this post was submitted on 07 May 2026
-42 points (17.2% liked)
Linux
13568 readers
314 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I agree with most of your points. But the *BSDs are not somehow more secure as a desktop OS. The suffer the same fundamental flaw which are present on Linux: no sane/coherent threat model. Desktop apps run unsandboxed without any MAC policies. The *BSDs also lack many of the useful security features available on Linux (not that most Linux distros do anything with that stuff either, except AOSP and ChromeOS). Just cus a kernel is more "secure" does mean anything when the stuff implemented in userspace doesn't make use of any of those features.
SELinux is very powerful, same with Seccomp and Landlock. But do any distros make extensive use of that and actually also sandbox applications.
FreeBSD has capsicum (and also an implementation of FLASK?, which is what SELinux is for Linux). OpenBSD has pledge. But are apps required to run in a isolated environment? Many of the *BSDs (and certainly .most of their users) still use X11 instead of modern alternatives like Wayland. The are still monolithic kernels which dont implement drivers in userspace, network, etc in userspace. Not secure at all.
MacOS is more secure, I agree. But it isn't trying nearly hard enough IMO.