We all have information stored on our devices. Protecting our information must be a priority. The primary issue we face now is that security is not something that just happens, and generally our current solutions fail much too often. The mainstream operating systems are designed more for user experience than for other uses. It will be an ongoing struggle to change this and bring a more secure outlook to mainstream operating systems. For now, though, let's take a look at some of the issues we are currently facing and possible changes.

Current Issues

Data is lost every day. Just last month Wanna Cry took advantage of a serious security exploit on Windows and was able to encrypt many people's computers. Wanna Cry is just one example of the attacks we face every day. Nation state actors and hackers are constantly looking for their next target and collecting as much information as possible. The saying "if you have nothing to hide..." comes to mind, but even if we were to assume complete trust in a group with the power to access our machines, there are countless others that are not nearly so trustworthy.

Another issue that we face is that we do not always have our own computer, which means trusting an operating system completely under someone else's control. People with malicious intent will always be targeting our operating systems. Open source can help try to weed out issues, but it has been shown time and again that this is not security's silver bullet. So this leaves us with more questions and maybe the desire to go make, or put on, our tin foil hats.

Operating Systems: A Solution?

Operating systems are the base of all of our software and control our data. Not only are they a target, but they should be primary consideration for us. Installing Windows XP is known to be a bad decision in 2017 for many reasons. Least of these being the fact that it no longer gets security patches (with only rare exceptions). So what does a security based operating system change to make us more secure? We will be looking at two operating systems that focus on security, namely: Tails and Qubes OS. Tails takes an amnesiac approach and is much more portable, but has its drawbacks. Qubes OS is not portable, but is somewhat more flexible. Qubes OS is also much harder to set up, but has more of the conveniences that users expect.

Starting with a secure base for the systems we rely on must be an ongoing expectation of users. Both of these operating systems have their compromises but shine a light on how current mainstream operating systems could try to better protect their users. This will not be an easy task to implement for current systems, but I believe that Tails and Qubes OS can show us the way.

Coming up:

This post is the first of four parts taking a look at secure operating systems. The next parts will come throughout June and will focus on:

  • Methods to Security - How do Tails and Qubes OS try to secure our information? Are there other ways that could be attempted or that should be attempted?
  • Remaining Concerns - After we implement the suggestions from part two, what concerns still trouble the tin foil hat loving user? How can we continue to improve in these arenas?
  • The Weakest Link - What is the weakest link in the systems security? How can we mitigate the risks imposed by the weakest link?