| Linux desktop user here, and you ask a very good question which frustrates me to no end. You are 100% correct, everything which is executed with your login user users rights, can happily upload everything from your home to some random servers or exfiltrate information in other ways. That Open Source solves the problem because the source code is available shows a blatant misunderstanding of the software supply chain, software supply chain attacks and the economics of Open Source. (e.g. the code you see on gitlab or github does not have to have any resemblance to the code your binary was build with, even if the code you see was used you don't know about compiler backdoors etc.) Further, all Open Source projects/distributions are understaffed and bad payed unless we speak about server Linux which is another story. Why does Linux not keep up? IMHO several reasons - There is no money in Linux desktops (Seeing how MacOS/Windows try to upsell users with every second click should give you an idea how bad the situation with Linux market share is - People with the security and programming skills are quite senior and in high demand of companies (or running OpenBSD :-P) - The Linux community is one of the most toxic/opinionated community in IT, so every Open Source initiative will have to fight for years an uphill battle (Look at Flatpak/SNAP, all the discussions/misunderstandings and crazy ideas people have) - For servers we have SELinux and AppArmor, which could in theory also work for Linux desktops, but even for a security affine Linux user like myself it is too cumbersome/complicated to setup/maintain, outside of enabling it for browsers and other highly exposed programs - Whenever I submit a patch/PR for an Open Source project which affects me on Debian, the maintainers literally beg me to take care of maintenance or at least Debian packages. I cannot even understand how illusional people are who want every software on earth as a native package for their variant of Linux of the week. We are far beyond the breaking point and the only people not seeing this are not contributing to Open Source, but complaining very loud and visible in online forums. Flatpak/SNAP are the only solutions we have if you want up to date software which was build from the original authors. (Remember the time a Debian maintainer broke SSH keys? Yeah, I do.) Especially security relevant software must be build by the authors and not some random maintainers who might or might not have a clue what they are doing. There might still be a bright future for Linux desktop security, IMHO it depends on immutable systems/flatpak/SNAP. Given the current adaption rate and BS discussions, I expect around 2040 we will be there with a broken implementation and not ready for next generations exploits. :-P |