The Quest for Reasonably Secure Operating Systems
I never worried on Windows about security as much as I should have, it just so happens I've been lucky to have never been hit with ransomware.
By the time I was on Linux Mint, an acquaintance of mine put in their Discord profile bio a link that seemed legit; the landing page was a legit-looking Cloudflare prompt with a captcha button... When I pressed it, I got hit with a jumpscare hijacking my browser and screen! Astaghfirullah, that was scary as hell!
TL;DR - this is how I decided I need for my computers and my phone operating systems such as Qubes OS and GrapheneOS - these are what I'm using now -, systems that might, at the very least, prevent such trivial takeovers, in addition to me not giving away anymore so much of my data to Trump's vasal corpos, and at the very best could even help, at least to some degree, with a threat model that might escalate...
It wasn't easy though getting to this point, and it didn't help that security can mean quite a few things, and there are different philosophies to it.
I wanted to not put any money into new hardware, so for months I've tried to find the best solutions for my limited hardware: a normie phone and a mini-PC that only supports SVM, no VT-d technology. Only on the strength of "time-theft" during one of my two jobs could I get away with this lengthy pursuit...
After having discovered madaidan's insecurities blog, I swiftly decided to harden my Mint installs and consider hopping to another distro - Alpine, for its reduced attack surface by employing OpenRC instead of systemd and musl instead of glibc. I was also recommended Oasis Linux - a statically-linked LSF configuration, supported by the suckless community - and Void, but I decided to go with Alpine as it's arguably the bigger distro of these, and also I was at the time considering ZFS - it would so happen that someone on Github made a tool for having ZFS on root in Alpine.
I said in my previous post that I migrated to Linux in order to get away from US Big Tech, but I am well aware that they are pretty involved in Linux. Anything can happen that might convince people to fork the kernel, but also I might decide for whatever reason to switch to a different Unix system or even something outside Unix. Hence I've also looked into the BSDs and illumos, with an open, pragmatic mind, regardless of the debate between GPL versus BSD and MIT licenses (remember that I've wanted to get away from systemd for the sake of reduced attack surface)...
At first, I narrowed down my options to BSDs that make use of ZFS, as I wanted to have a filesystem in common if I'm going to dual boot Linux and BSD. I was considering NetBSD more seriously - after all, OpenBSD forked from it -, but my first VM installation hit into trouble with repos, and that wasn't a good impression. I didn't want vanilla FreeBSD, so I was thinking about NomadBSD, as I like their logo better, haha... But I've heard their security updating status isn't as good as GhostBSD. The only reason I didn't end up installing GhostBSD was my limited time during the brief summer vacation, where I spend all the available time with optimizing Alpine (took me several attempts to not bork it during post-installation).
Now I'm not as fond anymore of the idea of relying on ZFS, as in the meantime I have had to spend more time on an old laptop that only has 4 GB of RAM, struggling with clamav, so I had to switch there to a tiling WM (sway, which actually proved comfy and cozy to me)...
Why not just single boot OpenBSD, despite its less than stellar - or so I've heard - filesystem? After all, it's the one OS that has seen the most attention from security experts for the longest time, and its developers have introduced countless innovations in OS security! Well, I am still a desktop user, but I might get around the lack of Linux compatibility with running a VM inside of OpenBSD. And that was what I was considering right before my father got me a rig with a VT-d capable chipset...
In the weeks before finally installing Qubes OS, I had the misfortune of interacting on SimpleX public groups with a handful of trolls, pricks who basically worshipped OpenBSD - "OpenBaSeD", as they obnoxiously called it - and defended it from all criticism - granted, I can't argue against the strong point that OpenBSD has the advantage of a cleaner codebase -, not before throwing bricks at Qubes OS, not least because... it was founded by a woman, Joanna Rutkowska (notwithstanding that one of these misogynistic trolls went as far as "transvestivating" her!). What in the Lunduke is going on with these people!?
Fair enough, I'm not an expert, but their claim that running OpenBSD on bare metal is more secure than as an HVM within Xen-based Qubes - with the argument that the Xen hypervisor has more immediate access to the hardware - got me puzzled. Their only argument might be that, as Qubes developers themselves admit, running a full VM might be less ideal than the integrated VMs that come by default with Qubes... Granted, I am still tempted to try using OpenBSD as a replacement for Qubes' default Fedora-based sys-net, for one good reason: a potential attacker would need exploits for more than one OS.
I almost forgot: USB exploits. Correct me if I'm wrong, but apparently only Qubes have managed to mitigate them, by isolating the USB service. So, in my view, Qubes is even just by a bit more secure, although I'm admittedly not sure whether even I would need that extra edge, while still being a bit short from ideal - it still depends on Xen and Linux, albeit at least these don't have immediate access to the Internet.
I've already learned about the disadvantages of the monolithic kernel design that the Unix systems are still based on. GNU Hurd, unfortunately, seems to be still an unfinished project. However, thanks to one persuasive Reddit user, I've learned about one academic-research microkernel-based OS that is functional enough currently - Sculpt OS, based on the Genode Framework, not exactly an Unix system, but close enough, and capable of being a host of a Linux VM if I want to; like Qubes, it ideally requires both VT-d and VT-x.
Sculpt OS, unlike Qubes OS, is marketed as simply an operating system for the computer science field, where one can start learning about the hardware and software nuts and bolts of their computer, as Sculpt OS expects the user to explicitly set the permissions in between the components. Still, it's got a GUI, so kind of like GrapheneOS, you just have to think a bit, along the lines of "hey, this app doesn't need access to my camera, so I am going to give it "black hole" aka empty input".
I did ended up test driving Sculpt OS on two computers; the WiFi module didn't entirely work on either, but otherwise everything seemed fine, though I couldn't figure out how to run more than one "preset" - apps in Genode parlance - at a time. Overall, Sculpt OS looks genuinely fascinating, but... I haven't seen a security audit or something like that on it, except for Qubes devs mentioning once or twice on their forums that Genode is a great project and that maybe someday, with enough funding and time, they might rebase Qubes OS on Genode!
More recently, I was tipped off by someone from the NixOS community that there is a project out there which resulted or will result in a Qubes OS-like experience, but on NixOS instead of Fedora - it's called the Ghaf project. I haven't looked much into it for one big reason: I don't have time yet to figure out too many things in lack of proper documentation, which is something vanilla NixOS is notorious for. NixOS has been intriguing me for a long while, but it also looks rather intimidating - also, when it comes to init systems, I might just pick Guix System over NixOS, especially with me being a fangirl of GNU Emacs already (reason for which I couldn't take seriously the idea of fully switching to Plan 9/9front, which however I might end up using in some form for the rest of my future homelab). To come back on topic, Ghaf looks interesting enough though, so I might take a closer look at it some other time.
Lastly, there's also CheriBSD, which I am tempted to try emulate in QEMU, but I might only find it useful once I buy an actual CHERI-capable RISC-V system...
To sum it up, it took me months of waiting and deliberation, but I've decided that Qubes OS is probably the best choice for me, after having just recently moved from Windows to Linux (notwithstanding that Qubes can run also Windows, if I wanted to). Though I am working on it, I am not yet an expert in cybersecurity or system administration, I don't have experience in the BSDs yet - albeit I might eventually get into it, despite the "BaSeD" community and the devs who actually take Xlibre seriously... -, and, for the time being, Qubes OS seems to be the only fully mature solution as far as "reasonable OS security" goes. And so far, I like it, I am already getting used to it.
Wait, what about GrapheneOS?
Well, I wished postmarketOS was in a better state by now and I do want to run it on a tablet just to have a portable Emacs-running machine with me (Android Emacs out of the box really sucks, though maybe it's possible to change that, I'll see). And, for a long while, I was tempted to just get any custom ROM that would degoogle my old phone... Alas, I ended up buying this cheap Pixel, and now I'm running GrapheneOs with both Google Play (for the time being, until I'll get thrown out for not complying with ID verification) and FLOSS apps. Until there will be a RISC-V phone that can support GrapheneOS or until postmarketOS will somehow improve its security, I'll stick to this!
As you can see, it has been a long, complicated, and chaotic process. Not only did I want a secure operating system, but I also had in mind considerations ranging from hardware compatibility to filesystems, while discounting other potential worries, such as gaming, which is not my concern, or desktop looks - I'm not exactly a fan of Xfce on Qubes, but it seems I could adopt i3 or even Qtile... I've been using i3/sway lately alongside KDE, but I'm tempted to adopt Qtile, it seems like it might become my favorite tiling WM.
Full disclosure: I did get to install and boot Qubes OS, install a few extra templates, but I'll leave thorough customization for my next vacation, inshaAllah!
P.S. If I haven't expressed very loudly my gratitude towards developers of such FOSS systems - honestly, I find it miracle FOSS works as it is -, it's because I think concrete acts speak louder than words... I am still working hard on gaining the superpower of having enough disposable income to shower on projects I believe in, in between supporting favorite artists.
Of course, if you ask me, I do believe that all of us should get UBI and that the EU should stop bowing to fascism like with Chat Control and just be the EU that funds cool developments like the Nyxt Browser project - and that's another topic for a future post: browsers. Thank you for the patience!
P.S. During the Lemmy discussion of my text there were a few other operating systems that should have deserved mentions here: Ironclad OS - a memory-safe system kind of like CheriBSD, except libre/GNU-certified and the kernel seem to be its own thing, although still very much Unix-like and POSIX-compliant - and Fedora Secureblue, which I honestly disregarded as I don't agree with those who believe sandboxing is equal to or even better than paravirtualization... Then again, I'm a nobody who knows little about computer science, and I'd rather take Libreboot over Secure Boot, but then there's always some other people who seem to argue in favor of Secure Boot and can't tell whether they're just Big Tech shills, actual knowledgeable people... or something in between. Who can you trust?!
Oh, and there's also Chimera Linux as a promising alternative to Alpine that isn't however focused right now on security, but it's an interesting distro that uses Dinit - which some people consider the best alternative to systemd, yet Alpine devs still seem to prefer OpenRC - and FreeBSD userland in addition to musl. I wouldn't have cared about such things less than a year ago, but somehow now I do!
P.P.S. A very late, but due edit: back on SimpleX, someone going by @nihilnovi provided this most eloquent explanation: "OpenBSD's strength lies in reducing attack surface and vulnerabilities in core components through decades of security focused development. QubesOS mitigates risk via hardware enforced isolation, ensuring malware in one vm cannot reach others. To me neither is universally more secure - in general sense: OpenBSD excels in minimizing flaws, while QubesOS excels in containing breaches. They aim to solve the same problem differently". I guess they're right... Later they claim that VT-d cannot be bypassed by Intel ME... If true, that's great news!