I would believe that it will heavily depend on how you configure your
desktop environment:
* One feature I do always turn off is desktop auto indexing because
otherwise even storing an email attachement just for invoking it with an
online view-as-jpeg service could cause an infection. Note that you may
have to do this twice (once for Gnome and once for KDE) if you have
installed according programs of both environments.
* select starting a new session on every bootup (the session restoration
can be used as a hook for ephemeral and home directory rootkits)
* under KDE there is a list of background services that always run; you
may reduce it to what you really need (invokable via systemsettings)
* likely there are other important configuration options (ask for your env.)
* get some understanding of what your X-server does (f.i.
http://www.elstel.org/xchroot : problems with a pure chroot, trying to
resolve these problems by hand)
* double check the security of the underlying system (netstat -atupn)
* note that your email program and your browser are the two most
vulnerable parts of your desktop environment; consider running them
under qemu in a virtual machine
Once you would comply with all these hints you may likely discover a
rootkit inside the virtual machine for emailing or browsing as I did
lately. The KDE environment of the host system did not appear to have
compromised the security of the whole system so far at me.
Elmar
On 27.10.2015 12:29, Mateusz Kozłowski wrote:
Hi,
Could You tell me which debian desktop environment is the most security and the
best privacy and which You recommned for debian users? (KDE, XFCE, GNOME etc.)?
