Talk:Security-focused operating system/Archive 1

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Archive 1

This page is more a list of security features in a selected list of operating systems than the definition of a concept.

You cannot exclude by definition of the "security focused", operating systems that are not only security focused but have taken all the measures to prove it with a certification.

The criteria "increasing security as a major goal" is not easy to document and to beserve. All operating systems have as goal reliability and security. But having a goal is not sufficient to ensure security. In the article there is no reference to statements or documents proving that the listed products really have security as a major goal. And some big market actors have not been mentioned, even if they publicly stated their commitment to increase security.

PROPOSAL: 1) Redefine the criteria of security focus (for example, the availability of advanced security features or an architecure/design that favours security: this is documented and can more easily be referenced) 3) Review the list of OS , include also the certified products, and mainstream OS which also have interesting and advanced security focused functions. — Preceding unsigned comment added by Cth027 (talk • contribs) 15:17, 19 November 2011 (UTC)

The entire article is not being worked on regularly and I can see why, as it duplicates needlessly entries which should go in the respective pages of the listed operating systems. On the whole this article should be reworked into more of a list form, since only the original definition really adds anything which could not be moved to the pages of specific operating systems or security software / technologies. Perhaps, similar to suggested above, a list by security focus or comparison in features could also be valuable. Hail knowledge (talk) 00:35, 2 June 2015 (UTC)

This article does not mention SELinux (Security-Enhanced Linux by NSA)

Now it's mentioned --Doc aberdeen 16:00, 10 December 2006 (UTC)

In regards to the most recent edit (before the one I just made) to the article, which added "Linux" at the top then went on to describe SELinux as a "feature" - it's technically a module not a feature. That's just the way the kernel works. I don't really need to say more since you can just check out it's wiki entry. I'm gonna change the wording to module, maybe add a few other points then I got to go for the day. See the following articles for clarity: SELinux, Loadable_kernel_module & Linux_Security_Modules. Also, I'm not sure how to phrase the edit or what links to include? Should I rephrase "feature" to "module" or to "security module" -- with link to respective article, of course... or leave it and just add a link... or what, someone help! NewGuy1001(talk) 17:08, 29 November 2012 (UTC)

OK, I make the edit. Please tell me what you think; feedback welcome! Specifically, I clarified some murky points: distinguished Linux from Linux Kernel, feature from module, module from security modules (in the Linux kernel ie. LSM), and lastly clarified the circumstances under which SELinux was actually integrated with the kernel (not Linux itself ie. the first point). That is all the time I have for today! Hope I helped, even a little! Carry on Penguins! NewGuy1001 (talk) 17:28, 29 November 2012 (UTC)

This should mention rsbac.

Now it's mentioned --Doc aberdeen 16:00, 10 December 2006 (UTC)

Shouldn't it be listed here too?

Add it then --Doc aberdeen 16:00, 10 December 2006 (UTC)

Shouldn't the article be "Security-focused operating system" with a dash? —The preceding unsigned comment was added by Frap (talk • contribs) 23:13, 6 December 2006 (UTC).

Now that page redirects here. --Doc aberdeen 16:00, 10 December 2006 (UTC)

It is somewhat funny that a difference is made between unofficial and official (tested and certified) security with the second article "security-evaluated operating systems". This looks as critic on the evaluation system. Perhaps that should be motivated. Evaluation is of course expensive and not having this with some open source products would not necessarily mean they are less save. Perhaps they just don't want to ask the money for it from their customer's but some costumers may need that level of assurance. But making a special version of an OS for evaluation could also be considered as focusing on security. So the list in the second article "security-evaluated operating systems" can be considered as part of the list in this article. There is was exception of putting evaluation information in a separate article:Trusted Solaris. That may give the impression the other mentioned OS'es are not evaluated.

Wouldn't it be better to call the article "List of security-focused operating systems" as the current name suggests that it is an article about the concept of security-focused operating systems? - Koweja (talk) 20:15, 28 November 2007 (UTC)

I agree. Viewing this article is akin to opening up an encyclopaedia, looking up an article, and finding an index instead. Perhaps this article should get the "needs expansion" tag? A greater in-depth discussion on why secure operating systems are beneficial, and the different approaches to achieve it, for example, would be great for this article! Songjin (talk) 07:22, 29 February 2012 (UTC)

At which point is it more secure to disable root and use the same password for the normal user and sudo? Can someone proof it. If not, I will delete this from the article. --Txt.file (talk) 00:09, 16 July 2010 (UTC)

I think that the article should specifically state the "stable" branch of Debian as secure as distinct from the "testing" branch. Not that testing is insecure, but stable is the one you'd want if you have security in mind. Just a thought. NewGuy1001 (talk) 16:52, 29 November 2012 (UTC)

I see that this rather unique is only mentioned as an external link resource. Probably because the distro doesn't currently have a wiki entry, although it's lead developer does. I would really like to see Qubes added to this list as it is a strong security oriented OS. I will work on a scholarly entry for it, maybe even give it a wiki entry as well in the coming days.. or maybe weeks as I am kind of busy. I'll try! Just give me time or better yet do it yourself/for me! NewGuy1001 (talk) 17:04, 29 November 2012 (UTC)

Hi all,
The content of the article seems to be dominated by individual technical observations on specific OSs, almost entirely unsourced. It doesn't really develop what a "Security-focused operating system" is, and I think that it would be impossible to find a source saying that most of the OSs listed here are a "Security-focused operating system". For instance, we have a section on Solaris which opens by saying that, err, Solaris isn't actually security-focussed, then we go on to discuss its security features anyway. And that section is actually better sourced than the rest of the article, in that it has two primary sources showing formal accreditation - something which the lede says is different to what the article is supposed to talk about. I think this article really needs tightening up. Any suggestions? bobrayner (talk) 11:03, 1 December 2012 (UTC)

Apple's iOS is extremely secure, yet absent from the list. This is sad and IMO makes the list look bad. — Preceding unsigned comment added by Evarlast (talk • contribs) 20:20, 30 May 2013 (UTC)

Pentoo - Gentoo based chines backtrack. 78.107.223.19 (talk) 22:31, 21 September 2013 (UTC)

LIPS (lighweight portable security) - US Navy Secure Distributive for net-cafe on enemy's territories. 78.107.223.19 (talk) 22:35, 21 September 2013 (UTC)

The INTEGRITY RTOS - Real-Time Operating System

From inception, the INTEGRITY RTOS was designed so that embedded developers could ensure their applications met the highest possible requirements for security, reliability, and performance.

To achieve this, INTEGRITY uses hardware memory protection to isolate and protect embedded applications. Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses.

Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.

78.107.223.19 (talk) 22:41, 21 September 2013 (UTC)

REMnux - A Linux Distribution for Reverse-Engineering Malware 78.107.223.19 (talk) 22:42, 21 September 2013 (UTC)

LynxSecure

Desktop Virtualization and Secure Client Virtualization Based on Military-Grade Technology Secure virtualization for laptops, medical and data applications with LynxSecure separation kernel

LynxSecure's military-grade technology is now available for other markets such as medical, consumer, financial, industrial and communications. LynxSecure supports commonly available processor architectures, operating systems and applications, and offers the ultimate in protection, without interfering with the desired functionality of the device.

78.107.223.19 (talk) 22:46, 21 September 2013 (UTC)

santoku - Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

78.107.223.19 (talk) 22:48, 21 September 2013 (UTC)

DEFT Linux

DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.

It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics. DEFT is meant to be used by: Military Police Investigators IT Auditors Individuals

78.107.223.19 (talk) 22:51, 21 September 2013 (UTC)

Aegis Combat System The Aegis Combat System is an integrated naval weapons system developed by the Missile and Surface Radar Division of RCA, and now produced by Lockheed Martin. It uses powerful computers and radars to track and guide weapons to destroy enemy targets.

78.107.223.19 (talk) 22:54, 21 September 2013 (UTC)

Can somebody please remove the redirect of Whonix from this page so a new article for the OS can be created. I pre-wrote an article on my sandbox: https://en.wikipedia.org/wiki/User:WikiTryHardDieHard/sandbox2 --WikiTryHardDieHard (talk) 00:05, 11 July 2014 (UTC)

Done. Have fun. bobrayner (talk) 12:32, 12 July 2014 (UTC)

@User:Bobrayner Thank you.--WikiTryHardDieHard (talk) 19:20, 12 July 2014 (UTC)

Polippix and Mandragora need adding, see http://www.greycoder.com/anonymous-linux-distributions/ 109.130.252.51 (talk) 12:38, 27 September 2014 (UTC)

Why does the phrase "As of, <date>, <OS> is still maintained" exist? Is it implying that these projects may stop at any given moment? -- KneeLess 05:29, 5 Sep 2004 (UTC)

They indeed may stop at any moment --Doc aberdeen 16:00, 10 December 2006 (UTC)

I think this page definitely should contain KeyKOS, EROS and Coyotos! Are they just forgotten, or is there any reason why they are not included? -- Kickus 13:30, 16 Jun 2005

If they qualify as an operating system (i.e. not just a kernel) then add them --Doc aberdeen 16:00, 10 December 2006 (UTC)

SELinux isn't an operating system - it's a kernel module - and yet it's here as well.

... and that's in addition to quite a few discontinued OSes - maybe those should be on a separate article for historical security-focused OSes, or at least be placed into a, "discontinued," section? 174.91.182.140 (talk) 18:33, 27 September 2023 (UTC)

Hello fellow Wikipedians,

I have just modified one external link on Security-focused operating system. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for http://www-128.ibm.com/developerworks/aix/library/au-openbsd.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 04:43, 1 April 2016 (UTC)