Do KDE is less secure than GNOME, Windows?
I’ve red somewhere that some linux spins are a lot less secure than Windows. If an operating system have many bugs then it is a lot more vulnerable?
I am using bottles and bleachbit could it break KDE?
How to make it more secure, stable?
My 2 cents.
The second you introduce windows applications via wine you open up a whole can of worms. For one, you are now susceptible to the same malware/viruses that can infect a windows machine so THAT is probably your biggest hole on your setup.
Running a clamdscan with a systemd.timer (or a cronjob if you prefer that) once a week is what I do to try to protect myself.
I am NOT saying “it is crazy of you to use wine”, I am saying you are correctly analyzing your security and thinking about it, which is a GOOD thing.
I am also saying be mindful of, just like on windows, what you download and click on in web browsers.
As for GNOME vs KDE security, I have zero clue.
1 Like
It’s a bit like asking, “I heard that Toyota cars are better than VW cars; is it true?”
There isn’t really an answer because it depends on how you define the terms, what you value, etc. You’ll need to get more specific with your questions.
6 Likes
You are either the strongest link in your security chain, or the weakest. Where you go and what you click on determines more about your risks than what OS, DE, or AV you are running. You can have the most secure computer on earth, but if you visit certain sites, you will be hacked. That’s just a fact.
1 Like
An operating system is not just the desktop environment used so I wouldn’t say that kde/plasma is more or less secure than gnome, it depends on the distribution you use than the DE.
As for the comparison with windows it is more complicated, I think linux is not inherently safer than windows but in the desktop environment many viruses and malware are meant to run on windows and generally linux users download software from trusted repositories.
Also the bug count is a very relative index, all software has bugs but normally in a floss eco-system it is much easier to report them, as far as security is concerned then it is not so much the number of generic bugs that matters but the security vulnerabilities and from this point of view floss development is much more transparent than closed software.
2 Likes
The number of bugs can also be misleading, as not all bugs are related to security. Some are about usability, functionality, documentation, … While some of these might have security implications, many do not.
I am not visiting any specific sites with KDE that I do with other operating systems its just KDE breaks very quickly to an unusable state when programs crashing and system feels unstable. I suspect my internet provider or neighbors or the bottles could be at fault - do not know. 
From my personal experience KDE “breaks” the quickest compared to Windows or Gnome especially lately.
I will try to do like bedna does:
They don’t until they might do?
Maybe you have more suggestions on how to keep system in good working condition. What to do and what do not?
That is not supposed to happen.
But the jump from that to “security” is a pretty long shot imho.
It would probably be better for you to try to figure out why things “break”, whatever “breaks” means.
We don’t even know what system you use, what hardware, what distro, other than it is running KDE on top.
It ALL depends, but that is also pretty off topic.
1 Like
Can you be more specific about what is breaking? I’m not saying you are wrong or anything of that nature, but my system is solid. I even run Steam games on it with an nVidia 2070 Super. Maybe something in log files will help us to help you. So far, we have nothing to go on.
1 Like
I am using Fedora’s KDE and having problems with various programs installed from a flathub and fedora’s repository. Some launch and after some time they don’t while others do, they launch and they don’t. Maybe it is related to flathub and rpm fusion updates I do not know, but I do not have these issues with a Gnome Fedora. For example MPV media player crashes if I click about 10 - 11 times on seek bar in different locations, VLC media player sometimes do not launch at all and I think it is not related to updates, as if it is time based validity to use. Sometimes programs work and sometimes they don’t. The other thing is that if I install windows program with bottles and create shortcut in programs then make it a default application to open certain files it works for some days and then suddenly it no longer launches from shortcuts in applications bar, or can open files from dolphin, although it is possible to launch it from bottles (I tried to fix it by reinstalling bottles, mono or wine without any success). Something wrong with shortcut? I wonder how do shortcuts work in bottles, there must be something more than shortcut that launches the program from bottles. Maybe something related with flatpak restrictions?
I would like to use windows applications on Linux as default programs: “Sumatra” for PDF, “Stone image viewer” for image viewing and “Subtitle edit” to edit subtitles.
I do get the same problems in gnome as well so maybe it is because of bottles bugs or vulnerabilities or updates that need updates?
There are more problems, but what do you think about these?
I agree with many things said here but also disagree and especially think the core points are all over the place or not mentioned.
- A system that gives users the ability to execute and install anything has the weakest link in the user. Linux has to improve a lot for nonwheel users, and mounting /home nonexecutable, to prevent this. Flathub with the verified repo is a good step. But I want to stress that a system has to protect users from themselves too.
- The Desktop is not the main part in a secure System but a big one. The Distro handles packaging, versioning and security patches. Also security systems like Apparmor or SELinux which protect against malicious apps at least somewhat.
- the state of secure Linux Desktops is not good. SELinux confined users is not implemented anywhere and not ready to use. Make sure to use seperate users and a nonwheel user (or non sudo group on Debian) if you fear programs catching your sudo password. Still… the home directory needs to be split up and access managed. Flatpak!
To Security in KDE
- A breaking Desktop is not a sign of being insecure. It may break because it fails to do something insecure (but this is rare)
- Desktops still handle a lot of important things: Wayland compositor, Portals, core applications, permission management, software installation, services with open ports, …
- Kwallet is not secure and should not be used to store anything sensitive to my knowledge
Also KDE has nothing to do with your Browser (if you dont use Falkon haha). I recommend using a Browser through bubblejail, or just the preinstalled Firefox. It is probably not advised to use Flatpaks in the current state, as Chromium Browsers cant isolate tabs from another in their normal way, and there is no statement of Mozilla why Firefox Flatpak would be equally secure anyways.
Instead of trying to do all the “hardening” yourself, find projects that do the same and contribute!
- QubesOS: very security focused, learning curve and requires powerful hardware, but solving a basic problem using currently available technology
- Alpine Linux: minimal, security optimized in its core libraries.
- GrapheneOS: the most secure Linux Distro probably, to this day. I recommend it on the phone, and people even try to use it in a Laptop formfactor, but that is not a good experience and apps are not comparable at all
- Secureblue: a fully working security optimized version of Fedora, implementing various fixes from a lot of projects. It uses ublue as base and has a lot of images for anything with Wayland support.
Currently available Projects may not be state of the art always. They have to work reliably, so fancy things like ChromeOS-like containery with full desktop integration can be very possible with kata-containers and more, but this is not done.
And yes, please use Wayland, Pipewire, Flatpaks, Portals, bubblewrap, Virtual Machines etc.
Flatpak is really useful for isolating apps from the core OS, limiting permissions, having them easily resettable, uninstallable, updateable and officially maintained. I have a list of recommended Flatpak apps, tested for their compatibility with modern Linux Desktops.
And, good news! Okular, Gwenview and more work really well with portals!
1 Like
Yes, that is a problem. I would love to do without wine - but I still can’t. I was an old Windows user and got so used to MyPhoneExplorer that I can’t do without it on Manjaro Linux either. Unfortunately!!!
KDE Connect in particular could connect the smartphone to the PC. But how to synchronize the data, including the calendar and contacts, I haven’t seen anywhere yet. Unfortunately. What a pity.
The most secure computer is the one that isn’t powered.
2 Likes
The Intel ME is still on, even when your computer is off. Theoretically, if you type on a keyboard connected to a powered-down computer, the Intel ME can send those keypresses off to servers unknown.
https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
1 Like
unplugs pc from wall
what now
2 Likes
If you’re on Android you can use DAVx5 to sync calendar, etc.
Yes, I use Android. Do you have experience with how to use DAVx5 - it seems infinitely difficult to me.
I’m going to DM you to keep the thread on topic.
About the intel ME:
I just got my Novacustom Laptop! Intel ME is hard disabled (which poorly breaks any TPM functionality)
And it is really nice too, an upgrade from my useless Thinkpad.
Would be cool to have some collaboration between them and Slimbook, KDE, Fedora or whatever.
Afaik the biggest variable is scale. Clevo Laptops can easily be ordered in small quantities and well customized.
Do any of these operating systems use KDE?