Linux

56343 readers

475 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Is the Trinity Desktop Environment Secure? (www.trinitydesktop.org)

submitted 4 days ago* (last edited 4 days ago) by Tenderizer78@lemmy.ml to c/linux@lemmy.ml

34 comments fedilink hide all child comments

So, a while back I installed Xfce with Chicago95, but was disappointed. Xfce just doesn't vibe with me, and a strict emulation of Windows95 is not really what I wanted, I just wanted something that "felt" that classic.

So I was gonna give up and just use KDE, until I saw TDE. I think TDE is probably what I'm looking for but I'm concerned about using anything so minor because security.

It TDE secure (for personal use)?

Can a DE even be insecure, or are they all generally as secure as each-other as long as you follow the rules (trustworthy software, closed firewall, install patches fast, and disaster recovery plans)?

What vulnerabilities can a desktop environment even have (edit)?

you are viewing a single comment's thread
view the rest of the comments

[–] monovergent@lemmy.ml 1 points 3 days ago (1 children)

As far as the TDE devs know, there haven't been any issues resulting in a user getting hacked, they've modernized the underlying code, and actively patch any reported vulnerabilities: https://redlib.tiekoetter.com/r/linuxquestions/comments/1f81hz4/is_q4ostrinity_desktop_environment_inherently/

That said, it is still a niche codebase with a small team, so they might not have the resources to be so proactive against theoretical vulnerabilities as a project like KDE or GNOME with Wayland. If you're being targeted, TDE would certainly be a shiny attack surface, but otherwise, I don't really see why a hacking group would go for something as niche as TDE. There's a tradeoff, like the one I take with X11 because I refuse to give up my XFCE+Chicago95 setup for an arguably more secure Wayland setup.

Most of the issues of a desktop environment just come down to there being more code and therefore a larger attack surface. Lots of widgets, obscure processes, and nooks and crannies to hide malicious stuff too. And legacy code with expansive privileges from the days before security was as much of a concern. While not Linux, it is analogous with security being a big part of why Microsoft released Server Core, which stripped out much of the GUI.

An extreme case, I also know of a someone who used Windows XP to do rather important work on the internet until around 2020. Only thing that stopped them were websites getting too bloated to load on their computer. But they did follow the basic rules as you mentioned and seemed to be just fine.

[–] Tenderizer78@lemmy.ml 2 points 3 days ago

I guess it all comes down to the security of X11, and also whether X11 could even be exploited without arbitrary code execution though Anki or Firefox or Steam Chat or something. At which point no sane hacker would waste such an exploit on X11 that's rapidly becoming defunct.

An extreme case, I also know of a someone who used Windows XP to do rather important work on the internet until around 2020.. But they did follow the basic rules as you mentioned and seemed to be just fine.

I think they skipped the third rule, install patches fast.