So, a while back I installed Xfce with Chicago95, but was disappointed. Xfce just doesn’t vibe with me, and a strict emulation of Windows95 is not really what I wanted, I just wanted something that “felt” that classic.
So I was gonna give up and just use KDE, until I saw TDE. I think TDE is probably what I’m looking for but I’m concerned about using anything so minor because security.
It TDE secure (for personal use)?
Can a DE even be insecure, or are they all generally as secure as each-other as long as you follow the rules (trustworthy software, closed firewall, install patches fast, and disaster recovery plans)?
What vulnerabilities can a desktop environment even have (edit)?
You must log in or register to comment.
Before you give up on XFCE and/or Chicago95 - have you replaced the default menu with Whisker Menu? For me, Whisker Menu is a must-have for any sane XFCE user. When I used it with Chicago95, I found I could have a Windows 7 style interface with Windows 95 aesthetics.
Honestly, even if Chicago95 is aesthetically not what you want, I’d recommend trying an alternate theme on XFCE - I currently use modified DesktopPal '97 combined with a pack of Haiku-style icons.
Overall, I’d be interested to know more about your qualms with XFCE and see if customization can help you overcome them. A lot of distros have annoying defaults for XFCE, but I changed a few simple settings and have a desktop I rather enjoy using. It is totally fine if it still isn’t the thing for you after any potential discussion, but I just want to make sure you really know what XFCE has to offer before you move on.
I don’t really like how I keep accidentally rolling-up the windows in Xfce and how long the settings menu takes to load, I probably had more qualms but I don’t remember what they are. It works fine (except for some aspects of Chicago95), but it feels outdated in a bad way rather than good way. Part of it is probably my crummy laptop with broken CTRL keys and incompatible bluetooth.
DesktopPal '97 seems really cool, but right now my top priority is switching to KDE Plasma 6 with custom themes and seeing how that goes.
What do you mean by “window roll-up”?
Also, the settings menu thing is weird - mine takes less than a second to load, and I’m on a machine with a 7 year old processor at this point. I almost worry that if that takes a long time KDE will be more miserable performance-wise, unless you’ve already tried it on here.
By the way, what distro and XFCE version are you running - just for good measure.
The outdated sentiment is probably based, honestly. I think it’s gotten better, but there are rough edges. In the end, do what works for you.
You don’t need Trinity for that, you can theme up KDE Plasma 6 to look and feel old school too.
That might be a better fit for me. I know KDE has a polish and security I want, I imagine I could make it how I want.
Apparently TDE has lower resource usage, so I wonder if for that reason KDE might be a better fit. Clearly I should get both more experience with KDE and a better idea of what I’m actually looking for.
There are no open security bugs against TDE that I’m aware of—if there were, I’d expect them to be fixed in the next release. In my experience, the development team, while not huge, is active and competent.
I’ve been using TDE since a little while after Gentoo sunsetted KDE3, and I’ve had no issues. Just make sure your X server is secure—
-nolistenand all that stuff—and don’t try to use Konqueror as a web browser (it remains an excellent file manager), and you should be fine.Wayland is “more secure” than X in that it makes less LAN contact by default and tries to sandbox programs from one another to an extent, just in case some future browser exploit that can copy random swathes of your screen tries to screenshot your password manager or something. There are no active exploits against a correctly-configured X server at this time that will magically vanish if you switch to Wayland, as far as I’m aware—it’s more future-proofing stuff.
Thanks, that’s a very clear response. I guess I basically can use it until X11 stops getting security updates. I wonder whether an X11 vulnerability can trigger a serious vulnerability even if it doesn’t get security updates.
No idea what that
-nolistenstuff is about. Is that to do with the firewall?-nolistenis an actual option passed to the X server—your distro may do so by default—to work around a known security issue in some versions. I admit I’d have to look up the details, as it’s been a couple of years since that issue was reported. Recent X versions almost certainly have a patch.I’d be kinda shocked if in, in 2025, any download of a DE opened X org up to remote connections by default. But I will double check.
Desktop environments are not equal form the security perspective, but they all are rather insecure, because security is hard and harms UX, and the GNU/Linux desktop is traditionally focused on UX and the user freedom by sacrificing security. However it is possible to build a secure environment based on an insecure DE, what Qubes OS does with XFCE, for example.
The question I want to ask here is, what does “secure” and “insecure” mean in the context of a DE. What distinguishes a secure and insecure DE from a practical perspective (physical access, privilege escalation, rootkits, etc.).
It appears to be maintained, which is a point in its favour.
You could send them a message on their mailing list and ask the question.
It’s good that it looks to be still maintained, but I imagine their resources are limited with so little market share and it doesn’t look like they have the resources to switch to Wayland (which I assume is more secure).
I’m not sure my noob questions are worthy of asking the devs directly.
That might be true. They have a Mastodon too https://floss.social/@tde
There are no stupid questions and the attitude of any response would be a good way to judge if using the DE is worth your time.
I started writing out a question, but I realized I need a better understanding of what an insecure desktop environment even means first.
Probably not significantly less secure than Xorg itself, I wouldn’t mind using in your place. DE security is usually not a huge problem, if someone can exploit these vulnerabilities usually you are quite bonked.
Remember most of what happens on screen is xorg, the wm is a simply interacting with xorg and other parts of your DE are simple user level programs like the panel etc…
What kind of threats could affect Xorg? I can’t imagine anything really exploiting the display manager without arbitrary code execution elsewhere (not that I know anything at all about software security).
I guess the biggest risk is whichever browser I use becoming a Wayland exclusive and not getting updates.
My issue would be the old version of Qt it runs on, which is not maintained anymore. That itself is a bit of a problem security-wise.
Looking at the FAQ, they do “maintain” their version of TQt3. Whether they maintain it to the extent that it’s secure is anyone’s guess. There’s always the question of what kinds of exploits can even exist in a desktop environment (which I should add to my original post).
