Two Security Heavy-Hitters
All Linux distributions benefit from open source
development, because the sheer number of eyes on the
code gives them the edge over commercial OSes.
However, there are some that are locked down even
tighter than the average distribution.
One of the more specialized of these is Ta
Tails, which
stands for "The Amnesic Incognito Live System." In fact,
it's so locked down that you can't even install it on your
computer -- you have to boot it live from a USB drive.
Once up and running, Tails doesn't let you save any files
unless you create e an encrypted stash on the same USB
drive (and even then it tries to discourage doing so). It
routes all your Internet connections through an
anonymity network so your online activity isn't pinned to
you.
Possibly the coolest feature of any OS, if a user fears
being physically monitored, is the ability to yank the USB,
immediately shutting down the system. Because it is a
purely live-boot
boot system, once you shut it down, there's no
trace of your Tails session on your hardware.
The spirit underlying these and other safeguards -- such
as the copious dialog boxes preempting relatively risky
operations -- is that Tails wants to make bad user
decisions hard to make.
For instance, you can't contract a virus if you can't
download files, and sensitive browsing can't be
associated with you if you're anonymous. Nothing,
however -- not even Tails -- can save users from
themselves completely. If you open up Tails' browser and
log into your Facebook, for example, all the anonymity
technology in the world won't keep you fro
from outing
yourself. Still, Tails represents a significant step up
compared to mainstream Linux distributions.
QubesOS adopts an equally meticulous security model,
but from a different angle. Instead of keeping all your
activity separate from your permanent system (by live-
booting), QubesOS replaces your permanent system and
keeps every bit of activity on it separate from the others.
It does this by using the power of virtual machines, little
software-simulated
simulated computers (guests) running on a
hardware-installed
ed computer (host), to initiate and
contain every app in a virtual machine.
Unlike with traditional VMs, which require all the time
and resources to boot as non-virtual operating systems,
VMs in QubesOS are extremely lightweight and boot up
at the launch of an app in the same time as normal
system would take to open the app. All the user sees is
the app, but behind it is an entirely simulated guest
computer.
Depending
epending on the software, its VM is given more or
less access to actual system resources, but each one still
thinks it's the only one running on its own system. That
way, even if an app is exploited, it would compromise
only the tiny simulated guest, leaving
leavi the host (and
other guests) unaffected. The result is a system that
feels natural, but packs powerful isolation operating
smoothly under the hood.
The major drawback to this model is that users need
enough expertise to know which privileges to give which
whic
software. Unlike with Tails, which implicitly distrusts the
user and as a result locks down all software as much as
possible, QubesOS assumes skilled users, trusting them
with choosing security templates for each app and,
most crucially, updating and implementing
imp
them
properly.
Whereas Tails second-guesses
guesses every settings change,
QubesOS won't save you if you give your browser the
run of your system. However, QubesOS' hands-on
hands
approach allows users to tailor security to their needs in
a way Tails can't. Only
ly in QubesOS can you plug in a USB
you know is infected and watch the malware impotently
thrash in a completely unprivileged guest container.
Of the two distributions, if you're looking to experience
hyper-secure
secure computing, Tails offers the gentlest
introduction,
duction, since by design there are no consequences
for your
our installed operating system.
Admittedly, neither operating system is meant for
common use cases, but it is important to appreciate the
full range of options at users' disposal. It speaks to the
versatility
satility of Linux that two of the most cutting-edge
cutting
security projects are based on it, and it empowers all
users to know that the choice to secure their digital lives
is one that's within their reach.
refer :: www.techworld.com
17