Desktop & Laptop Operating System (OS) Security & Privacy Resources

Cyber Security Wiki Navigation:


Security Principles That Span All Operating Systems

There are some core principles that span across all platforms, operating systems, and technologies.  These core principles should be adhered to in most cases in order to keep you and your technology safe, secure, and private.  In short, these principles are:

Strongly preference Open Source Software over Closed Source Software.

Open Source software is able to be audited by anyone who wishes to.  It is generally more secure because anyone who wishes to test it can freely do so.  Close source software often has security vulnerabilities that go undisclosed to the public, sometimes for years.

Minimize your attack surface.  Uninstall unused software.  Disabled unused services.

A security flaw in a single piece of software or service can compromise your entire machine.  Minimizing your risk by minimizing the number of installed software and services is always a wise decision.

Always install critical security updates, and only from trusted sources.

These updates often close vulnerabilities that you may or may not be aware of.  It is crucial to grab these updates as soon as they're made public.  Beware, though, that some hackers will attempt to trick users into thinking that they're downloading a critical security update when they're actually downloading a virus or malware.

Most Secure Operating Systems

This list is given in order, from top to bottom, in roughly what we believe to be the relative security rating of a default installation of these Operating Systems.

  1. OpenBSD
  2. Debian
  3. Fedora
  4. Tails
  5. Ubuntu

Software, Settings, & Enhancements To Further Secure Operating Systems

Windows

Disk Encryption

Veracrypt - VeraCrypt is a spiritual successor of the now discontinued TrueCrypt 7.1a. It has closed all of the major security concerns that were raised by the TrueCrypt audit that was done by NCC Group. VeraCrypt has the ability to encrypt containers, entire drives, and has a driver to encrypt entire operating systems for legacy BIOS systems. A driver to support newer UEFI-based computers for full drive encryption is being proposed for development in the near future.

OSX

Disk Encryption

FileVault - FileVault disk encryption is the encryption that is built into Apple OSX. It is closed source, but because Apple was an early adopter of UEFI it is the only real choice for Apple PCs if you want full drive encryption.

VeraCrypt - VeraCrypt is a spiritual successor of the now discontinued TrueCrypt 7.1a. It has closed all of the major security concerns that were raised by the TrueCrypt audit that was done by NCC Group. VeraCrypt for OSX has the ability to encrypt everything except for drives that an operating system will reside on. A driver to support newer UEFI-based computers for full drive encryption is being proposed for development in the near future, which will bring full drive encryption support to OSX.

LINUX/BSD

Disk Encryption

LUKS - LUKS (Linux Unified Key Setup) is the standardized full disk encryption system for Linux. It is robust, open source and believed to be strong. LUKS functionality is built into the setup install process for many Linux distros and allows you to encrypt the full drive including the operating system. CryptSetup (the LUKS application) also supports working with files from other encryption apps like TrueCrypt and VeraCrypt.

VeraCrypt - VeraCrypt is a spiritual successor of the now discontinued TrueCrypt 7.1a. It has closed all of the major security concerns that were raised by the TrueCrypt audit that was done by NCC Group. VeraCrypt for OSX has the ability to encrypt everything except for drives that an operating system will reside on. A driver to support newer UEFI-based computers for full drive encryption is being proposed for development in the near future, which will bring full drive encryption support to Linux and BSD.