No antivirus

>no antivirus
You don't need one, you just need to have a functioning pair of eyes to look at the source code and/or trust in the repo maintainers

>no personal firewall
what?

>no UAC
what?

>X11 allows anything with user rights record you typing root password
That can be changed, you know.

>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
Unless you use something like Slackware, or equivalent

>repos routinely offer outdated versions with bugs
Unless you use something like Slackware. Or just compile it yourself. It only takes like half a brain.

Fuck off, retard. Linux is an operating system. Go read what that means

>no antivirus
wrong
>no personal firewall
wrong
>no UAC
wrong
>X11 allows anything with user rights record you typing root password
wrong
>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
wrong
>repos routinely offer outdated versions with bugs
wrong

>no antivirus
kaspersky.com/small-to-medium-business-security/endpoint-linux
bitdefender.com/business/antivirus-for-unices.html
eset.com/us/home/antivirus-linux/

>no personal firewall
Firejail

>no antivirus
repos are updated constantly, and if you see something as unsecure, you can change it to your needs.
>no personal firewall
ufw, pfsense
>no UAC
literally any DE has one, if you want to be spoonfed
>X11 allows anything with user rights record you typing root password
i mean you can change that. it's better than os* having rootkit on boot or windows being probably the most vulnerable thing to that
>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
how about not using *bsd
>repos routinely offer outdated versions with bugs
any software update for any system will have bugs.

Attached: 1529853715060.png (1280x591, 101K)

Linux has nothing to do with any of these points outside of SELinux and iptables/nftables/bpf firewall.

rest of the points are userland problems.

antiviruses are spyware as well. a few exist for linux--such as carbonblack, but that shit is useless garbage if you know what SELinux is and how it works. why the fuck should you be trapping random syscalls and doing whatever "analysis" on shit instead of just saying, this app can't fucking open this file or network connect to this port.

>no antivirus
ClamAV
>no personal firewall
UFW, iptables
>no UAC
Not true, UAC is actually flexible compared to Wangblows
>X11 allows anything with user rights record you typing root password
It could modified not to do that.
>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
Varies. There are many Linux distros that don't do this.
>repos routinely offer outdated versions with bugs
Again, it depends on what distro you're using. Distros offering rolling release updates tend to be buggy than say a stable distribution.
>Remind me, how is Linux the safe operational system?
It's safer than Windows 10, that's for sure.

Attached: 1529749611606.png (409x409, 157K)

>no clue about the shit I criticize

>Firejail
That's a sandbox program for isolating other programs. Not a firewall.

>no antivirus
clamav / rkhunter
>no personal firewall
iptables / GUFW for nobs
>no UAC
It's called sudo, dumbass. You're the UAC.
>X11 allows anything with user rights record you typing root password
Got me there.
>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
You say that like it actually makes a a difference when considering malicious actors inside development companies.
>repos routinely offer outdated versions with bugs
Install Gentoo

>av
ClamAV
>fw
ufw
>uac
"sudo" + command/executable
>X11
Wayland
>whoever is in charge of repo
You can always download user software from dedicated websites or github/gitlab, or download source codes and self compile.
>repos routinely offer outdated versions with bugs
Flatpak, snaps and appimages

>repos are updated constantly
hahaha
>pfsense
not a personal firewall
>ufw
doesn't allow filtering per application
>literally any DE has one
Maybe try learning what Windows UAC does before commenting
>how about not using *bsd
that's not an answer
>any software update for any system will have bugs.
what the fuck does that even mean? In Windows you can simply download latest version from developer's website, in Linux good luck if your repository has old version, good luck

Firejail

Firejail allows filtering per application. It can force processes and their children to a specific network interface, which can be further restricted by iptables
"Personal firewall" generally refers to per-application filtering which has only been made possible recently with the addiction of Linux namespaces, which firejail uses

>>no antivirus
ClamAV
>>no personal firewall
iptables
>>no UAC
sudo
>>X11 allows anything with user rights record you typing root password
Which is why we're getting Wayland
>>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
Not necessarily
>>repos routinely offer outdated versions with bugs
Even Debian, the stone age distro, pushes lots of security updates and backports

>Lol just compile it yourself, what are you a noob?

How is this an acceptable answer in 2018? You guys wonder why can't Linux pass 1% and then write shit like this

lol just compile it yourself; what are you a noob?

fucking whiny pussy bitch.

Are you a fucking retard? It's one of the 3 presented options and you decide to cherry pick in order to """prove""" something. Your post is just as worthless as you are. Kill yourself.

Usually you want to whitelist applications you wish to give access, not the other way around. If you can do something like running everything in firejail, feel free to tell but I haven't found a comfortable way to do that.

As a Linux user for 10+ years, I've literally never have had to compile a single package. I wouldn't even know how. As far as I can see it, compiling is a last ditch attempt for anyone who needs some exceedingly obscure program. I'm sure there are some hardcore neckbeards out there who would disagree, but compiling isn't really a necessity for normal users anymore.

>Wayland, Flatpak

It's worth noting how recent and not adopted these things are in comparison with Windows who has context separation for over than decade and "just werks" installation from very beginning.

Sure, it's nice and dandy if the thing you're looking for is in a repository. Post you are replying to is written with outdated version in mind, which is pretty common occurrence. Unless devs distribute x64 binaries themselves (which is extremely unpopular in free software world for some reason) they you are toast.

And I wouldn't say obscure, just anything outside of repository. Even if they do have your repository's package, in my experience it fails 5 0% of time on some dependency that I can't solve. I'm hopeful for Flatpak though.

I thought that one of the motivation for Wayland is that X11 can't be modified to do that.

Because they are shit and not worth replying to. I don't know what "dedicated websites" are you talking to and no, it's not a common practice to put binaries on github.

>they are shit and not worth replying to.
You're shit and not worth replying to, but I'll do it anyway since you're obviously too stupid to exit without your hand being held.
>it's not a common practice to put binaries on github.
It is for most user software.
>don't know what "dedicated websites" are
Website of the fucking project which contains the binary or it's own repository. Example, wire.com/en/download/ or mpv.io/installation/ . If a website states that it's software is already in an official repo then it's safe to assume it's a safe to use package. You'd have to be autistic not to trust the maintainer, developer and the distro itself for no reason when everything is transparent.

>it's not a common practice to put binaries on github.
How the fuck would you put a gender on github?!?

Attached: 1525834555589.jpg (800x793, 80K)

>66476775
>no antivirus
>no personal firewall
>no UAC
>X11 allows anything with user rights record you typing root password
>integrity of software is guaranteed by whoever is in charge of repo instead of developers themselves
>repos routinely offer outdated versions with bugs
we showed them

Attached: 1529171104029.png (579x450, 380K)

Based.

Ufw is easy as fuck

Linux is a kernel, a program you install with your package manager.

I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.
Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

How do you block firefox in ufw then?

Good post.

based

Cool bro, you showed me two examples. Doesn't change the fact that it's not common practice.

And if you are lucky enough, there is good chance you won't be able to install package because of dependency that unsurprisingly is also outdated in your repository. Good luck going that rabbit hole.

Meanwhile on Windows, Mac, it just works.

>muh dependency
Irrelevant, things just work. It's just as rare to get a dependency issue on Linux as it is on windows. And snaps/flatpaks/appimages will fix that issue.

Attached: 1528112969796.png (600x1081, 331K)

Because Linux is a meme OP, just like AMD and ThinkPads

>things just work
They don't though, especially if repository itself is outdated

>sudo apt update
Wow

>especially if repository itself is outdated
what does this even mean?

Not them but I'm assuming they meant that the repo has outdated software. It isn't that fucking hard to get.

>has outdated software
pretty understandable considering that not all software get a newer version at the same exact time. Would you rather have a slightly outdated software or do you want a deep dive into dependency by keeping two versions of the same package because one software is updated and needs the newer version as a dependency while countless other programs need the older version since they're not updated yet?
Fuckton of people complained about dependency hell on Windows but when Linux tries to do it right people still complain like retards and don't know how to think any deeper.

he's not referring to outdated software
the wording is pretty fucking clear and it's a clear indication that he has absolutely no idea what he's talking about

>dependency hell on Windows

Yes I am, perhaps I should have written it more clearly but then again it's good enough for all that aren't braindead.

It's a real problem I had, wanted to install OpenTTD but apt had only seriously outdated version. No problem, just install deb file they provide on their website? Well that package depends on libraries that are also outdated in repo. At that point you can try download those from web and hope that you don't break anything which is about as far from "it just works" as possible.

Luckily in this case they provide statically linked version with everything in it, but how many developers actually do that?

>Fucking brainlets, wanting to have latest versions

We'll do it right way and run something full of disclosed security holes. It's the price we pay for software freedom

Attached: Install Gentoo4.png (500x666, 518K)

use gufw if you are lazy to read manuals.

This is really good role play

How do you block Firefox in gufw then?

Attached: gilete.jpg (620x560, 28K)

>what are security patches
do you seriously think the repos just include the completely unmodified versions of everything direct from the upstream devs?

No richard

Attached: 1515602913243.jpg (806x938, 337K)

Nigger

>clamav
>firewalls are a thing
>privileges are separated by groups
>X keylogger meme here is vague
>so what?
>depends how repos are maintained for each distro

that's a very bad analogy.

Nobody is claiming that GNU+Linux is very safe

>not liking pubes
gay

>that pic
It really makes you think, I had sex with a girl with shaved pubes and a girl with a full bush (not at the same time or occasion) but I couldn't feel a difference between them. When you are j-jamming it you don't care too much really.

>point out flaws in the OS
>sperg chiefs make pedantic shitpost about Linux being a kernel and say nothing else then run away

Every time.

He looks like a cuck, what else do you expect him to be able to think of other than being cucked?

nice

This is why Linux enterprise desktop usage adoption is fairly low and is largely focused on developers. Windows is much better and easier to securely deploy with minimal tweaks out of the box for your average user environment.

Yea it actually doesn't stop shit, surprise surprise.

No, natural pubes are homosex. Trimmed pubes are GOAT.