The dream of a free Linux / Android is over, what do you think about SE Linux?

Discussion in 'Serious Discussion' started by Yen, Apr 25, 2014.

  1. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    In other words google does not want to protect privacy of the end users, google wants more market shares = money. But security is a question of trust and I don't trust google. Security concepts should be available from competitors, from different competitors all over the world where I can choose.

    Have a look at windows, everybody can use security products from different manufacturers. The OS itself is the most insecure, though. Anyway it has its place for corporate use!

    Why one need to root the system at all? Why can't I get the device without bloatware? Why do they restrict me there where I don't want (for instance external SD card access restriction since kitkat?)

    The question is does google really care about the interests of the end users or actually about their own only?
    In fact google does not want to have a secure OS, they want private data!!!

    What is really insecure at the current android system to have an argument for improvement?

    Android just has a worse reputation compared to other mobile OSes because not many trust google. Abuse happens there where traffic is recorded, not on a particular OS.

    I mean a device is secure as long as nobody tries to steal personal contents from it. The idea to steal data creates the need for a security concept at all. The joke is that those who want to steal and those who want to protect are the same, they are US companies cooperating with gov't...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    Yes Yen it's business and it's all about the money and Google makes money off your data. That is their primary business, ads. You should have known this for about a decade now!

    I don't agree with this at all. After Snowden, people will distrust all Oses. Before Snowden, Android was considered insecure because of its open nature. The App store for one thing became a muddled mess with loads of questionable apps. It still is a muddled mess. Then the fragmentation of the OS was a huge issue with loads of Gingerbread installs dominating the market. This is still a major issue except it now is moving to Jellybean. It is no different from what has happened on Windows with XP losing support, but still having a huge install base. To single out a distrust of Google as the major security issue is ludicrous! How many trusted Apple or Microsoft before Snowden ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    We don't have actually a very different opinion. That what has to do with Snowden has nothing to do with the security of an OS, though. It has to do with traffic and security of traffic. Nobody of them really wants to secure traffic.

    BTW: I was witness when our CEO had been asked why the company will get IPads instead of products from competitors such as Android tablets.

    He answered: Because Apple offers a certified security concept.

    To reason insecurity with the fact that android is open source, is not very convincing.
    Also to reason security with a certificate issued by those who cooperate with the spies themselves is rather BS.

    But a company needs somebody who takes responsibility concerning security. And Google does not offer that so far, hence there is no trust, or at least no will to use Android for corporate use.

    The security problem is somewhere else. All big companies are US companies.
    Many people and companies also have no rational explanation when they chose one particular company (Google, Apple, Microsoft)…
    A rational decision would be to deny them all, better said their so called security solutions.
    I want solutions from competitors all over the world as posted already. At least I can use threema, a secure messenger.
    But I want more products like this...:)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    When I mentioned Snowden I didn't imply that it had to do with OS security. It has to do with public awareness. Before Snowden there were rumors and what not, that really weren't taken seriously. Now that you actually know what's happening it makes people take a different perspective on issues of privacy. Also traffic and security has a lot to do with the OS especially if the OS is facilitating the interception of data.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    You are right, it has to do with public awareness. One's wallet is safe at the same place every day until one steels it AND one becomes aware that it is gone. As long as one thinks it is still there it is highly probable safe.

    What I don't like is the way they come up with security concepts and their priorities. SELinux, Knox. All affects the OS itself and processes inside. Also with the intention to make it hard to modify means to remove stuff I don't want. KNOX flag, warranty void? What a fuss...I have paid for it...

    But can you tell me why they simply don't implement a real end-to-end encryption? They implement encrypted container to have a safe environment for sensitive applications...what a joke when the data leave then the OS insecure....
    How old are traffic protocols such as SSL already?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    I recall there was a 128 bit Windows rumor a while back, don't know what happened to it.
    The answer is simple here, if you don't trust a particular company, even if they implement the best security known to man, you will still always have doubts. It would be best if you stopped using their services entirely!
    Now who do you trust ? After Snowden you won't trust any company, since they can all be bought by the NSA etc. So you have two choices, give up life as you know it and move to a mountain cabin and hope that a satellite can't spot you there and we know it can ! You may have to think like Bin Laden did when he was hiding. Or you can choose to restrict the amount of personal info you share online. And also realize that you are a small fish in a big ocean and that there is a price to pay for so called "free services". I think the big question will be, how much intrusion are we willing to tolerate, since intrusions will happen whether you like it or not ! If you haven't been hiding under a rock for the last year or so, what Snowden did was to force the red pill down your throat. So now you have to live with the consequences of knowing. Remember ignorance is bliss.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    Ignorance is bliss until an unwanted personal harm like personal data is abused to discredit people / diminish reputation yes even destroy a life, or to 'sell' something that is actually unwanted, happens. When I post here I have primarily those 'ignorants' in mind.
    I can protect myself in a limited way as you have mentioned knowing some tech details. I also use no social network stuff and also no cloud storage.
    Security concepts issued by cooperators of the NSA remain doubtful no matter what tech / security level they have.

    BTW: I am not speaking of so called free services, I spoke of KNOX / SELinux and shameless claims to void warranty. When I install 'free' apps I read what rights they demand and if I think they are inappropriate I don't install the app. I also know how to deny rights.
    The basic issue is that actually both sides try to keep their privacy. The thing is where is the limit. I mean the NSA is considering me as a potential enemy storing my traffic. The false idea of their identity is the point. Power is measured by things one seemingly has under control, that is an illusion.
    The world becomes full of people and institutions where nobody can trust no one anymore, this can lead to a horror scenario.

    I know I can only work on that there where I am able to. At myself...and share my findings.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    @Yen, KNOX is what happens when greed gets in the way of commonsense. It's doing for Samsung the same thing that UEFI is doing for Microsoft except in a more brazen way. Next time you get the urge to waste more money on devices that are offering even more diminishing returns, you might consider OnePlusOne .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. stayboogy

    stayboogy MDL Addicted

    May 1, 2011
    855
    227
    30
    so, i wanted to post a follow up to this...

    i've been working with a new device whose kernel source contains SELinux, and it is a fact that I can activate and deactivate it at will through the kernel and still run the android system.

    the only caveat is that some of the newer features of the kernel are made to depend on it--there are simple ways around that though.

    so there. it can be done and is being done [removing/disabling selinux]. even with android 4.4
     
  11. R29k

    R29k MDL GLaDOS

    Feb 13, 2011
    5,178
    4,818
    180
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    6,011
    4,151
    210
  13. stayboogy

    stayboogy MDL Addicted

    May 1, 2011
    855
    227
    30
    recovery options in some bricking scenarios is method related from what i've read in places with regards to encrypted filesystems.

    meaning only knowing how to properly restore a device from a proper backup of unencrypted data is needed.
     
  14. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    The joke is here: http://arstechnica.com/tech-policy/2014/10/us-top-cop-decries-encryption-demands-backdoors/

    As last resort to flash a stock firmware (for instance through ODIN at Samsung devices) should recover it from a brick, no?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,813
    45,775
    150
    #55 CODYQX4, Oct 21, 2014
    Last edited: Apr 12, 2019
    .
     
  16. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    It's not new that the US have officials who claim that encryption which has no backdoor (is safe) should be forbidden for private use. It's about the data themselves as evidence, but to speak of pedophilia there must be the act of pedophilia first. Common phone tracking is sufficient.

    What makes me sick is the mechanism how they enforce their control and that they want to have it worldwide and people are fooled by it again and again.
    They create a hostile environment by abusing media and use the created fear of the people to justify their spying actions and measures.
    They themselves appear as protectors of social values, of justice and democracy
    I wonder how people can be that naive to believe such intrigues.

    How many US pedos do harm people compared to the US army?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. tugyo

    tugyo MDL Junior Member

    Oct 11, 2014
    72
    0
    0
    after a short research i've found this u can try

    [h=2]Fully Disabling SELinux[/h]Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled:

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    # targeted - Only targeted network daemons are protected.
    # strict - Full SELinux protection.
    SELINUXTYPE=targeted
    ... and then reboot the system.For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf, if you're using the GRUB boot loader. On the kernel line, add selinux=0 at the end. For example,

    title SE-Linux Test System
    root (hd0,0)
    kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb selinux=0
    #initrd /boot/initrd-2.4.20-selinux-2003040709.img
    You will have to reboot to disable SELinux, you just can't do it while the system is running.

    source:
    http://www.crypt.gen.nz/selinux/disable_selinux.html
     
  18. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    This applies to Linux generally, but...

    This does not work for Samsung Android FW (Samsung stock kernel do prevent this), you need to recompile the entire kernel using original sources with other compiler settings (Linaro toolchain). Only then you can use setenforce = 0 command.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    Actually this isn't true. All you need is a unencrypted boot loader which acts as a launch point for the operating system. Think of it as having the Bootloader not on the same partition but isolated.

    This way you can launch the OS while keeping it encrypted. :)
     
  20. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    What are you guys talking about? There had been encryption already before, the difference is that it's disabled per default. Besides of that paid apps are encrypted (.asec).

    You cannot brick your device, but you can lose your encrypted partition, or boot looping the device when fiddling with super su on encrypted partitions.

    And it has nothing to do if the bootloader is encrypted or not. In order to execute it, it needs to be decrypted on the fly on each cold boot.
    The custom recovery can flash any particular partition from a recovery regardless of encryption (if boot loop occurs / ‘soft-brick’).
    As last resort one still can flash the entire stock FW and then recover the personal (un-encrypted) data from a backup. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...