this post was submitted on 10 Dec 2025
65 points (88.2% liked)
Linux
60433 readers
404 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
More secure OSes limit what social engineering attacks can take place and what damage they can do.
OK, I'll bite... How exactly?
often social eng attacks rely on a vulnerability as well e.g. getting your mark to open an Excel file that exploits a vulnerability in MS Office.
Sure, but if the compromise stays within its own app, like for a browser, sandboxing won't help.
The bulk, and I mean like 95% of the compromises I see are normal employees clicking on things that "look legit".
Excel is now wrapped in a browser. Discord, almost all work apps are all wrapped in a browser. So you can be completely locked down between apps like grapheneos, but if you are choosing to open links, no amount of sandboxing is going to save you.
This is why we deploy knowbe4 and proofpoint, cause people are a liabilities, even to themselves.
Clicking on things that look legit is a critical part of interaction with computers. Programs should not be installed unintentionally, so first and foremost Office Macros should not be enabled by default (and eventually Microsoft did disable them).
Recently I think the main avenue for malware is to send a PDF with a fake popup for an update, that links to a phishing site and prompts you to download an exe with malware. That kind of thing is a harder issue to solve, but at the very least an OS should probably not let that program update your BIOS.
One example is on GrapheneOS, programs can't touch system files due to no root access, and they also can't access data files for other programs.
Sure, but op chose to follow a link. You can be sandboxed to high heaven and still get pwned if you make choices like that. Discord is particularly rife with this.
Yes, but I never said you won't get pwned. I said that it would limit how it could be done and what damage it could do.
For instance, if you click a link and download something shitty, it can't just steal your auth tokens on GrapheneOS because all of that is isolated to only the program that uses them. Meanwhile on Windows/Linux there are tons of Python scripts that do that. It would take extra steps on GrapheneOS for someone to use social engineering to hack someone's Discord/Bank/etc account, which could be enough to prevent it for some people.