Host Operating System Selection
From Whonix
Linux, Xen or BSD are the only serious options for a host operating system that respects privacy. Interested readers should review the rest of this page if they are interested to find out why.
Introduction[edit]
A lot contention is derived from the different word definitions of the word "security" by advocates of proprietary software versus Freedom Software. An attempt to explain the different positions can be found in chapter Tyrant Security vs Freedom Security.
Windows Hosts[edit]
Windows Backdoors[edit]
Table: Windows Backdoors
Category | Description |
---|---|
User Content Upload to Microsoft | Windows sometimes takes user content, such as documents and uploads it to Microsoft servers.
Quote Microsoft: Configure telemetry and other settings in your organization (web archived website) (Underline added.)
Media also reported. The Register: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data [archive] (Underline added.):
Quote ZDNet: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data [archive] (Underline added.):
Quote OS researchgate: Call Home: Background Telemetry Reporting in Windows 10 [archive] (Underline added.):
Quote Microsoft (web archived, year 2018 [archive] (Underline added.):
Alternative write-up, Scaring: Windows 10 lets Microsoft access your own local files [archive]. In theory it might be possible to disable this behavior but then there have also been cases where these settings have not been honored as documented in chapter Inescapable Telemetry. There is a privacy by policy safeguard implemented at the Microsoft organisational level. Quote "However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer." However, privacy by policy is not privacy by design (privacy enforced through technology). Generally speaking, there is a history of privacy by policy safeguards being circumvented by malicious employees (insider attack), hacking (outsider attacks) and privacy by policy also fails in case of government requests. Microsoft’s privacy governance team would be circumvented if Microsoft was compelled through a government order. Quote FBI–Apple encryption dispute [archive] (Underline added.
While there exists (to the knowledge of the author) no law that allows the government to compel companies to add new surveillance capabilities, new backdoors to operating systems, Microsoft has an Possibly even orders which Microsoft would never be allowed to talk about due to a gag order [archive]. Microsoft's U.S. National Security Orders Report [archive] states Foreign Intelligence Surveillance Act (FISA) [archive] orders for the time period of July - Dec 2019, 0 - 499 orders seeking disclosure of content with 14,500 - 14,999 Accounts impacted by orders seeking content. Some orders probably related to hosted accounts such the Microsoft live e-mail service or Skype. It is unknown if that might also include user content from Windows. FISA is just one order that includes a secrecy order (gag order) by the U.S. government. Microsoft must also abide by other types of government orders as well as by orders from governments of different countries [archive]. The relevant statement by Microsoft If using this |
Encryption | Microsoft has backdoored its disk encryption.
Quote The Intercept: (...) Microsoft Probably Has Your Encryption Key [archive]:
But disabling this requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to disable this privacy intrusion. This is often not the case for non-technical users. (The Tyranny of the Default) |
Software Choice and Deletion |
|
Windows Surveillance[edit]
Table: Windows Surveillance Threats
Category | Description |
---|---|
Adversary Collaboration |
|
Anonymity |
|
Keylogger |
Windows 10 comes with a keylogger. Quote Microsoft (year 2015 web archived version): Windows 10 speech, inking, typing, and privacy FAQ:
Quote [2] PCWorld: text input and unique typing cadence (pattern) [archive]:
Quoting 2015 version of Microsoft: Windows 10 speech, inking, typing, and privacy FAQ [archive]:
Note: any deletion from the quote is only a promise. If data was leaked or shared with other parties previously or requested thought government order previously, it would not be deleted. Such data is vulnerable to Keystroke Deanonymization. |
Voice Recording |
Quote 2020 Microsoft: Windows 10 speech, inking, typing, and privacy FAQ [archive] (Underline added.):
This means Windows is recording the voice of the user and storing it on servers owned by Microsoft. The same website mentions this can be disabled.
But disabling this requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to disable this privacy intrusion. This is often not the case for non-technical users. (The Tyranny of the Default) Quote Microsoft Privacy Statement, Last Updated: March 2021 [archive] (Underline added.) (Bold added.):
This sounds rather theoretic, "collect samples" - how many samples? "processed to remove" data "which could be used to reconstruct the original content or associate the input to you" - how well does that processing work? Such data is vulnerable to Voice Deanonymization. |
Spyware |
|
Telemetry and Personal Data |
EU still concerned over Windows 10 privacy despite Microsoft’s changes [archive] (2017) Quote EFF With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive [archive]:
France orders Microsoft to stop tracking Windows 10 users [archive], Quote government order [archive] (Underline added.):
Ars Technica: Dutch privacy regulator says Windows 10 breaks the law [archive] [3]
|
Trust |
|
Windows Error Reporting (WER) and Core Dumps Privacy Issues |
According to Der Spiegel: Inside TAO: Documents Reveal Top NSA Hacking Unit [archive]:
Quote Microsoft [archive] (Underline added.):
|
Trying to disable the lenghty of privacy invasive features [archive] is a huge task similar to playing "whack-a-mole". Being unaware of some spyware feature could result in unwanted surveillance.
Windows User Freedom Restrictions[edit]
A number of conscious decisions by Microsoft severely limit user freedoms.
Table: Windows User Freedom Threats
Category | Description |
---|---|
Trust |
The German government, Ministry of Economics, Federal Office for Information Security (BSI) does not trust Microsoft Windows. Archived, redacted version after court order requested by Microsoft against news paper ZEIT ONLINE: page 1, page 2 (DeepL translated [8]):
What was it that ZEIT ONLINE needed to redact? Quote A BSI-2i.pdf German government internal documents leaked on wikileaks [archive] (DeepL translated [9]):
Heise: German authorities are losing control over critical IT systems (German language, use DeepL and/or Google Translate) [11]:
The Register - Germany warns: You just CAN'T TRUST some Windows 8 PCs [archive] A whitewashed statement by the German government, Federal Office for Information Security, BSI, [12] wrote ( See full statement (web archived).) (DeepL translated):
|
Forced Updates | Microsoft has a history of updating software without permission [archive]. While configurable update reminders are good for those who forget to regularly update, forced updates are problematic for those that do not wish to. [13]
This Windows issue has not been foreseen. To the knowledge of the author there where no popular "really disable all Windows updates" instructions. By comparison such an issue is unlikely to happen with Debian (and many derivatives) based operating systems (and other Freedom Software Linux distributions). On Windows there was no real way to check which code will run when. Or at least, for practical purposes, nobody did reverse engineering and documented that. For example on Debian (based) operating systems by default their default package manager APT is fully Open Source. But also without reading the source code, it's behavior is much more predictable. Software sources are defined in easily human readable files such as |
Forced Upgrades |
|
Tiered Stability (Updates Testing) | Windows forces lower-paying customers to install new updates and gives higher-paying customers the option of whether or not to adopt them. Quote [archive]:
|
User Freedoms |
|
Software Freedom |
|
Forced Telemetry into C++ Binaries |
Adversary Collaboration[edit]
Microsoft has a history of informing adversaries of bugs before they are fixed. Microsoft reportedly gives adversaries security tips [archive] (archive.is [archive]) on how to crack into Windows computers.
Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn't ask and can't be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give government "an early start" on risk assessment and mitigation
See also this opinion analyzing this, How Can Any Company Ever Trust Microsoft Again? [archive].
By comparison, the Linux kernel has a security buy embargo process [archive].
[...]
Although our preference is to release fixes for publicly undisclosed bugs as soon as they become available, this may be postponed at the request of the reporter or an affected party for up to 7 calendar days from the start of the release process, with an exceptional extension to 14 calendar days if it is agreed that the criticality of the bug requires more time. The only valid reason for deferring the publication of a fix is to accommodate the logistics of QA and large scale rollouts which require release coordination.
While embargoed information may be shared with trusted individuals in order to develop a fix, such information will not be published alongside the fix or on any other disclosure channel without the permission of the reporter. This includes but is not limited to the original bug report and followup discussions (if any), exploits, CVE information or the identity of the reporter.
In other words our only interest is in getting bugs fixed. All other information submitted to the security list and any followup discussions of the report are treated confidentially even after the embargo has been lifted, in perpetuity.
[...]
Fixes for sensitive bugs, such as those that might lead to privilege escalations, may need to be coordinated with the private <linux-distros@vs.openwall.org> mailing list so that distribution vendors are well prepared to issue a fixed kernel upon public disclosure of the upstream fix. Distros will need some time to test the proposed patch and will generally request at least a few days of embargo, and vendor update publication prefers to happen Tuesday through Thursday. When appropriate, the security team can assist with this coordination, or the reporter can include linux-distros from the start.
[...]
The crucial difference between Microsoft bug embargoes and Linux bug embargoes is that Microsoft notifies intelligence agencies which are then known to exploit vulnerabilities while the Linux kernel security team has a much more transparent bug embargo process where trusted parties, huge Linux distributions receive an early notification for the purpose of wide availability of the software upgrade containing the fix before to prevent wide exploitation by attackers in the wild.
[edit]
- Open Source, Freedom Software versus
- proprietary, closed source, precompiled software.
are totally different development models. Both development models have advantages and disadvantages.
The case for Open Source, Freedom Software is made on the Avoid Non-Freedom Software wiki page.
One advantage for closed source software could be argued being secrecy, security through obscurity [archive]. (Also addressed on the Avoid Non-Freedom Software wiki page.)
However, Microsoft Windows has none of the advantages of Open Source, Freedom Software but also cannot fully take advantage of security through obscurity either. Part of the Shared Source Initiative [archive] is the Government Security Program [archive]. Quote ZDNet [archive]:
Microsoft's Shared Source Initiative [archive] makes source code available to "qualified customers, enterprises, governments, and partners for debugging and reference purposes". There's almost no information on the company's website about their Government Security Program [archive] (GSP). Just two sentences. But the first of those sentences notes that requests might come from "local, state, provincial, or national governments or agencies". When the GSP was launched back in 2003, however, Microsoft was happy to tell the media that Windows source code was made available to a number of governments and international organistions, including Russia, NATO, the UK, and China. Another report said that Australia, Austria, Finland, Norway, Taiwan, and Turkey were also on the list.
Simplified summary: Independent security researchers don't have access to the source code but huge groups of people from of which some you probably do not trust do have the advantage over you. The only motivation for sharing the source code is to get regulatory approval for deployment in foreign government networks that demand certain assurances for accessing their markets. This has nothing to do with empowering third parties or giving them the choice and freedom to modify the software or share it with others.
Inescapable Telemetry[edit]
The fact that there is no way to completely remove or disable telemetry requires further consideration. For instance, non-enterprise editions do not permit anyone to completely opt-out of the surveillance "features" [archive] of Windows 10. Quote Even when told not to, Windows 10 just can’t stop talking to Microsoft [archive]. Quote Windows 10 Sends Your Data 5500 Times Every Day Even After Tweaking Privacy Settings [archive]
CheesusCrust also disabled every single tracking and telemetry features in the operating system. He then left the machine running Windows 10 overnight in an effort to monitor the connections the OS is attempting to make.
Eight hours later, he found that the idle Windows 10 box had tried over 5,500 connections to 93 different IP addresses, out of which almost 4,000 were made to 51 different IP addresses belonging to Microsoft.
Even if some settings are tweaked to limit this behavior, it is impossible to trust those changes will be respected. Even the Enterprise edition was discovered to completely ignore privacy settings and anything that disables contact with Microsoft servers.[19]
Any corporation which forces code changes on a user's machine, despite Windows updates being turned off many times before, is undeserving of trust. [20] [21] [22] [23] [24] Windows 10 updates have been discovered to frequently reset or ignore telemetry privacy settings. [25] Microsoft backported this behavior to Windows 7 and 8 [archive] for those that held back, so odds are Windows users are already running it.
Forfeited Privacy Rights[edit]
By now the reader should be convinced that just by using any version of Windows, the right to privacy is completely forfeited. Windows is incompatible with the intent of Whonix ™ (and the anonymous Tor Browser), since running a compromised Windows host shatters the trusted computing base which is part of any threat model. Privacy is inconceivable if any information that is typed or downloaded is provided to third parties, or programs which are bundled as part of the OS regularly "phone home" by default [archive].
Targeted Malicious Upgrades[edit]
Microsoft Windows is not designed to be resistant to targeted malicious software upgrades of the Windows operating system or applications from Windows store.
Targeted malicious software upgrade means singling out specific users and shipping malicious upgrades to these select users only.
Most users are using a Windows Live ID since that is encouraged by Windows and their real names and IP addresses.
When installing/updating applications using the Microsoft Store, Microsoft knows the Windows Live ID, therefore also the real name and IP address of the user. It follows that a coerced or compromised Microsoft Store could single out users and ship malicious software that includes malware with features such as remote control, remote view, file upload and download, microphone and web camera snooping, keyboard logging and so forth. This is the same situation for any OS shipped with corporate controlled walled garden app store like Apple, Google and Amazon.
With knowledge of Microsoft existing privacy intrusive behavior as documented elsewhere on this page, it seems sane to assume that the same applies to Microsoft Update.
By comparison:
- Most Linux distributions usually do not require an e-mail based login to receive upgrades. Users can still be singled out by IP addresses unless users opt-in for using something such as apt-transport-tor which is not the default.
- In case of Whonix And Kicksecure, all upgrades are downloaded over Tor. There is no way for the server to ship legit upgrade packages to most users while singling out specific users for targeted attacks.
Opinion by GNU Project[edit]
The GNU Project opinion [archive] is that Windows is "Malware", due to the threats posed to personal freedoms, privacy and security, meaning the software is designed to function in ways that mistreat or harm the user.
Interpretation of Opinion by GNU Project:
Word definitions: Spyware is a type of malware.
Quote wikipedia malware [archive]:
A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and scareware.
If that definition is accepted... It therefore follows, if one agrees that "Windows is Spyware", it then logically follows "Windows is also Malware". This is to explain the GNU Project opinion of calling Windows "Malware".
Windows is malware by definition because of what it does. Individuals trusting Microsoft as an entity with all the data it collects by default doesn't change that determination.
Opinion by Free Software Foundation[edit]
The Free Software Foundation (FSF) writes [archive] quote:
Microsoft uses draconian law to put Windows, the world's most-used operating system, completely outside the control of its users. Neither Windows users nor independent experts can view the system's source code, make modifications or fixes, or copy the system. This puts Microsoft in a dominant position over its customers, which it takes advantage of to treat them as a product [archive].
Windows Insecurity[edit]
Microsoft's willingness to consult with adversaries and provide zero days [archive] before public fixes are announced logically places Windows users at greater risk, especially since adversaries buy security exploits from software companies [archive] to gain unauthorized access [archive] into computer systems. [26] Even the Microsoft company president has harshly criticized adversaries for stockpiling vulnerabilities [archive] that when leaked, led to the recent ransomware crisis world-wide. This is elaborated in chapter Adversary Collaboration.
Windows is not a security-focused operating system [archive]. If it was, it would for example:
- Not upload user data to Microsoft servers.
- Minimize data stored on, available to servers of Microsoft. (Windows Surveillance)
- Use end-to-end encryption whenever possible.
- Be resilient to targeted malicious upgrade attacks by not linking software installation/upgrading to a Windows ID and/or providing an option to download software over the Tor anonymity network (or hypothetically a next generation anonymity network developed by Microsoft).
- Not upload full disk encryption keys to Microsoft servers (see chapter Windows Backdoors, category Encryption).
Such security standards are well affordable because since Microsoft makes billions of profit as well as very realistic since some Freedom Software Linux distributions already implemented these.
Due to Microsoft's restrictive, proprietary licensing policy for Windows, there are no legal software projects that are providing a security-enhanced Windows software fork [archive]. There are security-enhanced Windows software fork(s) but these are illegal, violating the copyright of Microsoft and provided by anonymous developers. In contrast, the Linux community has multiple Freedom Software Linux variants that are strongly focused on security, like Qubes OS [archive].
Microsoft provides Tyrant Security. Not Freedom Security. (Tyrant Security vs Freedom Security) Windows comes with some innovative security technologies, however privacy and user freedom is terrible. Security and privacy have a strong connection. Quote Bruce Schneier Security vs. Privacy [archive], The Value of Privacy [archive]:
There is no security without privacy.
I equate privacy with security because they are very much related in the real world especially for whistleblowers.
Windows Historic Insecurity[edit]
Microsoft updates also use weak cryptographic verification methods such as MD5 and SHA-1. In 2009, the CMU Software Engineering Institute stated that MD5 "...should be considered cryptographically broken and unsuitable for further use". [27] In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature. [28]
Before Windows 8, there was no central software repository comparable to Linux where software could be downloaded safely. This means a large segment of the population remains at risk, since many Windows users [archive] are still running Windows 7. [29]
Windows Software Sources[edit]
On the Windows platform, a common way to install additional software is to search the Internet and install the relevant program. This is risky, since many websites bundle software downloads with adware, or worse malware. Even if software is always downloaded from reputable sources, they commonly act in very insecure ways. For example, if Mozilla Firefox is downloaded from a reputable website like chip.de
, [30] then until recently, the download would have taken place over an insecure, plain http connection. [31] In that case, it is trivial for ISP level adversaries, Wi-Fi providers and others to mount man-in-the-middle attacks and to inject malware into the download. But even if https is used for downloads, this would only provide a very basic form of authentication.
To keep a system secure and free of malware it is strongly recommended to always verify software signatures. However, this is very difficult, if not impossible for Windows users. Most often, Windows programs do not have software signature files (OpenPGP / gpg signatures) that are normally provided by software engineers in the GNU/Linux world.
Tools for software digital signature verification are not installed by default on the Windows platform. Neither SignTool nor gpg4win are installed by default on the Windows platform. These could be manually installed but there is a bootstrap issue. These tools itself would have to be downloaded over https, i.e. only with a very basic form of authentication. In contrast, on the Linux platform usually the GnuPG software digital signature verification tool is installed by default.
For these reasons it is safe to assume that virtually nobody using a Windows platform is regularly benefiting from the strong authentication that is provided by software signature verification.
Windows 10 App Store does not suffer from this issue and does software signature verification but many applications are not available form Windows App Store. In the Windows ecosystem, the culture is software signature verification is less widespread.
In contrast, most Linux distributions provide software repositories. For example, Debian and distributions based on Debian are using apt. This provides strong authentication because APT verifies all software downloads against the Debian repository signing key. Further, this is an automatic, default process which does not require any user action. Apt-get also shows a warning should there be attempts to install unsigned software. Even when software is unavailable in the distribution's software repository, in most cases OpenPGP / gpg signatures are available. In the Linux world, it is practically possible to always verify software signatures.
No Ecosystem Diversity Advantage[edit]
The popularity of Windows platforms on desktops actually increases risk, as attackers target the near monocultural operating system environment with regularity. A security bug is usually exploitable on many versions of Windows run anywhere, making them known in security terms as a "class break".[32] For example:
- The Wanna Decryptor ransomware attack [archive] spreading the globe at the time of writing is solely focused on Windows platforms.
- Flaws in Internet Explorer and Edge [archive] have previously allowed attackers to retrieve Microsoft account credentials.
- Point-of-sale terminals running Windows were previously taken over in order to collect customers' credit card numbers [archive].
Intransparency[edit]
Windows source code is unavailable for public review and build by independent third parties.
Microsoft Windows has none of the advantages of Open Source, Freedom Software but also cannot fully take advantage of security through obscurity either. This point is made in chapter shared source.
There is no public issue tracker for Microsoft Windows where any reasonable user is allowed to post or reply. There is a public list of vulnerabilities [archive] but without public discussion among developers and/or users. [33] Microsoft's internal issue tracker is private, unavailable for the public even for reading. [34] The ability of the public of getting insights into the planning, thought process of Microsoft, participation in the development of Windows is much more limited. This is the case for many closed source, proprietary software projects. The community cannot participate as much in development. In comparison for Open Source projects, issue tracker are most often public for everyone to post and reply (with exception of security issues under embargo until fixed).
When users are having issues and searching for advice, often the advice is to "reinstall Windows". Due to the closed source nature of windows, it's far more difficult to analyze issues and provide bug fixes and workarounds.
Sometimes reverse engineering is cited as an alternative to the unavailability of Window's source code to the general public. Reverse engineering however is far more difficult. For example, the forced updates and forced upgrades issues, Windows ignoring the user's automatic update settings (documented in chapter Windows User Freedom Restrictions) had not been foreseen and published by anyone doing reverse engineering. Users were taken by surprise.
Using Earlier Windows Versions is no good Alternative[edit]
When users learn about shortcoming, anti-features, spyware features of Windows they often consider as an alternative to not upgrade to a newer version of Windows or to downgrade to an earlier version of Windows. [35] This is not a solid plan for the future since security support for older versions of Windows is being dropped and without security support, newly found security vulnerabilities will remain unfixed.
- Microsoft has dropped support for Windows 7 and 8 on recent processors [archive] following the release of Windows 10.
- Microsoft has made Windows 7 and 8 non-functional on certain new computers [archive], compelling a switch to Windows 10 for many people. For example, support has been dropped for all future Intel [archive], AMD and Qualcomm CPUs [archive].
- Microsoft cuts off support for specific platforms (like XP [archive]) and software such as popular Internet Explorer versions [archive], after a software dependency has developed.
This is also made difficult due to forced updates/upgrades which are mentioned above.
Terrible Company[edit]
Microsoft has been hostile against Freedom Software. Microsoft is a patent troll. Microsoft claimed that Linux infringed its intellectual property. Microsoft experienced backslash over that claim, never substantiated this claim, sued anyone or apologized. References:
- now defunct website
Show Us The Code
, archived: http://web.archive.org/web/20071120042104/http://showusthecode.com/responses.htm [archive] - internet search term:
"microsoft" "Show Us The Code"
- https://www.redhat.com/en/blog/microsoft-and-patent-trolls [archive]
- http://www.openinventionnetwork.com/ [archive]
Other:
- https://www.eff.org/deeplinks/2015/12/stupid-patent-month-microsofts-design-patent-slider [archive]
- Microsoft used DMCA (Digital Millenium Copyright Act) to shut down reverse engineering of Skype. See DMCA notice received by and published by github [archive].
The Tyranny of the Default[edit]
Quote The Tyranny of the Default [archive]:
“‘The tyranny of the default’ [is] the expression I like to use for: we know most users don’t go in and change things. They just assume that someone smarter than them chose the settings that are best for them, and so they say ‘YES’ a lot when they’re asked questions. What that means is that if it’s enabled by default, it’ll tend to stay on.”
Any anti-features of Windows such as telemetry cannot be excused by "but it can be disabled". That's a workaround at best. Not a fix. Fact remains, for most users, if it’s enabled by default, it’ll tend to stay on.
Changing defaults requires awareness of the issue, skills of using search engines and finding documentation how to do so, and technical skills to change the default. This is often not the case for non-technical users. Even technical users might forget it in some situations such after re-installation. Therefore default settings matter.
Nuisances[edit]
- "reinstall Windows": When users are having issues and searching for advice, often the advice is to "reinstall Windows". Due to the closed source nature of windows, it's far more difficult to analyze issues and provide bug fixes and workarounds.
- Windows update often take a long time and require multiple reboots. [36]
- User runs Windows update.
- Windows downloads updates and installs.
- Reboot is required, the user reboots, shutdown takes a long time since Windows is finalizing some updates.
- Boot takes a long time since Windows is finalizing some updates.
- Windows update reports further updates. Back to 1.
- Repeat a few times.
By comparison, for example for Debian based distributions a single "sudo apt update && sudo apt full-upgrade
" is sufficient to download and install all updates. No extra time is required for shutdown or the next boot. No further updates are required right after reboot. [37]
Advertisements:
- Windows displays advertisements [archive] for Microsoft products and those of its partners.
- Windows inserts advertisements inside of File Explorer [archive] to nag about paid subscriptions.
Windows is less flexible. While with Linux distribution it's easily possible to install them on USB or to swap a hard drive installed in one computer and boot it inside a replacement computer, these are major challenges for Windows users.
It's hard to modify Windows. For example, Qubes Windows Tools for Windows 10 are still not ready.
Freedom Software Superiority[edit]
Based on the preceding section and analysis, it is strongly recommended to learn more about GNU/Linux and install a suitable distribution to safeguard personal rights to security and privacy. Otherwise, significant effort is required to play "whack-a-mole" disabling Windows anti-features, which routinely subjects users to surveillance, limits choice, purposefully undermines security, and harasses via advertisements, forced updates/forced upgrades, and so on.
See also Avoid Non-Freedom Software.
Conclusion[edit]
Can Windows 10 be secure for huge enterprise level customers? In theory, maybe. These customers might have access to Windows Shared Source which might [archive] even be complete enough to building Windows from source code. Who knows. It cannot be known for sure due to the high requirements [archive] to get access to Windows source code and the requirement of signing a non-disclosure agreement (NDA). Even if the author of this page did know, it could not be published here due to the NDA requirement. Such customers might even be able to escape the otherwise for mere mortals Inescapable Telemetry, to build their own Windows installer ISO and Windows updates from Windows source code.
In practice, it is foolish to trust any version coming from an entity that has proved beyond doubt that is not trustworthy. Much better to move on and instead use sustainable alternatives.
Can Windows 10 be secure for laymen users? Probably not. Due to Windows Error Reporting (WER) and Core Dumps Privacy Issues, telemetry, spyware and keylogger (see chapter Windows Surveillance) too much private information including user data is ending up on Microsoft servers which is then in part harvested by any government with thousands of employees which Mircosoft is compelled to cooperate with. Such data can then be used in parallel construction [archive] (evidence laundering), circumvention of constitutional protections against protection from unreasonable searches and seizures.
Security updates are necessary for any operating system but he issue with Microsoft is they tend to sneak in things other than what users can reasonably expect. In the past at least they made changes to the update system to still phone home even if it was disabled. Examples include Inescapable Telemetry and forced updates/upgrades.
Windows officially admits their data mining activity and gives users so-called options to “choose” what they share. Third parties have uncovered time and time again, these user choices are ignored and there is no way to disable data gathering completely.
Does Windows result in a world wide net gain or net loss of privacy?
A proprietary security hardened Windows that resists third party spyware + includes data snooping in its core = net loss of end user freedom/privacy and security risk as NSA has been know to use windows error reporting for aiding exploitation.
A less security hardened Freedom Software operating system might more vulnerable to active attacks + no privacy invasive code include by default = net gain of privacy by default as nothing is being reported anywhere unless targeted attacks are deployed.
Forum Discussion[edit]
https://forums.whonix.org/t/host-operating-system-selection-wiki-page-discussion/11303 [archive]
macOS Hosts[edit]
In a fashion similar to Windows platforms, Apple operating systems also pose many security and privacy threats.
Table: macOS Threats [38]
Category | Description |
---|---|
Backdoors |
|
Design Flaws |
|
Device Bricking |
|
Personal Information |
|
User Control and Freedoms |
|
See this write-up [archive] by the FSF for further detailed information. [41]
In public talks, ex-Tor developer Jacob Appelbaum who had access to the Snowden files, hinted that Apple devices in particular were easy to infiltrate by the Intelligence Community.
Recommendation[edit]
Based on the preceding sections and analysis, it is strongly recommended to learn more about Linux and install a suitable distribution that safeguards rights to secure and private computing. Otherwise, significant effort is required to play "whack-a-mole" with Windows and malware, which routinely subjects users to surveillance, limits choice, purposefully undermines security, and harasses via advertisements, forced updates, remote removal of applications without consent, and so on.
Linux Hosts[edit]
A Free Software [archive] OS that respects user freedom is the only practical choice when it comes to privacy and security.
Use Linux on the host and prefer in-repository software that is automatically gpg-signed and installed from the distributor's repositories by the package manager. This is far safer than downloading programs from the Internet like Windows adherents are required to do.
Recommended Linux Distribution[edit]
If it is infeasible to install Qubes as a high-security solution, then Debian Linux [archive] version bullseye
is recommended since it provides a reasonable balance of usability, security and user freedom.
Interested readers can find a complete list of reasons to use Debian here [archive]. For download, verification and installation instructions, see Debian Tips.
In the past, virtually any Linux distribution could be recommended in order to protect privacy, however Ubuntu's history of data-mining [archive] makes it an unsuitable choice. [42] Ubuntu's February 2016 Privacy Policy allowed search terms entered into the dash to be sent to Ubuntu and selected third parties to "complement" search results, along with the IP address. Fortunately this text has now been removed in the latest iteration of the document [archive].
For additional reasons to avoid Ubuntu or Ubuntu-derived distributions, expand this section.
Ubuntu's paltry contributions to the upstream Libre projects they heavily rely upon is a policy decision and not a coincidence. Canonical founder Mark Shuttleworth has stated: "It is absolutely true we have no interest in the core fundamentals of the Linux kernel, none whatsoever." [43]
Canonical only bothers to majorly contribute in any way when forking significant projects; for example, Wayland into Mir, GNOME into Unity [44], and .deb packages incompatible with Debian because of zstd compression. [45] This appears to be a consistent attempt to fragment the software stack to lock in users and put pressure on competing distributions and vendors. [46] [47]
The Ubuntu Contributor License Agreement gives them complete power over patents that cover contributed code. Essentially they are granted the right to re-license this code under any license of their choice, including a proprietary one.
Ubuntu also has a history of treating staff in a hostile fashion. For example, the Kubuntu spin project lead was unilaterally removed without warning and contrary to wishes of his team members. [48] Canonical also pilfered donation funds originally meant for desktop spin projects (Kubuntu, Lubuntu and others). In Kubuntu's case, after funding was abruptly dropped, Blue Systems had to step in to save the popular project. [49] [50]
Canonical has also been applying an absurd intellectual property (IP) policy over packages in its repositories for years. This resulted in claims that Canonical owns the copyright over any binaries compiled by their servers. After the FSF stepped in and arranged a resolution over a period of two years, the policy was amended to state that Canonical’s IP policy cannot override packages with GPL licenses. However, this now means that any package with a permissive license is now copyrighted by Canonical. [51] [52]
Unfortunately, downstream forks based on Ubuntu cannot be relied upon either. For example, the popular Linux Mint distribution was threatened with being cut off from access to Ubuntu infrastructure unless they caved in to Canonical's binary licensing terms. [53] Since then, Linux Mint has developed a version based on Debian instead. Canonical's vague trademark and IP policy has become toxic for downstream distributions. Many have made the smart choice to re-base on Debian instead of Ubuntu over the years including Kali, Whonix ™ [54] and others. [55]
A final major concern is Canonical's friendly relationship with Microsoft. This should make all Linux users uncomfortable, given Microsoft's strategy of "Embrace, Extend, Extinguish" with respect to Free Software. [56]
There are of course other options. See "Why don't you use <your favorite most secure operating system> for Whonix ™?" for analysis of alternatives.
See Also[edit]
- Basic Host Security
- Advanced Host Security
- Miscellaneous Threats to User Freedom
- Avoid Non-Freedom Software
- Tyrant Security vs Freedom Security
- Why Whonix ™ is Freedom Software
- Unsubstantiated Conclusions
- Whonix ™ Policy on Non-Freedom Software
References[edit]
- ↑ With the ability to be legally allowed to actually talk about. I.e. without non-disclosure agreement (NDA).
- ↑ modified by author: added link to web archive with quote from 2015
- ↑ https://www.government.nl/binaries/government/documents/publications/2019/06/11/dpia-windows-10-enterprise-v.1809-and-preview-v.-1903/DPIA+Windows+10+version+1.5+11+June+2019.pdf [archive]
- ↑ Microsoft Privacy Statement for Error Reporting [archive]
- ↑ Description of the end user privacy policy in application error reporting when you are using Office [archive]
- ↑ https://rcpmag.com/articles/2002/10/03/microsoft-error-reporting-drives-bug-fixing-efforts.aspx [archive]
- ↑ https://www.forcepoint.com/blog/security-labs/are-your-windows-error-reports-leaking-data [archive]
- ↑
So heißt es in einem internen Papier aus dem Wirtschaftsministerium von Anfang 2012: "Durch den Verlust der vollen Oberhoheit über Informationstechnik" seien "die Sicherheitsziele 'Vertraulichkeit' und 'Integrität' nicht mehr gewährleistet." An anderer Stelle stehen Sätze wie: "Erhebliche Auswirkungen auf die IT-Sicherheit der Bundesverwaltung können damit einhergehen." Die Schlussfolgerung lautet dementsprechend: "Der Einsatz der 'Trusted-Computing'-Technik in dieser Ausprägung … ist für die Bundesverwaltung und für die Betreiber von kritischen Infrastrukturen nicht zu akzeptieren."
- ↑
Bei der Verhandlungsführung kann bezogen auf die TPM-Nutzung daraufhingewiesen werden,
dass nicht nur die Bundesregierung den nicht selbst kontrollierten Einsatz von TPMs kritisch
sieht, sondern auch weite Teile der deutschen Industrie, insbesondere in Kritischen Infrastrukturen.
- ↑
Daher argumentiert Microsoft damit, dass sie selbst die Kontrolle über UEFI „Secure Boot"
benötigen, um für den Eigentümer UEFI „Secure Boot" sicher zu verwalten. Aus Sicht des BSI ist der Aufwand für eine selbst kontrollierte Konfiguration von UEFI „Secure Boot" zwar derzeit hoch, aber insbesondere in Einsatzbereichen mit hohem Schutzbedarf oder in Kritischen
Infrastrukturen dringend geboten.
- ↑
Einerseits verlangt die Bundesregierung „uneingeschränkte Kontrollierbarkeit“ von Computern, die kritische Infrastrukturen am Laufen halten – also Atomkraftwerke, Wasser-, Energie und Verkehrsnetze. Andererseits tun die zuständigen Behörden nichts, um die bereits an Intel und Microsoft verlorene Kontrolle zurückzuerlangen.
- ↑ Bundesamt für Sicherheit in der Informationstechnik
- ↑ https://www.techrepublic.com/index.php/blog/it-news-digest/microsoft-admits-to-stealth-updates/ [archive]
- ↑
sudo apt update
... Get:5 tor+https://deb.debian.org/debian buster-backports InRelease [46.7 kB] Get:6 tor+https://deb.debian.org/debian-security buster/updates InRelease [65.4 kB] Get:7 tor+https://deb.debian.org/debian buster-updates InRelease [51.9 kB] Hit:8 tor+https://deb.debian.org/debian buster InRelease ...
- ↑
sudo apt full-upgrade
Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: anon-apt-sources-list anon-icon-pack apparmor-profile-dist apparmor-profile-torbrowser bootclockrandomization damngpl dist-base-files gpg-bash-lib hardened-malloc hardened-malloc-kicksecure-enable helper-scripts kicksecure-base-files kicksecure-cli kicksecure-dependencies-cli msgcollector msgcollector-gui open-link-confirmation repository-dist sdwdate secbrowser security-misc tb-default-browser tb-starter tb-updater timesanitycheck tor tor-geoipdb usability-misc vm-config-dist whonix-initializer 30 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 5,957 kB of archives. After this operation, 732 kB of additional disk space will be used. Do you want to continue? [Y/n]
- ↑ https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1 [archive]
- ↑ https://www.computerworld.com/article/3012278/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html [archive]
- ↑
- ↑ https://web.archive.org/web/20170609221304/https://forums.whonix.org/uploads/default/original/2X/0/004857ec71ff2e4b23c88bf596b6142373fe2879.jpg [archive]
- ↑ https://web.archive.org/web/20071011010707/http://informationweek.com/news/showArticle.jhtml?articleID=201806263 [archive]
- ↑ https://archive.fo/LffTy [archive]
- ↑ https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/ [archive]
- ↑ http://voices.washingtonpost.com/securityfix/2007/09/microsofts_stealth_update_come.html [archive]
- ↑ https://www.zdnet.com/blog/hardware/confirmation-of-stealth-windows-update/779 [archive]
- ↑ https://community.spiceworks.com/topic/1535835-win-10-update-resets-privacy-again [archive]
- ↑ This is especially true for users of Tor, who are regularly targeted in this fashion.
- ↑ https://en.wikipedia.org/wiki/MD5#cite_note-11 [archive]
- ↑ https://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ [archive]
- ↑ www.webcitation.org/6mgUAxhv9
- ↑ https://www.chip.de/downloads/Firefox-64-Bit_85086969.html [archive] https://www.webcitation.org/6mgUDIObc [archive]
- ↑
In 2019,
chip.de
now enforces https for its entire website. - ↑ https://www.schneier.com/blog/archives/2017/01/class_breaks.html [archive]
- ↑ https://answers.microsoft.com [archive] is mostly(?) user-to-user discussion. Mostly: hard to find any employees posting there or very low interaction. A volunteer moderator isn't a developer. [archive] There is also https://techcommunity.microsoft.com [archive].
- ↑ Link as evidence pointing to the fact that Microsoft does have an internal issue tracker: https://www.engadget.com/2017-10-17-microsoft-bug-database-hacked-in-2013.html [archive]
- ↑
Example quote [archive]:
I doubt microsoft is telling everything, im sticking with W7 indefinitely.
Hmm, guess I'm going back to windows 7.
This is why I went from using the beta build as my primary OS back to Windows 8.1.
And now myself and everyone in my family will be staying with their current OS (Windows XP, Vista, 7 and 8.1).
- ↑
- ↑ Because a previous update was a prerequisite for getting the next update.
- ↑ https://www.gnu.org/proprietary/malware-apple.en.html [archive]
- ↑ https://sneak.berlin/20201112/your-computer-isnt-yours/ [archive]
- ↑ https://appleterm.com/2020/10/20/macos-big-sur-firewalls-and-vpns/ [archive]
- ↑ https://fix-macosx.com/ [archive]
- ↑ https://fixubuntu.com/ [archive]
- ↑ https://www.theinquirer.net/inquirer/news/2168086/canonical-linux-kernel [archive]
- ↑ https://ask.fedoraproject.org/en/question/25127/how-to-build-unity-in-fedora/ [archive]
- ↑ https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-Zstd-Deb-Packages [archive]
- ↑ https://mjg59.dreamwidth.org/25376.html [archive]
- ↑ https://www.linux-magazine.com/Online/Blogs/Off-the-Beat-Bruce-Byfield-s-Blog/Mir-vs.-Wayland-show-why-upstream-projects-matter [archive]
- ↑ https://kver.wordpress.com/2015/05/27/making-sense-of-the-kubuntucanonical-leadership-spat/ [archive]
- ↑ https://www.pcworld.com/article/2998647/operating-systems/kubuntus-founder-resigns-accuses-canonical-of-defrauding-donors-and-violating-copyright.html [archive]
- ↑ https://lists.ubuntu.com/archives/kubuntu-devel/2012-February/005782.html [archive]
- ↑ https://www.fsf.org/news/canonical-updated-licensing-terms [archive]
- ↑ https://mjg59.dreamwidth.org/37113.html [archive]
- ↑ https://forums.linuxmint.com/viewtopic.php?t=152450 [archive]
- ↑ Dev/Operating_System#Switch_from_Ubuntu_to_Debian
- ↑ https://mjg59.dreamwidth.org/45939.html [archive]
- ↑ https://www.zdnet.com/article/microsoft-and-canonical-partner-to-bring-ubuntu-to-windows-10/ [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
100px | |
Fosshost | About Advertisements |
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
There are five different options for subscribing to Whonix ™ source code changes.
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.