We are proud to announce the release of Parrot 3.10, the latest version of our security oriented GNU/Linux distribution.
The first big news is the introduction of a full firejail+apparmor sandboxing system to proactively protect the OS by isolating its components with the combination of different techniques. The first experiments were already introduced in Parrot 3.9 with the inclusion of firejail, but we took almost a month of hard work to make it even better with the improvement of many profiles, the introduction of the apparmor support and enough time to make all the tests.
One thing I that like about the Android App security model is that for a given app, it presents the permissions to the user and the user has to accept them. This is good because the user has control over the software it runs, and is an invaluable tool to be able to use an App without granting it too much access without having to renounce to use it altogether.
Fortunately, the Linux world is a much more friendly environment in terms of malicious software. A big reason for this, is the fact that software is audited and curated by distro package maintainers. I recommend this interesting post on the subject.
Even the best written software can contain vulnerabilities that can be exploited. With the advent of container technologies, such as docker, flatpak or LXC, many have suggested to use them to isolate software from the rest of the system and in doing so mitigate the harm of possible breaches.
By sandboxing software this way, you get some more control over what it is capable of doing, effectively getting closer to the Android security model.
Restricted home directory in Google Chrome
Sometimes we have to run an application that we do not trust, but we are afraid that it might look at or delete our personal data, since even though Linux systems are less prone to malware, they are not completely immune. Maybe you want to access a shady-sounding website. Or perhaps you need to access your bank account, or any other site dealing with sensitive private information. You might trust the website, but do not trust the add-ons or extensions installed in your browser.
In each of the above cases, sandboxing is useful. The idea is to restrict the non-trusted application in an isolated container -a sandbox– so that it does not have access to our personal data, or the other applications on our system. While there is a software called Sandboxie that does what we need, it is only available for Microsoft Windows. But Linux users need not worry, since we have Firejail for the job. more…
Editing a Firetools launcher entry
Linux is secure, right? It’s certainly more secure than Windows in a lot of ways, but it’s not impervious to attack. There is always a trade-off between security and usability, but how far can you really go to secure your operating system without seriously compromising its usability?
If you get compromised the damage is already done, it really doesn’t matter which operating system you run. Firejail allows you to mitigate this risk, but will it keep you secure without making your system unusable? more…