Whonix ™ is available for many operating systems. Run across Download. Which host operating system is the most suitable or about secure? This is being addressed on this wiki page.
Recommended Host Operating Systems
The post-obit Linux based
operating systems are specifically recommended.
Recommended Host Operating Systems
These are recommended since these are used by the developers of Whonix ™. The developer’s familiarity with these operating systems makes it easier to provide maintenance and support.
Users that have never used whatsoever Linux based operating organization ever earlier, that are currently using Windows or macOS as their computer operating system, might find it difficult at first to drift to a Linux based operating organisation. (Linux User Experience versus Commercial Operating Systems
That is why Whonix ™ and Kicksecure ™ are available on other operating systems such equally Windows and macOS through use of virtualization. A familiar environment without the necessity of complex host operating organization changes gives users a chance to experiment with their first Linux based operating system. This opportunity to larn more might go i day a user who mainly uses Linux as their host operating system.
As long as no downloadable Kicksecure ™ ISO is bachelor, Linux beginners might notice Debian easier to utilize than Kicksecure ™.
Existing Debian, Ubuntu or other Debian derivatives users with essential knowledge well-nigh its usage however might notice Kicksecure ™ easy to use.
Other Operating Systems
Linux, Xen or BSD are the only serious options for a host operating system that respects privacy. Interested readers should review the rest of this folio if they are interested to notice out why.
A Gratis Software
Bone that respects user freedom is the but practical choice when it comes to privacy and security.
Use Linux on the host and adopt in-repository software that is automatically gpg-signed and installed from the distributor’s repositories past the package manager. This is far safer than downloading programs from the Internet like Windows adherents are required to do.
If it is infeasible to install Qubes equally a high-security solution, and so Debian Linux
bullseye) is recommended since it provides a reasonable balance of usability, security and user freedom.
Interested readers tin find a complete list of reasons to utilize Debian here
. For download, verification and installation instructions, run across Debian Tips
In the past, virtually any Linux distribution could exist recommended in order to protect privacy, withal Ubuntu’due south history of information-mining
makes information technology an unsuitable choice.
For boosted reasons to avoid Ubuntu or Ubuntu-derived distributions, expand this section.
Ubuntu’s paltry contributions to the upstream Libre projects they heavily rely upon is a policy decision and non a coincidence. Canonical founder Mark Shuttleworth has stated: “It is absolutely true nosotros take no involvement in the core fundamentals of the Linux kernel, none whatever.”
Approved only bothers to majorly contribute in any mode when forking significant projects; for example, Wayland into Mir, GNOME into Unity
[four], and .deb packages incompatible with Debian because of zstd compression.
This appears to be a consequent attempt to fragment the software stack to lock in users and put pressure on competing distributions and vendors.
The Ubuntu Contributor License Agreement gives them consummate power over patents that cover contributed lawmaking. Essentially they are granted the right to re-license this code under whatever license of their choice, including a proprietary one.
Ubuntu likewise has a history of treating staff in a hostile fashion. For example, the Kubuntu spin projection lead was unilaterally removed without alarm and contrary to wishes of his team members.
Canonical likewise pilfered donation funds originally meant for desktop spin projects (Kubuntu, Lubuntu and others). In Kubuntu’s instance, afterwards funding was abruptly dropped, Blue Systems had to pace in to salvage the popular projection.
Canonical has too been applying an absurd intellectual holding (IP) policy over packages in its repositories for years. This resulted in claims that Canonical owns the copyright over any binaries compiled past their servers. After the FSF stepped in and arranged a resolution over a catamenia of ii years, the policy was amended to land that Canonical’s IP policy cannot override packages with GPL licenses. Still, this at present means that whatsoever package with a permissive license is at present copyrighted by Canonical.
Unfortunately, downstream forks based on Ubuntu cannot be relied upon either. For example, the pop Linux Mint distribution was threatened with beingness cutting off from access to Ubuntu infrastructure unless they caved in to Canonical’s binary licensing terms.
Since then, Linux Mint has adult a version based on Debian instead. Canonical’s vague trademark and IP policy has become toxic for downstream distributions. Many accept made the smart selection to re-base on Debian instead of Ubuntu over the years including Kali, Whonix ™
A terminal major concern is Canonical’due south friendly relationship with Microsoft. This should brand all Linux users uncomfortable, given Microsoft’s strategy of “Embrace, Extend, Extinguish” with respect to Free Software.
At that place are of grade other options. Run into “Why don’t yous utilize <your favorite near secure operating system> for Whonix ™?” for analysis of alternatives.
A lot contention is derived from the different word definitions of the word “security” by advocates of proprietary software versus Freedom Software. An try to explain the different positions can exist plant in chapter Freedom vs Tyrant Security
|User Content Upload to Microsoft||
Windows sometimes takes user content, such as documents and uploads information technology to Microsoft servers.
Quote Microsoft: Configure telemetry and other settings in your organization (web archived website) (Underline
Media as well reported. The Register: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data
Quote ZDNet: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your information
Quote Bone researchgate: Telephone call Home: Background Telemetry Reporting in Windows x
Quote Microsoft (spider web archived, year 2018
Alternative write-upwards, Scaring: Windows x lets Microsoft access your own local files
In theory it might be possible to disable this behavior just then there have also been cases where these settings accept non been honored every bit documented in affiliate Inescapable Telemetry.
There is a
Quote FBI–Apple tree encryption dispute
While there exists (to the knowledge of the author) no law that allows the government to compel companies to add new surveillance capabilities, new backdoors to operating systems, Microsoft has an
Mayhap even orders which Microsoft would never exist immune to talk about due to a gag club
The relevant argument past Microsoft
If using this
Microsoft has backdoored its disk encryption.
Quote The Intercept: (…) Microsoft Probably Has Your Encryption Key
Merely disabling this requires awareness of the issue, skills of using search engines and finding documentation how to do then, and technical skills to disable this privacy intrusion. This is often not the instance for not-technical users. (The Tyranny of the Default)
|Software Choice and Deletion||
Windows Surveillance Threats
Windows 10 comes with a keylogger.
Quote Microsoft (year 2015 web archived version): Windows 10 speech communication, inking, typing, and privacy FAQ:
Quoting 2015 version of Microsoft: Windows 10 speech, inking, typing, and privacy FAQ
Note: any deletion from the quote is just a hope. If information was leaked or shared with other parties previously or requested thought government social club previously, information technology would not be deleted.
Such information is vulnerable to Keystroke Deanonymization.
Quote 2020 Microsoft: Windows 10 speech, inking, typing, and privacy FAQ
This means Windows is recording the phonation of the user and storing it on servers owned past Microsoft. The same website mentions this can exist disabled.
But disabling this requires sensation of the issue, skills of using search engines and finding documentation how to do so, and technical skills to disable this privacy intrusion. This is often not the example for non-technical users. (The Tyranny of the Default)
Quote Microsoft Privacy Statement, Final Updated: March 2021
This sounds rather theoretic, “collect samples” – how many samples? “processed to remove” data “which could be used to reconstruct the original content or associate the input to yous” – how well does that processing piece of work?
Such data is vulnerable to Voice Deanonymization.
|Telemetry and Personal Information||
Eu withal concerned over Windows 10 privacy despite Microsoft’s changes
Quote EFF With Windows 10, Microsoft Blatantly Disregards User Selection and Privacy: A Deep Dive
France orders Microsoft to end tracking Windows 10 users
Ars Technica: Dutch privacy regulator says Windows ten breaks the law
|Windows Error Reporting (WER) and Cadre Dumps Privacy Issues||
#crash reporter abused by NSA
Co-ordinate to Der Spiegel: Inside TAO: Documents Reveal Top NSA Hacking Unit
Trying to disable the lenghty of privacy invasive features
is a huge task similar to playing “whack-a-mole”. Being unaware of some spyware feature could result in unwanted surveillance.
Windows User Freedom Restrictions
A number of conscious decisions past Microsoft severely limit user freedoms.
Windows User Liberty Threats
The German government, Ministry of Economics, Federal Office for Data Security (BSI) does not trust Microsoft Windows.
Archived, redacted version after court order requested by Microsoft against news paper ZEIT ONLINE: page 1, page 2 (DeepL translated
What was it that ZEIT ONLINE needed to redact?
Quote A BSI-2i.pdf German authorities internal documents leaked on wikileaks
Heise: High german regime are losing control over disquisitional IT systems (High german language, use DeepL and/or Google Translate)
The Annals – Germany warns: You lot just Tin can’T TRUST some Windows 8 PCs
A whitewashed statement by the German language government, Federal Office for Information Security, BSI,
Microsoft has a history of updating software without permission
. While configurable update reminders are good for those who forget to regularly update, forced updates are problematic for those that practise not wish to.
This Windows issue has non been foreseen. To the knowledge of the author there where no popular “really disable all Windows updates” instructions.
By comparing such an issue is unlikely to happen with Debian (and many derivatives) based operating systems (and other Liberty Software Linux distributions). On Windows in that location was no existent way to check which lawmaking will run when. Or at to the lowest degree, for practical purposes, nobody did reverse applied science and documented that.
For example on Debian (based) operating systems past default their default package manager APT is fully Open Source. Only also without reading the source code, it’southward behavior is much more than predictable.
Software sources are divers in easily human readable files such as
|Tiered Stability (Updates Testing)||Windows forces lower-paying customers to install new updates and gives higher-paying customers the option of whether or not to prefer them. Quote
|Forced Telemetry into C++ Binaries||
Microsoft has a history of informing adversaries of bugs before they are fixed. Microsoft reportedly gives adversaries security tips
) on how to crack into Windows computers.
Microsoft Corp. (MSFT), the world’south largest software company, provides intelligence agencies with information nearly bugs in its popular software earlier information technology publicly releases a fix, according to ii people familiar with the procedure.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been enlightened that this type of early on alarm allowed the U.Southward. to exploit vulnerabilities in software sold to strange governments, co-ordinate to two U.S. officials. Microsoft doesn’t ask and can’t exist told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give government “an early showtime” on take a chance assessment and mitigation
Run into too this opinion analyzing this, How Can Whatever Company Ever Trust Microsoft Again?
By comparing, the Linux kernel has a security buy embargo procedure
Although our preference is to release fixes for publicly undisclosed bugs equally shortly equally they go available, this may be postponed at the request of the reporter or an affected party for up to vii agenda days from the outset of the release process, with an exceptional extension to 14 calendar days if it is agreed that the criticality of the bug requires more time. The only valid reason for deferring the publication of a gear up is to accommodate the logistics of QA and large scale rollouts which crave release coordination.
While embargoed information may be shared with trusted individuals in order to develop a set up, such data will not be published aslope the gear up or on whatsoever other disclosure channel without the permission of the reporter. This includes but is not limited to the original problems report and followup discussions (if any), exploits, CVE information or the identity of the reporter.
In other words our only interest is in getting bugs fixed. All other information submitted to the security list and any followup discussions of the report are treated confidentially even after the embargo has been lifted, in perpetuity.
Fixes for sensitive bugs, such every bit those that might lead to privilege escalations, may need to exist coordinated with the individual <firstname.lastname@example.org> mailing list and then that distribution vendors are well prepared to issue a fixed kernel upon public disclosure of the upstream set up. Distros will need some time to examination the proposed patch and volition generally request at least a few days of embargo, and vendor update publication prefers to happen Tuesday through Thursday. When advisable, the security team tin can assistance with this coordination, or the reporter tin can include linux-distros from the first.
The crucial deviation betwixt Microsoft bug embargoes and Linux bug embargoes is that Microsoft notifies intelligence agencies which are then known to exploit vulnerabilities while the Linux kernel security squad has a much more transparent bug embargo process where trusted parties, huge Linux distributions receive an early notification for the purpose of wide availability of the software upgrade containing the fix before to prevent wide exploitation past attackers in the wild.
- Open Source, Freedom Software versus
- proprietary, closed source, precompiled software.
are totally different development models. Both development models take advantages and disadvantages.
The case for Open Source, Freedom Software is fabricated on the Avoid Not-Freedom Software wiki page.
One advantage for airtight source software could be argued being secrecy, security through obscurity
. (Also addressed on the Avoid Not-Freedom Software wiki page.)
Nevertheless, Microsoft Windows has none of the advantages of Open Source, Liberty Software but also cannot fully take advantage of security through obscurity either. Office of the Shared Source Initiative
is the Government Security Program
. Quote ZDNet
Microsoft’s Shared Source Initiative
makes source code available to “qualified customers, enterprises, governments, and partners for debugging and reference purposes”. In that location’s almost no information on the company’south website about their Regime Security Programme
(GSP). Just two sentences. Just the commencement of those sentences notes that requests might come from “local, state, provincial, or national governments or agencies”. When the GSP was launched back in 2003, yet, Microsoft was happy to tell the media that Windows source code was made available to a number of governments and international organistions, including Russia, NATO, the UK, and China. Another report said that Australia, Austria, Finland, Kingdom of norway, Taiwan, and Turkey were also on the list.
Simplified summary: Independent security researchers don’t accept admission to the source lawmaking but huge groups of people from of which some yous probably practice not trust exercise have the reward over you lot. The simply motivation for sharing the source code is to get regulatory approving for deployment in foreign government networks that need certain assurances for accessing their markets. This has zilch to practise with empowering third parties or giving them the choice and freedom to modify the software or share it with others.
The fact that there is no manner to completely remove or disable telemetry requires further consideration. For instance, non-enterprise editions do not permit anyone to completely opt-out of the surveillance “features”
of Windows 10. Quote Even when told not to, Windows 10 just can’t stop talking to Microsoft
. Quote Windows 10 Sends Your Information 5500 Times Every Twenty-four hour period Even After Tweaking Privacy Settings
CheesusCrust also disabled every single tracking and telemetry features in the operating system. He and then left the auto running Windows ten overnight in an effort to monitor the connections the OS is attempting to make.
Eight hours afterwards, he found that the idle Windows 10 box had tried over 5,500 connections to 93 different IP addresses, out of which almost 4,000 were made to 51 different IP addresses belonging to Microsoft.
Even if some settings are tweaked to limit this behavior, information technology is impossible to trust those changes will be respected. Even the Enterprise edition was discovered to completely ignore privacy settings and anything that disables contact with Microsoft servers.
Any corporation which forces code changes on a user’s machine, despite Windows updates being turned off many times before, is undeserving of trust.
Windows x updates accept been discovered to oftentimes reset or ignore telemetry privacy settings.
Microsoft backported this behavior to Windows 7 and viii
for those that held back, so odds are Windows users are already running information technology.
Forfeited Privacy Rights
By now the reader should exist convinced that just past using any version of Windows, the right to privacy is completely forfeited. Windows is incompatible with the intent of Whonix ™ (and the anonymous Tor Browser), since running a compromised Windows host shatters the trusted calculating base of operations which is part of any threat model. Privacy is inconceivable if any information that is typed or downloaded is provided to third parties, or programs which are bundled equally role of the Os regularly “phone domicile” by default
Targeted Malicious Upgrades
Microsoft Windows is not designed to be resistant to targeted malicious software upgrades of the Windows operating system or applications from Windows store.
Targeted malicious software upgrade means singling out specific users and shipping malicious upgrades to these select users only.
Near users are using a Windows Live ID since that is encouraged past Windows and their real names and IP addresses.
When installing/updating applications using the Microsoft Shop, Microsoft knows the Windows Live ID, therefore also the real name and IP address of the user. It follows that a coerced or compromised Microsoft Store could single out users and ship malicious software that includes malware with features such as remote control, remote view, file upload and download, microphone and web camera snooping, keyboard logging and so forth. This is the same situation for whatever OS shipped with corporate controlled walled garden app store like Apple tree, Google and Amazon.
With cognition of Microsoft existing privacy intrusive behavior as documented elsewhere on this page, it seems sane to presume that the same applies to Microsoft Update.
- Nigh Linux distributions commonly do not require an east-mail based login to receive upgrades. Users can nonetheless be singled out by IP addresses unless users opt-in for using something such as apt-ship-tor which is not the default.
- In case of Whonix And Kicksecure, all upgrades are downloaded over Tor. At that place is no manner for the server to ship legit upgrade packages to nigh users while singling out specific users for targeted attacks.
Stance by GNU Projection
The GNU Projection opinion
is that Windows is “Malware”, due to the threats posed to personal freedoms, privacy and security, meaning the software is designed to part in ways that mistreat or harm the user.
Estimation of Opinion by GNU Project:
Discussion definitions: Spyware is a type of malware.
Quote wikipedia malware
A wide variety of malware types exist, including figurer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware.
If that definition is accepted… It therefore follows, if one agrees that “Windows is Spyware”, information technology so logically follows “Windows is also Malware”. This is to explain the GNU Project stance of calling Windows “Malware”.
Windows is malware by definition because of what it does. Individuals trusting Microsoft as an entity with all the data it collects by default doesn’t alter that determination.
Opinion by Free Software Foundation
The Free Software Foundation (FSF) writes
Microsoft uses draconian law to put Windows, the earth’south most-used operating arrangement, completely exterior the command of its users. Neither Windows users nor independent experts can view the system’southward source code, brand modifications or fixes, or copy the system. This puts Microsoft in a dominant position over its customers, which it takes advantage of to treat them every bit a product
Microsoft’s willingness to consult with adversaries and provide zero days
before public fixes are announced logically places Windows users at greater take a chance, particularly since adversaries buy security exploits from software companies
to gain unauthorized access
into figurer systems.
Even the Microsoft company president has harshly criticized adversaries for stockpiling vulnerabilities
that when leaked, led to the contempo ransomware crunch world-wide. This is elaborated in chapter Adversary Collaboration.
Windows is non a security-focused operating organization
. If it was, information technology would for instance:
- Not upload user data to Microsoft servers.
- Minimize data stored on, available to servers of Microsoft. (Windows Surveillance)
- Utilize end-to-cease encryption whenever possible.
- Be resilient to targeted malicious upgrade attacks past non linking software installation/upgrading to a Windows ID and/or providing an option to download software over the Tor anonymity network (or hypothetically a next generation anonymity network developed past Microsoft).
- Not upload full deejay encryption keys to Microsoft servers (meet chapter Windows Backdoors, category Encryption).
Such security standards are well affordable considering since Microsoft makes billions of profit likewise as very realistic since some Freedom Software Linux distributions already implemented these.
Due to Microsoft’southward restrictive, proprietary licensing policy for Windows, there are no
software projects that are providing a security-enhanced Windows software fork
. There are security-enhanced Windows software fork(south) but these are illegal, violating the copyright of Microsoft and provided by anonymous developers. In contrast, the Linux customs has multiple Freedom Software Linux variants that are strongly focused on security, like Qubes OS
Microsoft provides Tyrant Security. Not Freedom Security. (Freedom vs Tyrant Security
) Windows comes with some innovative security technologies, however privacy and user freedom is terrible. Security and privacy have a strong connection. Quote Bruce Schneier Security vs. Privacy
, The Value of Privacy
At that place is no security without privacy.
I equate privacy with security because they are very much related in the real world specially for whistleblowers.
Windows Historic Insecurity
Microsoft updates also employ weak cryptographic verification methods such as MD5 and SHA-1. In 2009, the CMU Software Engineering Plant stated that MD5 “…should exist considered cryptographically broken and unsuitable for further use”.
In 2012, the Flame malware exploited the weaknesses in MD5 to false a Microsoft digital signature.
Earlier Windows 8, there was no central software repository comparable to Linux where software could exist downloaded safely. This means a large segment of the population remains at take a chance, since many Windows users
are still running Windows seven.
Windows Software Sources
On the Windows platform, a common way to install additional software is to search the Cyberspace and install the relevant programme. This is risky, since many websites bundle software downloads with adware, or worse malware. Even if software is e’er downloaded from reputable sources, they ordinarily act in very insecure means. For instance, if Mozilla Firefox is downloaded from a reputable website like
then until recently, the download would accept taken place over an insecure, plain http connection.
In that case, information technology is piffling for Internet access provider level adversaries, Wi-Fi providers and others to mount human being-in-the-centre attacks and to inject malware into the download. Just even if https is used for downloads, this would only provide a very basic form of authentication.
To keep a system secure and gratuitous of malware it is strongly recommended to always verify software signatures. However, this is very difficult, if not incommunicable for Windows users. Nigh oftentimes, Windows programs do not have software signature files (OpenPGP / gpg signatures) that are usually provided past software engineers in the GNU/Linux world.
Tools for software digital signature verification are not installed past default on the Windows platform. Neither SignTool nor gpg4win are installed past default on the Windows platform. These could be manually installed but there is a bootstrap issue. These tools itself would take to be downloaded over https, i.east. merely with a very basic class of authentication. In contrast, on the Linux platform ordinarily the GnuPG software digital signature verification tool is installed by default.
For these reasons it is safe to presume that virtually nobody using a Windows platform is regularly benefiting from the strong hallmark that is provided past software signature verification.
Windows ten App Shop does not suffer from this issue and does software signature verification but many applications are non available form Windows App Store. In the Windows ecosystem, the culture is software signature verification is less widespread.
In dissimilarity, virtually Linux distributions provide software repositories. For instance, Debian and distributions based on Debian are using apt. This provides stiff authentication because APT verifies all software downloads confronting the Debian repository signing key. Further, this is an automated, default process which does non require any user activeness. Apt-get too shows a warning should there exist attempts to install unsigned software. Fifty-fifty when software is unavailable in the distribution’s software repository, in about cases OpenPGP / gpg signatures are available. In the Linux earth, information technology is practically possible to always verify software signatures.
No Ecosystem Diverseness Reward
The popularity of Windows platforms on desktops actually increases risk, as attackers target the near monocultural operating arrangement environment with regularity. A security problems is normally exploitable on many versions of Windows run anywhere, making them known in security terms every bit a “course intermission”.
Windows source code is unavailable for public review and build by independent third parties.
Microsoft Windows has none of the advantages of Open Source, Freedom Software only also cannot fully take advantage of security through obscurity either. This signal is fabricated in chapter shared source.
There is no public outcome tracker for Microsoft Windows where whatever reasonable user is immune to post or reply. There is a public list of vulnerabilities
just without public discussion among developers and/or users.
Microsoft’s internal outcome tracker is private, unavailable for the public even for reading.
The ability of the public of getting insights into the planning, idea procedure of Microsoft, participation in the development of Windows is much more limited. This is the example for many closed source, proprietary software projects. The customs cannot participate every bit much in development. In comparing for Open up Source projects, issue tracker are most oftentimes public for everyone to post and reply (with exception of security issues under embargo until fixed).
When users are having problems and searching for communication, ofttimes the advice is to “reinstall Windows”. Due to the closed source nature of windows, information technology’s far more difficult to analyze issues and provide problems fixes and workarounds.
Sometimes opposite engineering is cited equally an alternative to the unavailability of Window’s source code to the general public. Reverse engineering however is far more difficult. For instance, the forced updates and forced upgrades issues, Windows ignoring the user’s automatic update settings (documented in chapter Windows User Freedom Restrictions) had not been foreseen and published by anyone doing reverse engineering. Users were taken by surprise.
Using Earlier Windows Versions is no practiced Culling
When users learn about shortcoming, anti-features, spyware features of Windows they often consider equally an alternative to non upgrade to a newer version of Windows or to downgrade to an before version of Windows.
This is not a solid plan for the future since security support for older versions of Windows is being dropped and without security support, newly found security vulnerabilities volition remain unfixed.
This is also made difficult due to forced updates/upgrades which are mentioned above.
Microsoft has been hostile against Freedom Software. Microsoft is a patent troll. Microsoft claimed that Linux infringed its intellectual property. Microsoft experienced backslash over that claim, never substantiated this claim, sued anyone or apologized. References:
The Tyranny of the Default
Quote The Tyranny of the Default
“‘The tyranny of the default’ [is] the expression I like to apply for: we know well-nigh users don’t go in and change things. They only assume that someone smarter than them chose the settings that are best for them, and and then they say ‘Yep’ a lot when they’re asked questions.
What that means is that if information technology’south enabled by default, it’ll tend to stay on.”
Any anti-features of Windows such as telemetry cannot be excused by “only it tin can be disabled”. That’due south a workaround at best. Not a set. Fact remains, for most users, if it’south enabled by default, it’ll tend to stay on.
Irresolute defaults requires sensation of the issue, skills of using search engines and finding documentation how to practice so, and technical skills to change the default. This is often non the example for non-technical users. Even technical users might forget it in some situations such after re-installation. Therefore default settings matter.
- “reinstall Windows”: When users are having issues and searching for communication, frequently the advice is to “reinstall Windows”. Due to the closed source nature of windows, information technology’s far more difficult to analyze issues and provide bug fixes and workarounds.
- Windows update often take a long time and require multiple reboots.
- User runs Windows update.
- Windows downloads updates and installs.
- Reboot is required, the user reboots, shutdown takes a long time since Windows is finalizing some updates.
- Boot takes a long time since Windows is finalizing some updates.
- Windows update reports further updates. Back to one.
- Repeat a few times.
By comparison, for example for Debian based distributions a single “
sudo apt update && sudo apt full-upgrade” is sufficient to download and install all updates. No extra time is required for shutdown or the next kicking. No further updates are required right after reboot.
Windows is less flexible. While with Linux distribution it’s easily possible to install them on USB or to swap a hard bulldoze installed in i computer and kicking it within a replacement estimator, these are major challenges for Windows users.
It’s difficult to change Windows. For example, Qubes Windows Tools for Windows ten are still non ready.
Freedom Software Superiority
Based on the preceding section and analysis, it is strongly recommended to larn more about GNU/Linux and install a suitable distribution to safeguard personal rights to security and privacy. Otherwise, significant effort is required to play “whack-a-mole” disabling Windows anti-features, which routinely subjects users to surveillance, limits pick, purposefully undermines security, and harasses via advertisements, forced updates/forced upgrades, and so on.
See too Avoid Not-Freedom Software.
Can Windows 10 be secure for huge enterprise level customers? In theory, maybe. These customers might have access to Windows Shared Source which might
even exist complete plenty to building Windows from source code. Who knows. It cannot be known for sure due to the high requirements
to become access to Windows source lawmaking and the requirement of signing a non-disclosure agreement (NDA). Even if the author of this page did know, it could not be published hither due to the NDA requirement. Such customers might even be able to escape the otherwise for mere mortals Inescapable Telemetry, to build their own Windows installer ISO and Windows updates from Windows source code.
In practice, information technology is foolish to trust whatever version coming from an entity that has proved beyond dubiety that is non trustworthy. Much better to motility on and instead use sustainable alternatives.
Tin can Windows 10 be secure for laymen users? Probably not. Due to Windows Error Reporting (WER) and Core Dumps Privacy Problems, telemetry, spyware and keylogger (meet affiliate Windows Surveillance) besides much private information including user information is ending up on Microsoft servers which is then in part harvested past whatsoever government with thousands of employees which Mircosoft is compelled to cooperate with. Such data can then be used in parallel construction
(evidence laundering), circumvention of constitutional protections against protection from unreasonable searches and seizures.
Security updates are necessary for any operating system but he issue with Microsoft is they tend to sneak in things other than what users tin can reasonably expect. In the by at to the lowest degree they made changes to the update system to all the same phone home even if information technology was disabled. Examples include Inescapable Telemetry and forced updates/upgrades.
Windows officially admits their information mining activity and gives users and then-called options to “choose” what they share. Third parties have uncovered time and time once again, these user choices are ignored and in that location is no way to disable data gathering completely.
Does Windows result in a globe wide net gain or net loss of privacy?
A proprietary security hardened Windows that resists 3rd party spyware + includes data snooping in its core = net loss of finish user liberty/privacy and security risk every bit NSA has been know to apply windows error reporting for aiding exploitation.
A less security hardened Freedom Software operating arrangement might more than vulnerable to agile attacks + no privacy invasive code include by default = net gain of privacy past default as nothing is being reported anywhere unless targeted attacks are deployed.
This macOS Hosts chapter might need some improvements. ticket
In a fashion similar to Windows platforms, Apple tree operating systems likewise pose many security and privacy threats.
|User Command and Freedoms||
Come across this write-up
by the FSF for farther detailed information.
In public talks, ex-Tor developer Jacob Appelbaum who had access to the Snowden files, hinted that Apple devices in particular were easy to infiltrate by the Intelligence Community.
Based on the preceding sections and analysis, it is strongly recommended to learn more about Linux and install a suitable distribution that safeguards rights to secure and private calculating. Otherwise, significant effort is required to play “whack-a-mole” with Windows and malware, which routinely subjects users to surveillance, limits choice, purposefully undermines security, and harasses via advertisements, forced updates, remote removal of applications without consent, and and then on.
Run across Also
- Basic Host Security
- Advanced Host Security
- Miscellaneous Threats to User Freedom
- Avoid Non-Freedom Software
- Tyrant Security vs Freedom Security
- Why Whonix ™ is Freedom Software
- Unsubstantiated Conclusions
- Whonix ™ Policy on Non-Freedom Software
To be more than verbal, Qubes OS is not primarily based on Linux. Qubes is based on Xen and Linux.
https://world wide web.theinquirer.net/inquirer/news/2168086/canonical-linux-kernel
https://world wide web.zdnet.com/article/microsoft-and-canonical-partner-to-bring-ubuntu-to-windows-10/
With the ability to be legally allowed to actually talk virtually. I.e. without non-disclosure agreement (NDA).
modified by author: added link to web annal with quote from 2015
Microsoft Privacy Statement for Error Reporting
So heißt es in einem internen Papier aus dem Wirtschaftsministerium von Anfang 2012: “Durch den Verlust der vollen Oberhoheit über Informationstechnik” seien “die Sicherheitsziele ‘Vertraulichkeit’ und ‘Integrität’ nicht mehr gewährleistet.” An anderer Stelle stehen Sätze wie: “Erhebliche Auswirkungen auf dice IT-Sicherheit der Bundesverwaltung können damit einhergehen.” Die Schlussfolgerung lautet dementsprechend: “Der Einsatz der ‘Trusted-Calculating’-Technik in dieser Ausprägung … ist für dice Bundesverwaltung und für die Betreiber von kritischen Infrastrukturen nicht zu akzeptieren.”
Bei der Verhandlungsführung kann bezogen auf die TPM-Nutzung daraufhingewiesen werden,
dass nicht nur die Bundesregierung den nicht selbst kontrollierten Einsatz von TPMs kritisch
sieht, sondern auch weite Teile der deutschen Industrie, insbesondere in Kritischen Infrastrukturen.
Daher argumentiert Microsoft damit, dass sie selbst die Kontrolle über UEFI „Secure Kicking”
benötigen, um für den Eigentümer UEFI „Secure Boot” sicher zu verwalten. Aus Sicht des BSI ist der Aufwand für eine selbst kontrollierte Konfiguration von UEFI „Secure Kick” zwar derzeit hoch, aber insbesondere in Einsatzbereichen mit hohem Schutzbedarf oder in Kritischen
Infrastrukturen dringend geboten.
Einerseits verlangt dice Bundesregierung „uneingeschränkte Kontrollierbarkeit“ von Computern, die kritische Infrastrukturen am Laufen halten – also Atomkraftwerke, Wasser-, Energie und Verkehrsnetze. Andererseits tun die zuständigen Behörden nichts, um die bereits an Intel und Microsoft verlorene Kontrolle zurückzuerlangen.
Bundesamt für Sicherheit in der Informationstechnik
sudo apt update
... Get:5 tor+https://deb.debian.org/debian buster-backports InRelease [46.seven kB] Become:six tor+https://deb.debian.org/debian-security buster/updates InRelease [65.four kB] Get:7 tor+https://deb.debian.org/debian buster-updates InRelease [51.ix kB] Hit:8 tor+https://deb.debian.org/debian buster InRelease ...
sudo apt total-upgrade
Reading packet lists... Washed Edifice dependency tree Reading state data... Done Calculating upgrade... Done The following packages volition be upgraded: betimes-apt-sources-list anon-icon-pack apparmor-profile-dist apparmor-profile-torbrowser bootclockrandomization damngpl dist-base-files gpg-bash-lib hardened-malloc hardened-malloc-kicksecure-enable helper-scripts kicksecure-base of operations-files kicksecure-cli kicksecure-dependencies-cli msgcollector msgcollector-gui open-link-confirmation repository-dist sdwdate secbrowser security-misc tb-default-browser tb-starter tb-updater timesanitycheck tor tor-geoipdb usability-misc vm-config-dist whonix-initializer 30 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 5,957 kB of archives. Subsequently this performance, 732 kB of additional disk infinite volition be used. Do you want to keep? [Y/north]
https://world wide web.zdnet.com/blog/hardware/confirmation-of-stealth-windows-update/779
This is especially truthful for users of Tor, who are regularly targeted in this mode.
world wide web.webcitation.org/6mgUAxhv9
https://world wide web.chip.de/downloads/Firefox-64-Bit_85086969.html
https://world wide web.webcitation.org/6mgUDIObc
now enforces https for its entire website.
is more often than not(?) user-to-user discussion. Mostly: hard to find any employees posting there or very low interaction. A volunteer moderator isn’t a developer.
There is as well https://techcommunity.microsoft.com
Link as prove pointing to the fact that Microsoft does take an internal consequence tracker: https://www.engadget.com/2017-10-17-microsoft-bug-database-hacked-in-2013.html
I uncertainty microsoft is telling everything, im sticking with W7 indefinitely.
Hmm, guess I’thousand going back to windows 7.
This is why I went from using the beta build every bit my chief Os back to Windows 8.1.
And now myself and anybody in my family will be staying with their electric current Os (Windows XP, Vista, 7 and viii.1).
Because a previous update was a prerequisite for getting the side by side update.