Windows is better for security than Linux

In Windows I can manually block incoming and/or outgoing internet for any program easily using Windows Firewall. E.g. Keepass. As much as I like it, I still block it from accessing the internet to be completely sure that my password database isn't copied and sent somewhere.

In Linux I can't do that. I have to simply TRUST that no transmissions I don't approve of don't take place. Blind faith. And/or go through the source code every fucking time like an autist.

>Trust the plan, goy!
Fuck that.
Until Linux (any distro) can come up with something comparable to Windows Firewall (built-in, easy to use, fine controls), Windows > Linux. Fact.

Attached: windows-vs-ubuntu[1].png (720x350, 70K)

Other urls found in this thread:

youtube.com/watch?v=WRWrmT0ovPE
github.com/evilsocket/opensnitch
twitter.com/SFWRedditVideos

PRISM

there are multiple application firewalls for linux
thread hidden, reported and [redacted]d

>What is ip link?
>What is ufw?
Linux itself has way more option of security but in mainstream distributions, they already implement the best security options where you don't have to worry about.
Not to mention that Windows uses the NT kernel which has way too much vulnerabilities compared to Linux. Using a normal user in Linux or any other Unix is not a risk since the root is safe and disconnected from the users.

Yes you can. In fact the hosts and firewall windows uses us from Unix / BSD

security and privacy are somewhat overlapping but still separate things
i'm not talking about privacy from the NSA etc
i'm talking about security form malicious hackers on steroids or trusted obscure software that could one day stab me in the back

>having to rely on ANOTHER piece of 3rd party software to prevent the first piece of 3rd party software from going rogue
then a third to watch the second
then a fourth to watch the third
it doesn't really solve the problem, does it

some 3rd party firewall software (made by a furry in his spare time) is nowhere near the same thing as a trustworthy official built-in-to-the-OS firewall

OpenSUSE doesn't have this problem

Attached: yast.png (880x521, 92K)

yeah but if it's there but hidden and you have to use some amateur 3rd party autist software to be able to access it (in GUI form) then what's the fucking point?
why does everything have to be so deliberately tricky and obscured?

Make your own firewall if you like it so much

I don't know if this is bait or he's just retarded

Learn how computers work or go back to Windows. We never asked you to use Linux.

interesting
can you exercise the same sort of thorough, granular controsl that Windows Firewall offers
>any program
>incoming, outgoing
>different rules profiles for different connection
etc?

desu I would like to switch form Windows to Linux
but things like this are too important
e.g. I love Keepass but I have to be able to easily block internet access for any program I want

I hate that (vanilla) Android doesn't offer this either
They give you some permissions controls
like access to storage, camera etc
but they never let you outright block internet access
I hope Keepassdroid doesn't one day become sneaky and sneak internet communication into an update one day and I don't even notice it...

t. brainlet

>In Linux I can't do that
Yes, you can. Install the firewall that's lets you do it.

Hurr durr make your own cheese
get your own farm
milk your own cow
raise your own cow

make your own bread
grind your own flour
harvest your own wheat
grow your own wheat

retard
people can't do most things the hard way from scratch
there just aren't enough hours in the day
stop being such an autistic puritan

I know this is bait but there's some truth to this. windows has some undeniable strengths of Linux, like ntfs permissions which are far more granular and advanced than even Linux ACLs.

however, Linux excels in other areas that make it more secure, esp in server environments. you are wrong that you cannot firewall traffic, iptables is very robust for this. firewalling per application is more difficult, but can be accomplished with selinux which is like a firewall for what programs are allowed to do and not do. it controls both network access, as well as filesystem access. so for example you can have selinux block firefox from looking in folders outside ~/Downloads, if you want.

there are strengths and weaknesses to both OS, but to just make a blanket statement like "windows is more secure than Linux hurr" is retarded

>What is iptables

Apparently yes, but I never used firewall on Windows, not on GNU/Linux.

>never let you outright block internet access
Use LineageOS

Windows firewall GUI is more confusing than Linux ufw CLI.
I mean, you TOOK YOUR TIME TO LEARN how to use Windows firewall yet you REFUSE to learn how to use Linux firewall (gufw) or opensnitch, or another alternative and instead say "hurr it sucks". Well you can fuck off with your retarded babyduck logic.
Windows was barely usable without 3rd party software before windows 10 came out, and still is in many cases so you literally can't use that as an argument.

t. masochist
which firewall? how can i trust it in the same way i can trust the baked-in firewall controls in Windows?

>firewalling per application is more difficult, but can be accomplished with selinux which is like a firewall for what programs are allowed to do and not do. it controls both network access, as well as filesystem access. so for example you can have selinux block firefox from looking in folders outside ~/Downloads, if you want.
Ok this is interesting, it's what I'd want.
But again, like you said, it's more difficult. Why can't it just be easy like it is in Windows? How can Linux seriously present itself as an alternative to normies if they don't let you fairly easily do the same things you can in Windows?

Ubuntu has been a step in the right direction but there's still a ways to go.
And now that Unity is being abandoned in favor of shitty GUH NOWM 3, it's taken a step backwards too.

I did try, it was too difficult
Windows Firewall is fucking easy
Click on th eprogram from the list, right click, choose rules for incoming and/or outgoing, in variosu scenarios
All you need is to be able to read English (or whatever your native lang and Windows install lang is)
And btw this thorough per-app firewall functionality was there in Windows 7 (although I get your overall point, back in the XP days even, a lot of this stuff wasn't available. It was probably way worse in the 2000/98 days, although desu I was a child then so I was a retard with regards to the internet anyway haha)

>Use LineageOS
oh shit, I didn't knot that.
Ok I probably will at some point this year then for my Moto. Official support is gone now, and with this new PNG exploit thingy emerging...

>But again, like you said, it's more difficult. Why can't it just be easy like it is in Windows? How can Linux seriously present itself as an alternative to normies if they don't let you fairly easily do the same things you can in Windows?
>Windows Firewall is fucking easy
>Click on th eprogram from the list, right click, choose rules for incoming and/or outgoing, in variosu scenarios
>All you need is to be able to read English (or whatever your native lang and Windows install lang is)

yes, windows is undeniably more easy i'll give you that. however, the windows firewall isn't as great as you think. any program running under your user account can add or remove rules from the windows firewall, because your user account is an administrator (literally noone runs windows as a non-admin user unless they are in a corporate environment and getting fucked by IT).


when windows advanced firewall came out with Vista, I spent a lot of time explicitly creating incoming and outgoing firewall rules to harden the system. then I noticed that utorrent could just punch a hole through the wall everytime it was launched, because it would just make outgoing rules for itself at will. in linux this is not possible without being the root account, at the very least you would be forced to type in your password to allow a program to elevate itself and add rules to the firewall

Why are you using Linux? It's fucking dangerous. You'll become a pedo, or even worse you might drop out of college or lose your job...
youtube.com/watch?v=WRWrmT0ovPE

>HURR DURR WHY I NEED TO INSTALL TURD PARTY FIREWALL???? LINUCS BTFO
You better stick with Windows, you fucking retard. You don’t even understand that Linux is just a kernel. IF YOU UNZIP A FILE, OPEN THE SETTINGS MANAGER OR THE FILE BROWSER YOU ARE USING FUCKING THIRD PARTY APPLICATIONS

>windows is easy linux was too difficult
Yeah, and I found windows built-in firewall difficult and confusing as fuck to the point of bloating my PC with Comodo firewall and later some very minimalistic firewall which was just a front-end to windows firewall.
Use it more often and it won't be confusing. Stop being a babyduck.

>69729642
>which firewall?
github.com/evilsocket/opensnitch
>how can i trust it in the same way i can trust the baked-in firewall controls in Windows?
How can you trust the windows fw when it's closed source?

Does anyone know about a version of windows ltsb that's completely stripped of telemetry with updates disabled? I've seen it posted here before but forgot the name.

ACLs are a bit of a meme, windows has too many that nobody touches and only exist to get fucked up somehow

sure there may be too many, but there are still some really basic and useful things you can do with ntfs permissions that you can't do with Linux acl's.

like the concept of users being able to create files but not delete them in a given folder, is pretty much impossible to do in Linux. and inheritance is way better as well

But the built in firewall is shit. And you're still trusting Microsoft with your data and if it's firewall is actually working. If you learn how to properly use iptables in Linux then you don't need anything else and you are able to customize it way more then Microsoft's shitty gui firewall.

Win10 ameliorated?
Ameliorated.info
If you trust this hacked piece of shit lol
I just use ltsc

Yepp, that's the one thanks bruv. Not gonna use it day to day. Just gonna slap it on a portable and call it a day. Wanna see how usable it is.

>I whitelist hostile parties so that abuse from them is acceptable

Windows LTSC/LTSB shits on all your silly hacked together. crash loving, slow working OS

>3rd party
My distro comes with iptables and selinux.

>I don't know any firewall software for Linux, therefore there isn't any

really? all by itself in the background? without any popup? y'know, the typical modern windows popup when you run an installer?
shit, that's kinda worrying. thanks for letting me know, user. i'll make a note to regularly check for any changes. monthly or something.

>How can you trust the windows fw when it's closed source?
Because Windows isn't in the biz of stealing your passwords and logginf into and sabbotaging your personal important accounts, or stealing and using your credit/debit card info, or getting into your online banking and emptying your accounts.

Sure they are botnet and 5-eyes as fuck, but 5-eyes won't do what I listed above. That's a more important and immediate concern to me than 5 eyes snooping on me through Windows and Google to make sure I'm being a good thought goy. I keep all my bad goy thoughts in my head anyway.

>Windows isn't in the biz of stealing your passwords and logginf into and sabbotaging your personal important accounts
Neither is open source software.

Attached: purecoincidence.png (366x358, 84K)

But pajeets and romanians and other various 3rd worlders are, and a way to do that would be to release software that is innocuous for a while, to build trust, and then suddenly one day BAM! Smash n grab. So how can you be sure about any one piece of 3rd party software unless you pore through the source code upon every update - only unemployed people have time for that. The rest of us have real life to get on with.

>windows firewall
>effective

hue

The windows firewall cannot block certain OS activity and is proprietary.

The fuck you on?

Linux has dozens of firewall front ends nad back ends I normally use firewalld.

Ever heard of iptables/ufw ?

>3rd party
Code is code. Security is security. Why do you immediately trust Microsoft or anyone else for that matter? A majority of web servers on the planet use Linux, and Linus/the kernel team did not make the HTTP daemon. That comes from the Apache or Nginx projects. We're used to "3rd party" software for everything because that's how mafia works. That's how open source thrives, and because things are open and developed on by the public, we can in a majority of cases be sure that there is no foul play.
I know this may come as a shock to you, as someone who uses the insecure and virus/malware-ridden platform of Windows and as a result ends up placing an inordinate amount of trust in the OS vendor, but 3rd party is not a bad thing in the Free Software world. It's a good thing.

I'm not trying to block certain OS activity.
I'm trying to block certain 3rd party applications, which, though very useful, contain very sensitive personal data e.g. Keepass so I want to block that application from accessing the internet in case it chooses to go rogue one day and send my password file to some mystery server.

Microsoft isn't trying to steal my money (apart from when they raised the monthly price of outlook 365 from 4.50 to 5.40!!!!)
The gubbamint isn't trying to steal my money - in fact they even give me some (a litlle something each month to help with daily transport costs because I'm disabled).

I'm worried about rogue cyber-pajeets and cyber-slavs.

It is if I have the time to pore through every update of every piece of open source software I use.
Unfortunately I have neither the time nor the knowledge to understand what I'd be looking at (I'm no programmer). And most people are like me.

OP you will be insanely pleasantly surprised to hear about to existence of OpenSnitch.
Not my cup but definitely looks to be for you.

How do these things work on Linux? Are they freestanding programs like in Windows, or are they like modules/components that you download and they integrate into the OS? Like Windows has components that don't come out of the box but you can easily dl them from Microsoft.com and install them and they slot neatly in to the OS itself.

And do they work for all/most Linux distros?
Because the only Linux distro I can see myself switching to if I do switch is Ubuntu or something else at that level of ease-to-use and completeness. Not some stupid barebones autistic Gentoo/Arch bullshit. So does it work with Ubuntu? I think I remember there being different 'families' of Linux flavors. Like Ubuntu and Debian are the same family. But OpenSuse is a very different creature?

What happens is software is compiled and put in something called a package.
Ubuntu and Debian use .deb
Arch and Arch based distros use .tar.xz
Fedora and CentOS use .rpm

They just contain a filesystem directory all zipped up and when you execute them in your package manager they look for missing names of dependencies and grab them if they can then install to your filesystem letting you run it.

The neat part is, literally every single system installed file through your package manager is part of a package, if you were to uninstall every single package and purge your config files your entire hard drive would be empty folders as all software comes as packages.

The practical upshot of doing it this way means everything on your computer can stay up to date all at once, bug free, and install insanely fast while still letting you use your computer while upgrading.

If you want loads of features, install Kubuntu 18.04 or SUSE, it uses the KDE desktop historically known for being super feature rich in comparison to other distros and Microsoft routinely steals ideas from them.
OpenSUSE is a very good KDE plasma enviornment and I'd recommend that to you.

Arch and Gentoo aren't minimal but you start with nothing. I loaded mine down and due to the high control you have over the system they tend to slip off the edge of sanity when you have to control everything and just fill them up. I prefer a good Ubuntu or SUSE/ Fedora install these days rather than messing with that.

There is a catch to using a package manager.

It makes the concept of manually installing software inherently naughty, as going outside of your package manager means that you now have to micromanage the software, update it, and control it.

My advice with something like apt is to watch over what you install, do not install lone .deb files unless absolutely necessary for something like a single video game that installs this way.
Use PPAs for hot off the press rolling software so it will stay up to date and get patches.
And use make and make install when compiling software VERY sparingly and understand that it won't get updates when you install like that.

There is a folder designated as the "user installed software" directory as /opt however. If it gives me a zip file filled with the software I extract it to a folder in /opt to keep it organized.

OpenSnitch is in active development and the devs of Ubuntu, SUSE, and Fedora don't look like they've taken notice of the project enough to make packages for it.

You may have to go the manual install route by compiling it yourself.
github.com/evilsocket/opensnitch

Just understand that after the make and sudo make install commands that you will be in charge of revisiting the git to check for updates and watching if anyone ever puts out a PPA or user repo for the project until it gets an official package.

And it's free software so you can trust it. In what universe is Microsoft not selling your data to pajeets themselves as long as they pay for it.

very well laid out, thanks for this (esp since i made the thread with such a troll-y OP)
I'm still reluctant though. IF something bad happens, e.g. someone gets my internet banking credentials somehow and drains my accounts, then obv I'll cal up the bank and try to get everything back. Then they'll ask how I used to access it? Which OS and which browser (I use a clean, untampered-with browser just for IB, don't use any of my regular ones). But they'll ask me. And if I say Windows and Chrome, then they'll say hmm yeah ok. But if I say
>WELL AKCHUALLY, MA'AM, *insert gahnoo-linux rms copypasta here*, and Icecat/Pale Moon, which akchually *another copypasta here*
they'll be like "what the fuck is this amateur shit nigga, this isn't our recommended OS and browser, this is probably your fault for using this amateur stuff, so you're liable, not us, too bad you ain't getting your money back bye bye" and I'll be ruined.

Just tell them Ubuntu. It's not hardcore its just an OS.

> It is if I have the time to pore through every update of every piece of open source software I use.
On Windows you can't do that even if you have the time

hmmmmm
well you've definitely given me food for thought, with this opensnitch thingy
I still feel like I wouldn't have time to audit opensnitch with each update either (unless i install outside of the package system therefore unless i update it it will never update). I also have no idea how to audit code lol. But it is food for thought. I don't really want to be in the MS and Google botnets desu, but it just werks for me right now. I don;t like where the world is headed for, it really seems like all the scifi fiction of recent decades is where we're actually going with this shit IRL (wall-e, matrix, 1984, i-robot, minority report, ghost in the shell, psycho pass), i probably do need to disconnect from the botnet.

I might give it another big try at some point in the next few years (can't right now, very busy with work, side biz and studying. and cooking and housework etc. Did I mention I'm disabled? I already feel like I have no time. But I do need to give it a shot I guess. Before I (hopefully) get a wife and kids, which I want in the next decade. Because then that's the end, there will never be free time again. So I've got to give it a shot before then.

I feel like I'm either going to go full botnet or go full-cyberpunk / zero botnet / as disconnected from the electronic grid/gulag as possible. I'm going to end up at one extreme or another. The other problem is physical/meatspace security. I haven't been the victim of thievery/roberry/burgalry yet, but I am super duper careful and even then the average quality of human being is dropping thnaks to (((globalism))), more criminal scum pouring into the country every day. violence crime is soaring. There's comfort in the Google botnet that even if something happens to my stuff in meatspace (phone gets stolen or some home from work and been burgled including computer and drives etc etc), at least everything in backed up in the cloud. All my most crucial stuff is secured.
...

...
if I disconnect and have a much more non-connected computer, go cloud shit, and an unpozzed smartphone (or not smartphone at all), then I'm at the mercy of staying safe in meatspace. Any backups are only on drives in my house, and all my current work and important stuff is on that computer, not backed up in the le cloud/. If I come homje and have been burgled, computer and drives gone, then I'm completely fucked. Sadly, there is safety in the botnet, ironically.

I use very little open source software on Windows currently and that which I do is blocked from the internet using Windows Firewall.

*no cloud shit

>How to audit
Just go to github and view the commit history, take a look at who contributes, and check the actual source code directory.

I regularly check DXVK's git just for a heads up on feature updates.

unironically, with all hell breaking loose everywhere making my own farm and growing own stuff seems like a based plan user

Attached: old_ares_had_a_farm.jpg (1920x1080, 225K)

Ufw lol

>netfilter is shit

only because you are too dumb to find the firewall that doesn't mean its there
>uses a screwdriver to open car because I cant find my key in this magic box that sets off the alarm and has a chrome button

Security isn't a real concern. Hasn't been for nigh on 20 years. This isn't fucking 2003.

Linux can has POSIX ACL, can even use Windows domain users/groups for the ACL if the Linux is joined into domain and using PAM that can talk to AD like SSS.
Windows clients will recognize the ACL and will treat it it like NT ACL

Attached: premium_b8.jpg (325x326, 21K)

Windows is better at security than Linux in the same way that a car with a trailer hitch is better for pulling loads than a semi tractor -- it's easier to set up and easier to use.

Yeah. Who needs security today? We just publish all our private data on Facebook. Nothing to hide apart from what's already publicly accessible, so who cares if a few pieces of malware get in?

If you have something on a networked computer, it is public. Only in this age could "computer experts" have become so fucking idiotic they think their every fucking thought should be delivered to a fucking cloud via an brain implant and that "security features" will make up for the difference.

How did people get this fucking dumb? If you don't want something shared, don't fucking put it on a networked computer. Am I the only person with a positive IQ left here or what?

Attached: 1421469635032.gif (178x195, 875K)

And malware is NOTHING like it used to be at all. Massive computer-destroying viruses just aren't a thing unless someone is deliberately targeting an individual.

don't use linux as a desktop, it's a mess full of half baked software

>security and privacy are somewhat overlapping but still separate things
>i'm not talking about privacy from the NSA etc
So how is Windows Firewall more secure, if your putting up the firewall doesn't prevent the NSA from spying on you without warrant?

I think you should be more worried about your own government stabbing you in the back, than random Pajeets wanting to scam your uncle for the cost of bogus virus repairs.

> I use very little open source software on Windows currently and that which I do is blocked from the internet using Windows Firewall.
I was talking about closed source software, you cannot inspect updates if you use that

True. Now reinstalling an OS is fairly trivial, and buying a new computer isn't that unaffordable, we have a worse kins of virus: cryptolockers. They destroy your data, which if often more valuable to you that your OS instalation or computer.

The best OS is the one you have the most experience with and knowledge of.

>use proprietary software to block network usage of proprietary programs on proprietary operative system and check on proprietary system monitor that it works
>But I can't trust open source since I can read that the program does exactly what it tells it does