Talk:Security-focused operating system

Name change or fundamental review required
This page is more a list of security features in a selected list of operating systems than the definition of a concept.

You cannot exclude by definition of the "security focused", operating systems that are not only security focused but have taken all the measures to prove it with a certification.

The criteria "increasing security as a major goal" is not easy to document and to beserve. All operating systems have as goal reliability and security. But having a goal is not sufficient to ensure security. In the article there is no reference to statements or documents proving that the listed products really have security as a major goal. And some big market actors have not been mentioned, even if they publicly stated their commitment to increase security.

PROPOSAL: 1) Redefine the criteria of security focus (for example, the availability of advanced security features or an architecure/design that favours security: this is documented and can more easily be referenced)  3) Review the list of OS, include also the certified products, and mainstream OS which also have interesting and advanced security focused functions. — Preceding unsigned comment added by Cth027 (talk • contribs) 15:17, 19 November 2011 (UTC)

The entire article is not being worked on regularly and I can see why, as it duplicates needlessly entries which should go in the respective pages of the listed operating systems. On the whole this article should be reworked into more of a list form, since only the original definition really adds anything which could not be moved to the pages of specific operating systems or security software / technologies. Perhaps, similar to suggested above, a list by security focus or comparison in features could also be valuable. Hail knowledge (talk) 00:35, 2 June 2015 (UTC)

SELinux
This article does not mention SELinux (Security-Enhanced Linux by NSA)
 * Now it's mentioned --Doc aberdeen 16:00, 10 December 2006 (UTC)


 * In regards to the most recent edit (before the one I just made) to the article, which added "Linux" at the top then went on to describe SELinux as a "feature" - it's technically a module not a feature. That's just the way the kernel works. I don't really need to say more since you can just check out it's wiki entry. I'm gonna change the wording to module, maybe add a few other points then I got to go for the day. See the following articles for clarity: SELinux, Loadable_kernel_module & Linux_Security_Modules. Also, I'm not sure how to phrase the edit or what links to include? Should I rephrase "feature" to "module" or to "security module" -- with link to respective article, of course... or leave it and just add a link... or what, someone help! NewGuy1001(talk) 17:08, 29 November 2012 (UTC)


 * OK, I make the edit. Please tell me what you think; feedback welcome! Specifically, I clarified some murky points: distinguished Linux from Linux Kernel, feature from module, module from security modules (in the Linux kernel ie. LSM), and lastly clarified the circumstances under which SELinux was actually integrated with the kernel (not Linux itself ie. the first point). That is all the time I have for today! Hope I helped, even a little! Carry on Penguins! NewGuy1001 (talk) 17:28, 29 November 2012 (UTC)

RSBAC
This should mention rsbac.
 * Now it's mentioned --Doc aberdeen 16:00, 10 December 2006 (UTC)

What about Trustix
Shouldn't it be listed here too?
 * Add it then --Doc aberdeen 16:00, 10 December 2006 (UTC)

Name
Shouldn't the article be "Security-focused operating system" with a dash? —The preceding unsigned comment was added by Frap (talk • contribs) 23:13, 6 December 2006 (UTC).
 * Now that page redirects here. --Doc aberdeen 16:00, 10 December 2006 (UTC)

evaluated
It is somewhat funny that a difference is made between unofficial and official (tested and certified) security with the second article "security-evaluated operating systems". This looks as critic on the evaluation system. Perhaps that should be motivated. Evaluation is of course expensive and not having this with some open source products would not necessarily mean they are less save. Perhaps they just don't want to ask the money for it from their customer's but some costumers may need that level of assurance. But making a special version of an OS for evaluation could also be considered as focusing on security. So the list in the second article "security-evaluated operating systems" can be considered as part of the list in this article. There is was exception of putting evaluation information in a separate article:Trusted Solaris. That may give the impression the other mentioned OS'es are not evaluated.

Name change
Wouldn't it be better to call the article "List of security-focused operating systems" as the current name suggests that it is an article about the concept of security-focused operating systems? - Koweja (talk) 20:15, 28 November 2007 (UTC)


 * I agree. Viewing this article is akin to opening up an encyclopaedia, looking up an article, and finding an index instead. Perhaps this article should get the "needs expansion" tag? A greater in-depth discussion on why secure operating systems are beneficial, and the different approaches to achieve it, for example, would be great for this article! Songjin (talk) 07:22, 29 February 2012 (UTC)

sudo
At which point is it more secure to disable root and use the same password for the normal user and sudo? Can someone proof it. If not, I will delete this from the article. --Txt.file (talk) 00:09, 16 July 2010 (UTC)

Debian Clarity
I think that the article should specifically state the "stable" branch of Debian as secure as distinct from the "testing" branch. Not that testing is insecure, but stable is the one you'd want if you have security in mind. Just a thought. NewGuy1001 (talk) 16:52, 29 November 2012 (UTC)

Qubes OS
I see that this rather unique is only mentioned as an external link resource. Probably because the distro doesn't currently have a wiki entry, although it's lead developer does. I would really like to see Qubes added to this list as it is a strong security oriented OS. I will work on a scholarly entry for it, maybe even give it a wiki entry as well in the coming days.. or maybe weeks as I am kind of busy. I'll try! Just give me time or better yet do it yourself/for me! NewGuy1001 (talk) 17:04, 29 November 2012 (UTC)

Original research problems
Hi all, The content of the article seems to be dominated by individual technical observations on specific OSs, almost entirely unsourced. It doesn't really develop what a "Security-focused operating system" is, and I think that it would be impossible to find a source saying that most of the OSs listed here are a "Security-focused operating system". For instance, we have a section on Solaris which opens by saying that, err, Solaris isn't actually security-focussed, then we go on to discuss its security features anyway. And that section is actually better sourced than the rest of the article, in that it has two primary sources showing formal accreditation - something which the lede says is different to what the article is supposed to talk about. I think this article really needs tightening up. Any suggestions? bobrayner (talk) 11:03, 1 December 2012 (UTC)

apple
Apple's iOS is extremely secure, yet absent from the list. This is sad and IMO makes the list look bad. — Preceding unsigned comment added by Evarlast (talk • contribs) 20:20, 30 May 2013 (UTC)

Pentoo
Pentoo - Gentoo based chines backtrack. 78.107.223.19 (talk) 22:31, 21 September 2013 (UTC)

LIPS
LIPS (lighweight portable security) - US Navy Secure Distributive for net-cafe on enemy's territories. 78.107.223.19 (talk) 22:35, 21 September 2013 (UTC)

RTOS
The INTEGRITY RTOS - Real-Time Operating System

From inception, the INTEGRITY RTOS was designed so that embedded developers could ensure their applications met the highest possible requirements for security, reliability, and performance.

To achieve this, INTEGRITY uses hardware memory protection to isolate and protect embedded applications. Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses.

Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.

78.107.223.19 (talk) 22:41, 21 September 2013 (UTC)

REMnux
REMnux - A Linux Distribution for Reverse-Engineering Malware 78.107.223.19 (talk) 22:42, 21 September 2013 (UTC)

LynxSecure from Lynuxworks
LynxSecure

Desktop Virtualization and Secure Client Virtualization Based on Military-Grade Technology Secure virtualization for laptops, medical and data applications with LynxSecure separation kernel

LynxSecure's military-grade technology is now available for other markets such as medical, consumer, financial, industrial and communications. LynxSecure supports commonly available processor architectures, operating systems and applications, and offers the ultimate in protection, without interfering with the desired functionality of the device.

78.107.223.19 (talk) 22:46, 21 September 2013 (UTC)

Santoku
santoku - Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

78.107.223.19 (talk) 22:48, 21 September 2013 (UTC)

DEFT Linux
DEFT Linux

DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.

It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics. DEFT is meant to be used by: Military Police Investigators IT Auditors Individuals

78.107.223.19 (talk) 22:51, 21 September 2013 (UTC)

Aegis
Aegis Combat System The Aegis Combat System is an integrated naval weapons system developed by the Missile and Surface Radar Division of RCA, and now produced by Lockheed Martin. It uses powerful computers and radars to track and guide weapons to destroy enemy targets.

78.107.223.19 (talk) 22:54, 21 September 2013 (UTC)

Whonix New page and redirect
Can somebody please remove the redirect of Whonix from this page so a new article for the OS can be created. I pre-wrote an article on my sandbox: https://en.wikipedia.org/wiki/User:WikiTryHardDieHard/sandbox2 --WikiTryHardDieHard (talk) 00:05, 11 July 2014 (UTC)
 * Done. Have fun. bobrayner (talk) 12:32, 12 July 2014 (UTC)
 * @User:Bobrayner Thank you.--WikiTryHardDieHard (talk) 19:20, 12 July 2014 (UTC)

Polippix and Mandragora
Polippix and Mandragora need adding, see http://www.greycoder.com/anonymous-linux-distributions/ 109.130.252.51 (talk) 12:38, 27 September 2014 (UTC)

Other
Why does the phrase "As of,,  is still maintained" exist? Is it implying that these projects may stop at any given moment? -- KneeLess 05:29, 5 Sep 2004 (UTC)
 * They indeed may stop at any moment --Doc aberdeen 16:00, 10 December 2006 (UTC)

I think this page definitely should contain KeyKOS, EROS and Coyotos! Are they just forgotten, or is there any reason why they are not included? -- Kickus 13:30, 16 Jun 2005
 * If they qualify as an operating system (i.e. not just a kernel) then add them --Doc aberdeen 16:00, 10 December 2006 (UTC)


 * SELinux isn't an operating system - it's a kernel module - and yet it's here as well.
 * ... and that's in addition to quite a few discontinued OSes - maybe those should be on a separate article for historical security-focused OSes, or at least be placed into a, "discontinued," section? 174.91.182.140 (talk) 18:33, 27 September 2023 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on Security-focused operating system. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Corrected formatting/usage for http://www-128.ibm.com/developerworks/aix/library/au-openbsd.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.—cyberbot II  Talk to my owner :Online 04:43, 1 April 2016 (UTC)

I question as to why some operating systems are on this list.
Ubuntu is more user-friendliness oriented than security oriented. I'm not implying they have poor security but the "focus" isn't there to the degree of the other listed operating systems. It should probably be removed. — Preceding unsigned comment added by 199.120.25.205 (talk) 00:14, 22 June 2012 (UTC)


 * I STRONGLY second this motion. I propose that Ubuntu (despite the fact that I'm posting from it) be removed from this list. I work in information assurance, and I can tell you straight up that this looks like shameless advertisement to me. Ubuntu is not nearly as secure as distro as (some might call rival, but in reality not at all rival although the parent company are certainly rivals to some extent) Fedora. If the previous line was a bit confusing; I'm saying that Ubuntu is not nearly as secure as Fedora out of the box despite Fedora being even more bloated then even Ubuntu. It doesn't make any sense to me why Ubuntu should be on this list and therefor I will try to remove them after this post. NewGuy1001 (talk) <span style="font-size: smaller;"  comment added 16:50, 29 November 2012 (UTC)


 * Also, if you want to think of this way or as justification, just consider the recent SERIOUS security issues and flaws in the newest release, 12.10 as proof and justification of this decision. Again, I really do not feel like Ubuntu should be included here and it's presence really does seem more like plug then actually adding to the usefulness of the content henceforth. NewGuy1001 (talk) 16:57, 29 November 2012 (UTC)

It would seem some other general purpose distros have snuck in: Something like OpenBSD might be viewed as grey area, since the project top to bottom has such a strong focus on security. Either way, I don't think that run of the mill Linux distros should be included on this list just because they have a firewall or a few basic security features (as seems to be the justification included in the article).
 * OpenSuSe
 * Debian
 * Fedora
 * RHEL

I'd also remove Windows "Core mode" many (most?) Linux distros offer minimal installs not including GUIs -- that in and of itself does not make it a security oriented operating system. 99.110.77.236 (talk) 05:01, 24 November 2017 (UTC)
 * I'll add that removal from this list is not a slight at all against any of the aforementioned Operating Systems -- I use RHEL daily. I just don't think they fit on this list. 99.110.77.236 (talk) 05:03, 24 November 2017 (UTC)


 * In my opinion, Windows server core should stay on the list. It is Microsoft's attempt to ship a more secure OS. The fact that the method they chose is something that every version of UNIX already has is irrelevant. As for general purpose Linux distributions, I say if it has a way of hardening it, leave it in, otherwise, nuke it. The fact that Debian with the changes from the Securing Debian Manual wasn't given a separate name doesn't make it any less of a security-focused OS than, say, HardenedBSD or Trusted Solaris.


 * OpenBSD, Fedora, and Red Hat Enterprise Linux, on the other hand, are clearly not security-focused operating systems. They are general-purpose operating systems that are believed by some to be more secure than some other alternatives. They should be removed. --Guy Macon (talk) 23:50, 24 November 2017 (UTC)
 * Saying that OpenBSD is not a security-focused operating system just tells us all that you have no idea what you're talking about. Removing it was ridiculous, and the fact that it only has a super-quick blurb that calls it a, "research," OS also makes no sense whatsoever.
 * I really suggest adding this back form before you ruined the article:
 * "OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. OpenBSD became the first mainstream operating system to support partial ASLR and to activate it by default; ASLR support was completed in 2008 when it added support for position-independent executable (PIE) binaries."
 * There are dozens of places you can find that show that OpenBSD is one of the most (if not THE most) security-focused operating systems, but how about straight from the horse's mouth?:
 * https://www.openbsd.org/security.html
 * For crying-out-loud, "Secure by Default," was their slogan for almost 2 decades!
 * If you need external validation of their claims, you can start by checking out the various 3rd-party links available here:
 * https://www.openbsd.org/events.html
 * But really, a simple Google search should provide you with literally THOUSANDS of experts referring to OpenBSD as a/the security-focused OS.
 * I know many people hate the founder of OpenBSD, and that's fine, but since when do we remove stuff just because it was made by someone we hate? 174.116.84.211 (talk) 15:08, 22 September 2023 (UTC)

Yet Another Question about list inclusion criteria
I noticed this edit with the edit summary black box is a pentesting OS like kali linux, not a hardened system, Are security-focused operating systems limited to hardened systems? Should this list exclude pentesting operating systems? --Guy Macon (talk) 09:59, 24 March 2019 (UTC)

Removal of "Replicant" and "BSD"
I have tried to remove both Replicant and BSD, because both are merely General-Purpose OSes. With Replicant, replacing proprietary components with open ones does not make it "security-focused", also I've found the attack at Samsung in the repicant entry to be somewhat dubious. BSD is just an general-purpose OS. I've also found the inclusion of Windows Server in headless mode to be questionable. Sure, there might be less security issues in this mode, but this is highly speculative. Plus, headless mode is very common in almost any server software... --2003:CD:7F0F:A00:58D:F513:E257:D60F (talk) 10:39, 29 November 2019 (UTC)

Removal of CalyxOS
CalyxOS it is not a secure operating system. It falls behind Security updates and does not offer any additional hardening upon AOSP despite the misleading marketing.