I'm curious about how you were infected by a rootkit, which one it was, and what you did to discover it? Using a Sandbox is a great idea for those two, except of course those are generally the applications with the most sensitive data as well. I always try to disable html email, but people insist on using it...
On Tue, 2015-10-27 at 16:25 +0100, Elmar Stellnberger wrote: > I would believe that it will heavily depend on how you configure your > desktop environment: > * One feature I do always turn off is desktop auto indexing because > otherwise even storing an email attachement just for invoking it with > an > online view-as-jpeg service could cause an infection. Note that you > may > have to do this twice (once for Gnome and once for KDE) if you have > installed according programs of both environments. > * select starting a new session on every bootup (the session > restoration > can be used as a hook for ephemeral and home directory rootkits) > * under KDE there is a list of background services that always run; > you > may reduce it to what you really need (invokable via systemsettings) > * likely there are other important configuration options (ask for > your env.) > * get some understanding of what your X-server does (f.i. > http://www.elstel.org/xchroot : problems with a pure chroot, trying > to > resolve these problems by hand) > * double check the security of the underlying system (netstat -atupn) > * note that your email program and your browser are the two most > vulnerable parts of your desktop environment; consider running them > under qemu in a virtual machine > > Once you would comply with all these hints you may likely discover a > rootkit inside the virtual machine for emailing or browsing as I did > lately. The KDE environment of the host system did not appear to have > compromised the security of the whole system so far at me. > > Elmar > > > > On 27.10.2015 12:29, Mateusz Kozłowski wrote: > > Hi, > > Could You tell me which debian desktop environment is the most > > security and the best privacy and which You recommned for debian > > users? (KDE, XFCE, GNOME etc.)? > > > > >
