is hardenedbsd more secure than openbsd?

nuudul

JuvenalUrbino

nuudul If this question was moved by their "Easy Feature Comparison" chart, then the answer is no; otherwise my answer would be that such a generic and dependable question is nowhere to lead to any sort of productive debate

20-100

Having a secure base OS is one thing, but nobody uses just a base OS. The only reason why you'd need an OS is to run applications.
Now, HardenedBSD being a FreeBSD derivative, it has significantly more software packages available than OpenBSD, and each piece of software you install comes with its own set of vulnerabilities.
OpenBSD is thus statistically more secure than HardenedBSD because you have fewer occasions to use it. 😉

rvp

20-100 OpenBSD is thus statistically more secure than HardenedBSD because you have fewer occasions to use it.

Or, you have to "compromise security" yourself to make the system a bit more useful. For example, I've turned off the default library re-ordering, and the kernel-relinking on every boot; compiled my usual programs (WM, xearth, ...) myself because pledge/unveil and friends make the ones installed from packages fail in mysterious ways.

Of my installed OSes, OpenBSD gets the least use because I feel vaguely guilty each time I make these kinds of changes of convenience to the system.

silvanus

20-100 Does it mean that everything that runs on FreeBSD also works on HardenedBSD? Or are there some packages, which might be broken because of the HardenedBSD security settings? I'm just asking because there are many FreeBSD users and I often read about their experiences. On the other hand there seem to be not so many HardenedBSD desktop users.

20-100

In the same vein, I have worked at a company enforcing very stringent password rules. In particular, you had to change your password every month and couldn't reuse any of the last 24 passwords. To comply with these rules, I've ended up using completely predictable passwords built from the year and the month, which was barely better than writing it on a post-it sticked to the monitor...

rvp

20-100 I have worked at a company enforcing very stringent password rules. ... which was barely better than writing it on a post-it sticked to the monitor...

There are secure, workable solutions to this problem:
Write your passwords down
Two factor paper passwords

plzBugMeNot42

silvanus my experience with hbsd was pretty great, it was the first bsd i tried, as a daily driver on my thinkpad actually, maybe im not unix experienced enough to rly judge, but for me literally everything i tried from their repo worked flawlessly, mirrored from freebsd with maybe some patches atleast for some progs, idk rly. Only one thing gave me big problems, which is why i switched, VM's! I think what i tried was VirtualBox and QEMU, QEMU had different versions from different maintainers in their repo, but no luck with any of both.
I didn't try porting it on my own.
Used another laptop for some time, got back and tried to do a bigger hbsd update, which bricked the OS.
It remains bricked up to today, cause i was and still am to lazy to do data recovery or switch the hdd 🙁 soon ...

It could be, and i think isn't unlikely, that the issues i experienced are fixed today, all of this happened at least some months ago, but could also be a year or even more, i literally have no relation to time.

Edit: Uh, this topic old, didnt realize/wanted to gravedig, haven't seen anything about it in the Guidelines, is that unwanted here?
Edit_2: Also this is offtopic, but i don't start a: "My hbsd experience" thread, just not (yet?) the person for it.
Edit_3: Must've happened somewhere between V20.X and V21.X, pretty likely community.

pfr

Don't forget about LibertyBSD however it has become dormant and hasn't seen updates in a while. If you're into Libre software though, HyperbolaBSD on a Libreboot system would be cool. Granted there hasn't been any more news on Hyperbola since Jan 2020 either... But if security through obscurity is your thing then that might be worth a look.

For security though you, just practice safe computing. I think it really depends on what you use your pc for and who you may be concerned about losing your data to. As long as you know what your doing, and are not using Windows then you should be fairly "Secure".

Use firewalls and VPN's, don't use google services, encrypt your data etc etc. Unless some secret government department are after you then you should be pretty safe.

Paranoid people appear to like QubesOS

Jay

pfr Paranoid people have shifted to caves in Himalayas. No where to be find 😅

yeti

Jay Ramiferous Paranoid people have shifted to caves in Himalayas. No where to be find 😅

Yip! Too many paranoids and miners in our caves now! Lots of us had to migrate to €urope, and losing most of our fur because of the heat, we blend in well after a while!

https://joscha.com/nichtlustig/080808/

nia

I still think the binary firmware argument is stupid. The FSF-acceptable WiFi cards simply have the binary-only firmware on the device instead of loaded by the operating system.

strawman2511

I'm not a advanced user but I learn how to read useful thing.
HardenedBSD make me remember to Bitrig which based on OpenBSD.

I think we should read these before decide which one is more secure.
https://www.freebsd.org/cgi/man.cgi?security
https://man.openbsd.org/security.8
https://man.netbsd.org/security.7

Maybe a good thing about learn how security OpenBSD have:
https://en.wikipedia.org/wiki/OpenBSD_security_features

I am not sure if HardenedBSD is securer than FreeBSD or OpenBSD or NetBSD. But this comparison will not tell much thing happen in the hood of the car:
https://hardenedbsd.org/content/easy-feature-comparison

I guess people have a taste. I love to using mainstream BSD like FreeBSD, OpenBSD and NetBSD. Maybe not about the security Operating System, it is about us who know how to use the Operating System in a secure way.