Here are five Linux distributions you should know about when looking for a Linux distro that is focused around security and privacy.
- Qubes OS
While not really for the novice user, Qubes is one of the top privacy based distros. The graphical installer is the only option to install the OS to your hard drive, which will then be encrypted.
Qubes OS uses the Xen Hypervisor to run a number of virtual machines, ordering your life into ‘personal’, ‘work’, ‘internet’ for security. As a result, if you are infected with malware on your work machine for example, your personal files won’t be compromised.
The desktop uses coloured based windows to show the different virtual machines, making it easy to tell them apart.
Booting a live operating system can be a nuisance as you have to restart your machine, whereas installing to a hard drive means there’s always the risk of the machine being compromised. However Whonix offers a nifty compromise by being designed to work as a virtual machine inside VirtualBox which can be snapshotted and reset to default settings.
Whonix is divided into two parts. The first is ‘Gateway’ which routes all connections to the Tor network, the second ‘Workstation’ part is designed to reduce the chance of DNS leaks which can be used to monitor your web activity.
Whonix is compatible with all operating systems that can run Virtualbox.
- Discreete Linux
This distro is the successor to the superb Ubuntu Privacy Remix. The OS has no support for network hardware or internal hard drives, therefore all data is stored offline in RAM or on a USB stick. The distro can be run in live mode, but when booting from a volume also allows you to store some of your settings in an encrypted ‘Cryptobox’.
Another ingenious feature is the kernel modules can only be installed if they’ve been digitally signed by the Discreete Linux team. This therefore thwarts hackers from attempting to sneak in malware.
Please note that Discreete is still in Beta stadium and not ready for productive use
- Subgraph OS
Subgraph OS is Debian a based Linux distro and is designed for uber-tight security. The kernel has been hardened many security enhancements, Additionally Subgraph creates virtual ‘sandboxes’ around risky applications like web browsers. As such any attacks against individual applications won’t compromise the entire system.
A customised firewall also routes all outgoing connections through the Tor network with every application requiring approval from you.
The distro is designed to be installed to a hard drive. Encryption of the entire file system is mandatory therefore avoiding any plain-text data being leaked.
TENS (Trusted End Node Security). Previously called LPS (Lightweight Portable Security), this Linux distro was developed by the US Air Force and is NSA approved [PDF].
TENS is specifically intended to be run in live mode, therefore any malware is removed once the machine is shutdown. It includes a minimal set of applications but there is also a ‘public deluxe’ version which contains Adobe Reader and LibreOffice. All versions include a customisable firewall. The OS can also create logs through a smart card.