[kaba0]

GNU Linux desktop can’t be made more secure than a Mac in my opinion, without having to rewrite the whole thing to the point where calling it general linux desktop is a stretch. But this is not an OS property - if one would install Android, then the security would improve severalfold, likely better than OSX (mobile OSs are much more modern and security oriented). The reason is that the old-school UNIX permission system is way too crude. The minimum is to run every process under a new user, so that its permissions would even start to make sense. SELinux is also important, as well as secure IPC. Android has all that solved.

GrapheneOS on sufficiently secure hardware (! Unfortunately open-source laptops are very bad in this category), which has to be a Pixel for now trades blows with iphones.

[Gigachad]

The Linux security model was designed for a time when you had multiple humans sharing one machine, and every program either came from the OS, or was sourced from a reputable origin. It's almost useless in the current landscape. Some efforts like Flatpak, Wayland, Pipewire, and immutable OSs are starting to improve things, but it still seems like we are years away from having the level of security MacOS had a long time ago.

And I just can't see how any security measure which requires hardware can come to Linux desktop.

[smoldesu]

> And I just can't see how any security measure which requires hardware can come to Linux desktop.

Why? TPM works just fine. Secure Boot is perfectly usable on most OSes. Hell, even fprintd supports biometric authentication if you're a weirdo. Nothing inherently stops this stuff from being made, certainly not the kernel.

All hardware-based security measures will probably never be supported by Linux, but if your benchmark for disbelief is "any" then boy have I got a boat to sell you!