Desktop Security

From Wired Wiki
Jump to navigation Jump to search

Architecture

Disable Hyper-threading as it is a security risk. [1]

X86

If your threat model includes three letter agencies do not use x86. Intel's Management Engine (IME) and AMD's Platform Security Processor (PSP) are criticized heavily for being likely back-doors and have a history of vulnerabilities. [2] [3] [4] [5] [6] [7] [8] [9] Government agencies for instance explicitly buy chips with IME disabled at the production level. [10] [11] [12]

ARM

ARM is generally more secure than x86. ARM chip manufacturers can however implement their own proprietary code in boot-loaders that can introduce vulnerabilities or back-doors. For example the Samsung Exynos have a range of ARM chips, but to boot them you must use their boot-loader, which may contain spyware, back-doors or surveillance systems. [13] Most ARM chips also have a closed source GPU component, but as a user it is trivial to choose not to use it. Many ARM chips also contain "TrustZone" which is a trusted execution environment (TEE) that helps code and data loaded inside it to be protected with respect to confidentiality and integrity. TrustZone has a history of vulnerabilities [14] [15] [16] [17] and is not trivial to disable. [18] [19] [20] Choose your ARM chips carefully. [21]

RISC-V

RISC-V is more open and auditable than ARM, but has weaker software support.

Operating Systems

https://vez.mrsk.me/linux-hardening.html https://madaidans-insecurities.github.io/linux.html https://madaidans-insecurities.github.io/security-privacy-advice.html#desktop-os

OpenBSD

"OpenBSD's security is overrated" is not a controversial statement in the software security community anymore. The OpenBSD project built their reputation on the 1990s security audit, which was a real innovation at it's time, but one that every other mainstream operating system has since picked up. Linux gets substantially more audit attention now than OpenBSD does, and is quicker and more open to deploying kernel countermeasures.

https://www.mimar.rs/blog/how-to-increase-openbsds-resilience-to-power-outages

https://web.archive.org/web/20220227172102/https://madaidans-insecurities.github.io/openbsd.html <- Criticisms by Whonix & Graphene developer, later redacted

https://yewtu.be/watch?v=3E9ga-CylWQ <- Criticism

https://www.openbsd.org/riscv64.htmlhttps://www.openbsd.org/arm64.html <- Supports RiscV, Arm64,

Lack of Sandboxing

Chroots

https://github.com/earthquake/chw00t

https://old.reddit.com/r/openbsd/comments/rke6a9/does_chrootsystrace_provide_the_same_security_by/

VMM

Running software at risk of pwning under VMM is a reasonable security boundary, it just takes a lot more resources to have an entire virtualized OS running an application than to have the kernel sandbox nicely like Linux can.

X is Insecure

X windows by default can sniff all other windows. Making a keylogger is trivial and does not require root access.

https://xenocara.org/Wayland_on_OpenBSD.html Wayland WIP, almost ready

https://old.reddit.com/r/openbsd/comments/b87h60/x11_isolation_between_windows/ejwycdq/ Can enable X security extensions

Linux

Linux Hardening

Either SELinux or AppArmor is good. https://github.com/roddhjav/apparmor.d

Harden your kernel https://0xacab.org/optout/plague-kernel/-/tree/main?ref_type=heads

KickSecure

Debian based hardened linux project

https://www.kicksecure.com/

Hardened Gentoo

https://wiki.gentoo.org/wiki/Hardened_Gentoo Use musl and openrc

https://yewtu.be/watch?v=4FLhSSsIw-E <- Can aid in install

Qubes OS

https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution

https://seclists.org/dailydave/2010/q3/29 <- Ancient criticism over Qubes limitations

VPN, Tor, Proxies, and other Routing

Generally you do not want to raw-dog the internet.

VPN

  • Features and benefits of VPN's are overstated. [22]
  • Be thorough when selecting VPN provider. [23]
  • Mullvad and IVPN are trusted options. [24]

Tor

  • ISP can see Tor traffic without bridging.
  • Traffic analysis can reveal Tor bridges (Deep Packet Inspection + Active Probing) [25] [26] [27]
  • Tor is vulnerable to Sybil attacks. [28] [29]

Lokinet

  • To be researched and investigated...

Residential Proxies

  • Residential proxies can be useful as exit IP's for pseudonymous identities. This can prevent correlation attacks when used sparingly. (If suspected links both use Mullvad, or even worse the same exit location, it can compromise compartmentalization and be used to identify you.)
  • Sold proxies however are usually very dirty, and it's very difficult to find clean residential proxies. It is best to create/source your own.

Chaining

  • You -> Tor -> VPN, used to evade site Tor blocks, but provides worse security than just using Tor. [30] [31] [32] Mullvad has a guide for setting up Application level routing for Tor -> Mullvad. [33]
    • This creates a bottleneck for all your traffic, the VPN provider could build a profile of everything you do. Which over time can be dangerous.
    • This prevents VPN provider from knowing your real IP, and gives you a "clean" exit IP.
    • So long as your VPN is trusted, account created under Tor (and frequently cycled), and time paid for in XMR, this is not terrible.
  • You -> VPN -> Tor, used to evade hostile ISPs, where VPN traffic is more normal than Tor or Tor-Bridge traffic.

Web Browser

Out of the box Mullvad is the most privacy respecting option. Brave does an adequate job keeping you private from visited sites, but by default phones home and has questionable developer practices and Web3 components. [34] Brave with options changed is a compelling choice for clear-net browsing (IPFS and Tor usage increases attack surface and leakage) as it offers a completely randomized fingerprint, something that Gecko based browsers cannot yet do, and it also offers Blinks superior sand-boxing.

Fingerprinting Testing

https://github.com/arkenfox/TZP

https://coveryourtracks.eff.org/

Gecko Based Browsers

Librewolf

Waterwolf

Mullvad Browser

Blink Based Browsers

Brave

  • Randomizes browser fingerprint
  • Ads and Trackers blocked by default
  • Supports Onion and IPFS links within the browser
  • Heavily monetized
    • Brave Rewards: "Watch Privacy respecting ads and get rewarded"
    • Brave Wallet: "Use this panel to securely access Web3 and all your crypto assets"
    • Brave VPN: Free trial offered. Dark patterns present to encourage use.

Opera GX

Falkon

Webkit Based Browsers

Safari

Orion

Search Engines

Google

Yandex

Baidu

DuckDuckGo

Kagi

SearX

References

  1. https://www.extremetech.com/computing/276138-is-hyper-threading-a-fundamental-security-risk
  2. https://news.softpedia.com/news/intel-x86-cpus-come-with-a-secret-backdoor-that-nobody-can-touch-or-disable-505347.shtml
  3. https://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/
  4. https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
  5. https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
  6. https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
  7. https://www-heise-de.translate.goog/select/ct/2018/7/1522460661786091?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Ctrl+F for "back door"
  8. https://www-heise-de.translate.goog/select/ct/2018/6/1520827829694087?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
  9. https://www.heise.de/newsticker/meldung/Dell-schaltet-Intel-Management-Engine-in-Spezial-Notebooks-ab-3909860.html
  10. https://web.archive.org/web/20230904003911/https://en.wikipedia.org/wiki/Intel_Management_Engine#%22High_Assurance_Platform%22_mode
  11. https://www.extremetech.com/computing/260219-dell-sells-pcs-without-intel-management-engine-tradeoffs
  12. https://www.heise.de/newsticker/meldung/Dell-schaltet-Intel-Management-Engine-in-Spezial-Notebooks-ab-3909860.html
  13. https://news.ycombinator.com/item?id=17783357
  14. https://blog.acolyer.org/2017/09/21/clkscrew-exposing-the-perils-of-security-oblivious-energy-management/
  15. https://blog.quarkslab.com/attacking-the-arms-trustzone.html
  16. https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-3.html
  17. https://www.electropages.com/blog/2023/05/new-side-channel-attack-arm-implications-iot-security
  18. https://openrt.gitbook.io/open-surfacert/development/please-read/leander-devnotes/uefi-privilege-escalation-exploit-documentation/removing-trustzone
  19. https://wiki.st.com/stm32mcu/wiki/Security:How_to_disable_TrustZone_in_STM32L5xx_devices_during_development_phase
  20. https://yewtu.be/watch?v=LG474meMnag
  21. https://old.reddit.com/r/PINE64official/comments/eaq1ns/does_the_pinebook_pro_have_arm_trustzone_is_it/fb21wbb/
  22. https://gist.github.com/joepie91/5a9909939e6ce7d09e29
  23. https://www.ivpn.net/privacy-guides/18-questions-to-ask-your-vpn-service-provider/
  24. https://www.privacyguides.org/en/vpn/
  25. https://people.cs.umass.edu/~phillipa/papers/foci-2018.pdf
  26. https://sci-hub(DOT)ru/10.1007/s11227-018-2268-y
  27. https://link.springer.com/chapter/10.1007/978-3-031-08751-6_40
  28. https://web.archive.org/web/20230907161112/https://en.wikipedia.org/wiki/Sybil_attack#Description
  29. https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_winter.pdf
  30. https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-tor-x
  31. https://www.whonix.org/wiki/Stream_Isolation#Identity_Correlation_through_Tor_Circuit_Sharing
  32. https://anonymousplanet.org/guide.html#pick-your-connectivity-method-1
  33. https://mullvad.net/en/help/tor-and-mullvad-vpn/
  34. https://www-kuketz--blog-de.translate.goog/brave-datensendeverhalten-desktop-version-browser-check-teil1/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp