What are the most secure Linux distros?
If you are a security-conscious individual, it is likely high time to change your operating system if you are still using a Windows version or OSX. Among other giant corporations such as Google and Yahoo, Microsoft and Apple are thought to have been helping the N.S.A. in their data monitoring schemes. Though they likely didn’t have much of a choice in the matter, it is still frightening to think that such popular operating systems could have backdoors and N.S.A. spy-code built into them that will harvest your personal information and dump it in a massive governmental data vault.
The problem with these two operating systems is that they are not open source. Some people have made attempts (with some success) to reverse engineer certain portions of the code, but we really have no idea how it is all written. The public is blind to the inner workings of these operating systems, which is why the N.S.A. can potentially hide malicious code in them. Microsoft and Apple don’t want to release the source code for their operating systems because they would lose a lot of money, trade secrets, proprietary algorithms, and intellectual property.
So if these two massively popular operating systems can cause security threats, what operating systems should you turn to? Enter Linux. Linux is completely open source, meaning that developers can access the source code and actually see what it does behind the scenes. This makes it much easier to audit the operating system to ensure that no malicious N.S.A. code has been injected into the operating system.
Linux has been steadily growing in popularity over the years for two reasons: it is completely free and it is becoming easier to use. Even Ubuntu and Mint – which are known for being extremely user friendly – are more secure than Windows and OSX. And the best part? They won’t send data back to Microsoft (Microsoft has a ton of settings that dump a lot of local information into Microsoft’s servers in Windows 10)!
In addition, these operating systems are very flexible in how they can be installed. You do still have the option for a full install, but you can also run them as a virtual VMWare image, create a bootable CD/DVD, or even boot from a USB drive. The most secure way to access the Internet – especially in a public setting, is to use a bootable Linux flash drive. The idea is to not leave any data behind on the computer by using a secure Linux operating system as your gateway to the Internet.
Some Linux operating systems have additional security features, and they were specifically crafted to give users improved security. The following are some of the most secure Linux distros you can use to boost your online privacy and security.
UPR (Ubuntu Privacy Remix)
This is one of the best secure operating systems for those new to Linux since Ubuntu is easily one of the most popular user-friendly Linux distributions. However, it is slightly different from the plain flavor of Ubuntu because it comes loaded with security packages and software that will help you encrypt removable media. This is an advantage over other secure operating systems because some of them don’t allow you store data in anything except RAM, so UPR splits the difference by only using encrypted removable media for long term storage. Also, the operating system has been “hardened” which makes it nigh on impossible for malicious software to change anything “under the hood.”
But it isn’t perfect. They say the most secure computing device in the world is one that isn’t connected to a network. By cutting all ties to a network, it makes it impossible for network attackers to perform remote exploits. UPR takes this philosophy to heart by not providing network connections at all.
Any time you see an operating system name with the suffixes “ux” or “nix,” you can make a safe bet that it is a descendent of the Linux kernel. This descendent of Debian is tailored to act as a VMWare virtual machine with special tools to prevent DNS leaks, malware attacks, and privilege escalation attacks. These tools are designed to hide the user’s IP address using the Whonix gateway – which acts much like a Tor proxy server.
The software included in this virtual machine image help to completely isolate the operating systems from the host OS and its network connection. But wait, there is more good news. This OS comes loaded with a lot of general purpose software that makes it a viable alternative to other desktop operating systems such as Windows and OSX. And because it is a virtual machine, you can still use your everyday desktop operating system in conjunction with this OS. If you wanted to, you could do all of your work on your host desktop (word processing, spreadsheets, music, etc.) and only use this VM for Internet related activities. Plus, you can easily switch between the two operating systems since a virtual machine runs on top of the host OS just like any other application.
However, the largest downfall is that it can be challenging to setup – especially if you aren’t technically inclined.
The Amnesiac Incognito Live System (TAILS)
This system, though more popular than other operating systems in the past, received a lot of attention after Edward Snowden recommended it. Key features of this operating system include routing all Internet communications through the Tor network, only storing data in RAM, and erasing that data when the system is shut down. However, it is probably not your best choice of secure operating systems today due to the fact that it doesn’t have a way to save data to a disk. This feature is great for security, but some people feel that it is going a little too far – after all there are plenty of ways to encrypt your hard drive.
However, it does have some really cool features such as the ability to spoof MAC addresses (the globally unique identifier for your network card), the fact that it descends from the Debian branch of Linux, and it even comes loaded with tons of other security tools.
In the end, this tool is great for browsing the Internet when your highest priorities are security and privacy, but probably isn’t the best choice of operating system to use on a daily basis.
There is also an alternative that is strikingly similar to TAILS called Privatix, which is another live system image. However, if you want this type of security, you are probably better off using TAILS since Privatix is a lot more watered down. It lacks advanced features such as the camouflage mode and the ability to spoof MAC addresses.
JonDo is a bootable live image that is based heavily on the proxy service named JonDonym. Though no proxy service can ever be 100% perfect, many like using these types of proxy services (such as Tor) to scramble the source and destination of their traffic stream. This helps hide your identity online, and JonDonym encrypts your data each time it is sent between one of their relay servers.
The operating system, which is based on Debian Linux, comes loaded with the JonDo browser as well as the option to use either JonDonym or Tor proxy services. In addition, it comes loaded with other types of tools such as Wireshark and Wuala.
Ultimately though, this is really better used as a way to browse the Internet. The largest drawback is that it doesn’t come with a way to save files to a hard disk and it doesn’t contain full-featured software you would expect in a desktop operating system.
I2P, or the Invisible Internet Project, is a network that allows you to browse the Internet anonymously. At its core, it is different than Tor but the goals are the same. It is not dissimilar to JonDo in the fact that the operating system is a Linux distribution that was custom-tailored to route data communications through the creator’s network (in this case I2P). And it comes with other general purpose tools as well as additional security tools. Yet again, this operating system has been stripped down so it likely isn’t your best choice for a permanent desktop replacement. Instead, it is yet another way to increase security that is most applicable for web browsing for most users.
Lightweight Portable Security (LPS)
This operating system is extremely stripped down and is so small it can boot from a flash drive. In fact, it is only about 282 megabytes total, making it extremely lightweight and portable. Like some of the other alternatives, the operating system code is loaded purely into memory, though you can save the image on persistent memory such as a hard drive. However, it has one large drawback. These days, people aren’t placing a lot of trust and faith in software that was developed by a governmental organization, and this piece of software was created by the Air Force.
We threw a lot of information about various operating systems at you, which is probably leaving you wondering, “Which operating system is the best one to use?” Well, that depends on your security needs and how technically savvy you are. The three best are likely UPR, Whonix, and TAILS.
Whonix will make the best replacement for desktop operating systems, but remember, it is difficult to install and configure. UPR, on the other hand, is much more user friendly because it is a spinoff of Ubuntu – but it lacks network connections. TAILS has amazing security software, but it really isn’t well-suited to be your daily go-to desktop operating system.
Even if you don’t want a desktop replacement, it would be in the best interest of your online security and privacy to have at least one of these operating systems standing by to browse the web if you want to avoid eavesdroppers and security vulnerabilities.