For The Paranoid: What Are The Most Secure Distros?If you’re a Linux user, security was probably one of the benefits that made you switch from whatever operating system you were using before. Linux has a great reputation for being one tough nut to crack, and it lives up to that reputation daily.

Users don’t have to worry about viruses or other malware to the point where anti-virus tools made for Linux actually sniff out Windows viruses to help fight their spread. None of those viruses can affect Linux, and barely any are actually made for Linux. Even then, they will have a very tough time doing any damage.

However, when “secure” isn’t good enough, you will want the best of the best. With so many distributions out there in the world to choose from, there are plenty that focus specifically on hardcore security. But which are the most secure Linux distribution?

Tails

secure tails desktop   Linux Distros For The Paranoid: What Are The Most Secure Distros?

One distribution I can immediately recommend is Tails. Short for The Amnesic Incognito Live System, Tails is great because it remains extremely usable despite its focus on security. It also doesn’t just focus on a secure operating system, but it makes sure that everything you do on it is as secure as reasonably possible.

The distribution is based on Debian‘s stable branch, which is known for its great stability and security (although somewhat old software). It shouldn’t matter though if the software is older, as it should still do what you need it to do, safely. Tails only runs in a live environment, which is another good security feature because it completely wipes any traces on the computer you used once you shut down or restart.

Tails comes with a load of software to cater to every need you may have. This includes a customized Firefox browser (branded as Iceweasel because Tails is Debian-based) which uses the Tor network out-of-the-box. Firefox in Tails also includes other extensions to make browsing as secure as possible with HTTPS Everywhere and NoScript. Tails also comes with Claws Mail with OpenPGP support, Pidgin with OTR encryption support, and editing tools like GIMP and OpenOffice.

LPS

secure lps desktop   Linux Distros For The Paranoid: What Are The Most Secure Distros?

Another good distribution is Lightweight Portable Security, or LPS for short. This distribution is maintained by the US Air Force, and is as far as I know the only distribution coming from the American government (or in this case, military). It’s not uncommon for countries to produce their own Linux distributions, as China has Red Flag Linux and Turkey has Pardus.

This distribution is special because it takes a more minimalistic approach. Aside from the usual hardened code, it uses a lightweight desktop environment that resembles Windows XP, and only includes Firefox and a few additional tools. It also has an easy to use “Encryption Wizard” which can aid you in your quest for privacy and security.

Since this is a brainchild of the US Air Force, I would trust using it. Like Tails, it runs only in a live environment, and disappears along with any traces as soon as you shut down or reboot.

Surprise!

secure ubuntu desktop   Linux Distros For The Paranoid: What Are The Most Secure Distros?

Last but not least, your common run-of-the-mill distribution is also among the most secure. Surprised? You shouldn’t be. Although Ubuntu, Fedora, and the like aren’t equipped out-of-the-box to give you a secure experience like Tails is, the operating system itself is secure enough to satisfy most people’s needs. All you really need to do is keep it updated with available patches via the distribution’s Update Manager, and add some programs like Tor or OpenPGP that will make your usage a little more secure.

However, in terms of systems being compromised through attacks, your favorite distribution will do the job just fine. In fact, in a hacking competition, Windows and Mac OS X machines were defeated while an Ubuntu machine was still chugging away.

Conclusion

Of course there are plenty of other distributions that are worthy of a mention, but there are simply too many to name specifically. I might have also forgotten a few that definitely should be mentioned, but I’m sure you can remind me in the comments below. Just be aware that there is a difference between security distributions and secure distributions. Backtrack Linux is an example of a security distribution while the ones I mentioned above are secure distributions.

Do you regularly use secure distributions or software such as Tor? What have you been using so far? Let us know in the comments!

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

51 Comments -

Coffeeman

Well, IMHO I guess that you should have said something about Backtrack linux, which also can be run as a live environment.

Danny Stieben

Yes, Dominic is right.

If I did cover Backtrack, it would simply merge into the same category as my last point, as Backtrack then wouldn’t have any extra advantages over say Ubuntu because it’s a security distro and not a specifically secure distro.

Dominic

He did. “Just be aware that there is a difference between security distributions and secure distributions. Backtrack Linux is an example of a security distribution while the ones I mentioned above are secure distributions.”

This article was about secure distributions not security distributions.

Jason Maggard

So, it’s an article to tell us that “Linux” is secure?

And to be clear, it’s security by obscurity… 1.9% of users are on linux, hardly worth writing viruses for. They said the Mac didn’t get viruses… Until a month ago.

It’s not like there’s never been a Linux virus…

http://en.wikipedia.org/wiki/Linux_malware

John

You’re right about security by obscurity. Systems become even more susceptible with additional programs running. There was even the hack into Google’s Systems because at least a one person was running IE6.

Not sure what you meant about Mac virus and a month ago. Here’s a timeline of Mac OS viruses as early as 2004:

http://voices.yahoo.com/apple-mac-malware-truth-apple-does-not-want-you-5826696.html

Danny Stieben

Yes, I do say it’s secure. Not only through obscurity, but because all of the Linux viruses that have been made have done virtually no damage, as it’s extremely hard for them to run.

Trevor L

Totally agree with you Danny. Root access is key to compromising a Linux system unlike the swiss cheese like security of a Windows system. Jason, who said Mac doesn’t get viruses? Apple thats who, why would they say that? Because they just want to sell computers. Anything can be cracked or hacked given enough knowledge and time.

Danny Stieben

Exactly. Mac OS X is still better (IMO) than Windows, but Linux is overall the best.

Bruce Epper

OpenBSD is probably still the best option for a secure OS.

KELVORG

A US Air Force Linux Distro is NOT for paranoid people. Is like trusting your privacy to the government.

Danny Stieben

I suppose you could say that, but if it’s not secure, why would the Air Force use it?

michel

boy, you’re really innocent. They would use it to track people who use it.

Trevor L

That is exactly what they are doing! It’s not like they can’t pull your IP at anytime they want or something far easier than convincing people to install a custom Linux distro. But just to be safe stay away from this, they’ll be watching…

Danny Stieben

Hahaha, if you guys insist…

Bruce Epper

You also need to remember that this was created for the Air Force road warriors usage as well. Do you really think they would compromise the system they want their laptop users to utilize while on the road? Really, think about it.

Danny Stieben

Thanks, Bruce! That was my reasoning for including it.

RedScourge

They probably have a secret memo they give to all the Air Force personnel who have high security clearance which tells them how to disable the built in spyware in their OS which tracks what the users are doing. I can’t prove they infact include spyware, but it wouldn’t surprise me. The advantages of including their own spyware in their OS is they can track their citizens or even their enemies if they think the same way you guys do “its US Army, it must be secure!”, but also they can spy on their own soldiers to ensure none of them are spies or planning to leak sensitive internal information they may or may not be cleared to access.

Bruce Epper

And since it is used on laptops, any spyware on it could prove to be of use to anyone who manages to steal it. Would you set up something like this for your use or for your family members?

the “its US Army, it must be secure!” comment is way off the mark as well. I never made that claim at all. No system will ever be completely secure unless it is never used. And we were referring to an Air Force product anyway, not Army.

Then all they need is someone who forgets to disable your alleged spyware while accessing classified systems remotely (needed document for briefing POTUS).

Your comments just bring up even more doubts that they would bastardize a system in such a manner.

RedScourge

“And since it is used on laptops, any spyware on it could prove to be of use to anyone who manages to steal it.”

True of all spyware, but immaterial.

“I never made that claim at all.”

No, you didn’t, but many do and I just wanted to point it out so people don’t fall into that trap. Sorry also for interchanging Air Force for Army.

“Then all they need is someone who forgets to disable your alleged spyware”

For that to be true, both this and your claim that someone else could hijack it would have to BOTH be the case simultaneously, which is exceedingly unlikely. They’d be using the spyware for its intended purpose, notice that too high level of documents were accessed on a computer with the spyware installed, and I specifically had mentioned that sort of thing earlier. It’s a possible downfall but everything is risk management.

The other thing to consider is that even if I’m wrong and this is a stupid thing to do, the government is pretty stupid quite often, so they might just do it anyway.

John

I like running running various Linux distros in Live Mode. There’s a comfort in knowing that when you boot up the next day, your system is completely clean – except for concerns re: Flashable BIOS:

http://en.wikipedia.org/wiki/BIOS#Virus_attacks

I would love to see a laptop, for example, shipped with the OS on an microSD or SD card with a non-writable tab (flip tab = no write functions possible). You would flip tab to tweak system, install new apps, etc… Once done, write-protect and reboot. OS runs in RAM (with read access to SD card) and the hard drive is used only as a data drive (no boot sector) for your docs, media, etc… (accessible by other micro/SD cards holding alternative OSes). I might be the only one who likes this idea:-)

Another paranoid option is running OSes in a Virtual Environment. While an OS might be particularly susceptible to intrusion, recovery is often easier because of the sandboxing aspect. Data access between the Virtual OS and the Real OS can sometimes be a problem though.

For common users, the most important thing is their data. It isn’t the OS, the applications (especially if you’re using non-proprietary data formats) or even a manufacturer of hardware – it’s making sure your data is backed up so that you can access it with any OS or device.

Danny Stieben

Thanks for that bit of information, John. Really helpful with some good ideas. :)

gattolino

i love debian…simple…fast…and fully personalizzable! people who like source code also can love debian :D

John

Check out SELinux. It is also a U.S. Government OS created platform. It was developed by the National Security Agency for research purposes. I read somewhere that to date, that OS has never had a virus, or being hacked into. Probably because the OS is so rare as opposed to it being uncrackable.

Danny Stieben

I looked around for SELinux, but there wasn’t a way to download it anymore. Take a look for yourself. Let me know if you do find something, however. :)

John

Hm… That is interesting! I downloaded this several months ago and have a copy on CD. But I had a look again after your comment and couldn’t find it anywhere. It doesn’t appear to be on its home page, the NSA has stopped distributing it and mirror websites such as SourceForge don’t have it anymore. Well… All I can say is that it has to be available from somewhere. Once on the internet, it stays as they say. I’d assume it would be available as a torrent. But it is hard to tell which ones are legit and what ones are loaded with viruses.

Danny Stieben

I haven’t really found any other places yet where it could be downloaded…usually I wouldn’t trust any other locations but if I find something credible I’ll post it here.

Danny Stieben

Thanks for the links, Swabbie, but if you click on any of those, you’ll land on a page which lets you know it’s no longer available. :(

RedScourge

Most mainstream Linux distros now have a SELinux component included by default now, such as Ubuntu LTS, RedHat Enterprise, Fedora, etc. For most people, downloading this stuff is unnecessary.

Joe P

I use Mint but have added noscript, adblock, flashblock, and HTTPS Everywhere to my Firefox. Also, I set it’s temp directory to be in RAM and made that folder noexecute. I added PGP support to Thunderbird and I added Clam AV. I have TOR too. In 20 years of computing and 19 on the Internet, I have never had a virus or any malware. Only the paranoid survive!

Danny Stieben

That’s a nice collection of tools, Joe! Putting the temp folder in RAM is a neat trick, thanks for sharing!

mukhis

@Joe P
would you please mind to write a short tuto about those tricks? i am getting inclined to linux day by day, would love to know how to do those steps. just running a bunch of commands in the terminal, i guess. but i need the commands!

Pawpaw Joe

I agree… those are some good tricks, especially putting temp in RAM, which I would love to know the trick to doing. I just started using Mint and like it more than Ubuntu. If you don’t mind sharing… you will have my prayers and gratitude.

ferdinan Sitohang

This far, i use ubuntu for my personal computer, and the security is good. As i know debian is one of the most popular distro for security.

vineedcool

ohhkkk but i like ubuntu best!!!

henry cofa

Interesting article, congrats buddy

Danny Stieben

Thanks Henry!

YourCaringPal

Thanks for this wonderful Open Source article. :)

Danny Stieben

No problem! I’m glad that I’m able to write these for people to read. :)

Richard

—> This distribution is maintained by the US Air Force, and is as far as I know the only distribution coming from the American government.

Not so. It is not the only Linux distribution available from the U.S. government and is not even the most secure. That title belongs to NSA Linux, available from NSA (the No Such Agency) at http://www.nsa.gov/research/selinux/

Danny Stieben

As I’ve already discussed in earlier comments, SELinux as a distribution doesn’t seem to be available anymore from the NSA. Just try to actually download it and you’ll see what I mean.

Logan Kemp

“SELinux is included in a number of Linux distributions.”
http://www.nsa.gov/research/selinux/code/download1.shtml
You should be able to get the last version from their archive here.
Even though it’s no longer maintained, you can still download it. It’s probably been added to the Linux kernel, though, since it’s so secure.

Danny Stieben

I suppose one could use the last version, but it’s pretty dated.

Most distributions make use of it. I know Fedora is a heavy, active user of SELinux, which has sometimes given it some harsh criticism (which I find ridiculous).

renii

NSA sez New SELinux code is no longer released on this site. SELinux is included in a number of Linux distributions. You can also find the SELinux source code at the following external links.
SELinux kernel code is included in the mainline Linux 2.6 kernel,
available from http://www.kernel.org/
NSA seems to be saying it’s already out there and included in present day releases.

And isn’t the kernel core code in all late windows versions straight from linux w/microsoft tweaks added on?
Hafta agree with John on data saves

Danny Stieben

Yes, some distributions (like Fedora) use SELinux features.

Windows absolutely does *not* use Linux (with or without “Microsoft tweaks”) whatsoever. The Windows kernel is a completely different closed-source project which is about as far away from Linux as possible. Sorry, but you’re incorrect.

dragonmouth

“Windows absolutely does *not* use Linux (with or without “Microsoft tweaks”) whatsoever. The Windows kernel is a completely different closed-source project which is about as far away from Linux as possible.”
Since Windows is proprietary and closed-source, very few people really know what is contained in the source. So the source can contain a lot of code “borrowed” from other O/Ss, especially the open-source ones like Linux and BSD. All we know for sure is that Windows does not contain any Linux/BSD security code.

Mayur Godhani

Well, i always use Ubuntu on my lappy :)

Gordo ViajĂŁo

Really interesting, been using Ubuntu since 8.04 and had no security flaws on the client side… Only problems I had were brute force attacks on my GMail last year, but nothing of so great harm

Danny Stieben

Great to hear! Plus those attacks on your Gmail means that people just tried to get into your Google account, which doesn’t have anything to do with your Ubuntu desktop itself.

mmm

Tor = privacy. Encryption ~ privacy (less or more)
Browser fingerprinting ~ privacy is not possible (almost)
Security is something else.

Vishal Srivastava

Will try out Tails. Just finished downloading it after reading your review. Thanks!!