Desktop Security

The Parrot OS home page [1] lists four major concerns: security, software freedom, a lightweight system, and cross-platform portability. To these concerns, it also adds a thorough development stack and the goal "to push newbies into good habits." Of all these concerns, Parrot is best known for being security conscious. However, it succeeds in all of these concerns to a degree. In particular, by making privacy and security tools part of the standard install, Parrot is probably most successful in pushing all users – not just newbies – into better security habits.

Based on Debian Testing, Parrot OS is a rolling release, with packages updated as soon as they have been tested, although official releases are periodically released as well. It also offers a choice of MATE or KDE Plasma as a desktop environment. Parrot requires 256MB of RAM, making it lightweight by modern standards and suitable for older systems as well as new ones. Its goal of cross-platform portability is seen in the number of downloads available. The Home Edition is for general users (Figure 1), and the Security Edition is for penetration testing and other security work and programming (Figure 2). Both the Home and Security Editions run virtually in Boxes and include images for VMware and VirtualBox. The Security Edition includes variants for IoT and cloud appliances. Parrot OS also offers a Pwnbox version that runs in a web browser and an ARMv7 architecture version. In addition, the installation images for the Home and Security Editions include a Live version. Installation is via the Calamares installer (Figure 3), one of the simplest installation methods available for distributions.

Figure 1: The Parrot OS's MATE-based desktop.

Figure 2: The Security Edition contains dozens of scripts and apps, as shown by the extensive menu for penetration testing.

Figure 3: Parrot OS uses the Calamares installer.

Available Applications

Parrot OS's most notable feature is its software selection. Only a handful of productivity applications are available, such as LibreOffice and Gimp, in keeping with the basic security principle of installing the minimum software required in order to reduce the opportunities for possible attacks. Beyond these basics, users should install only the software they require. Even the game menu is limited to a 2D chess game – a hint, perhaps, at the intellectual users that Parrot expects to attract.

Both editions have the usual MATE system tools, such as BleachBit for cleaning up installed software and GParted for disk partitioning, but only the Security Edition includes a menu for starting and stopping services. Similarly, both editions include Vim and Neovim. However, the Home Edition includes only three dedicated programming tools: Geany, the programming text editor; links to VSCodium, a collection of open source binaries for Microsoft's Visual Studio Code; and Zeal, a help site for developers. By contrast, the Security Edition includes an additional five applications and links, among them Git Cola, a GUI for Git; Meld, a diff and merge tool; and git-dag, a graphical depiction of Git history. From the selection of tools available in the two editions, the assumption seems to be that hobbyist programmers will use the Home Edition, and administrators and more advanced programmers working on large projects, often with remote versioning repositories, will install the Security Edition.

However, it is in privacy and security tools that Parrot OS really stands out. Some of these tools, such as the Electrum Bitcoin Wallet, the Ricochet chat app, or the GNU Privacy Assistant, are developed by other projects; others, such as OnionShare or AnonSurf, are developed by the Parrot Project itself. Occasionally, the available tools overlap. For example, Parrot OS offers both Tor and I2P for anonymous web browsing, leaving users to decide which one to use.

The Home Edition focuses on privacy. AnonSurf takes Tor one step further by anonymizing all system communication, beginning by shutting down potentially vulnerable apps and changing a user's IP address with a single click of a button (Figure 4). Also included are five different encryption tools as well as a metadata cleaner and a secure file deleter. Unlike many privacy tools, most of the tools in the Home Edition have easy-to-use graphic interfaces and embedded help that assume minimal prior knowledge. When a tool lacks a GUI, Parrot OS's menu opens a terminal at the appropriate man page. As a result, more users should be encouraged to use these tools, and, perhaps, feel confident enough to learn more about the principles behind them.

Figure 4: AnonSurf is an example of the simple efficiency of the apps designed by the Parrot Project.

The Security Edition's menu is dominated by the Pentesting (penetration testing) top-level menu for forensic investigations. The menu is so crammed with scripts and apps that the second-level menu contains 14 items, including Most Used Items, Information Gathering, Vulnerability Analysis, Exploitation Tools, Password Attacks, Sniffing & Spoofing, and Reverse Engineering, to say nothing of third- and fourth-level menus, some of which are even longer. The entries alone are the start of an education – who knew, for example, that Linux was important enough in the car industry that there would be an Automotive option?

All this is just an overview. Just listing the scripts and apps included in Parrot OS would take at least 5,000 words and fully documenting everything would take a book. Parrot OS essentially provides a curated range of Linux privacy and security tools. Just having all these resources on one menu makes learning about security easier.

Security Accessibility

Security often means a trade-off with convenience, and Parrot OS is no exception. To start with, KDE's Plasma is hardly in keeping with the goal of being lightweight. For that matter, any desktop environment is just one more place where things can go wrong. For that reason, many security experts prefer to work exclusively from the command line. In addition, while Debian Testing is often said to be more reliable than most distributions' general releases, Debian Stable would be a more secure choice for building a distribution. These choices seem to be made for the simple reason that many users prefer a desktop environment and to offer users apps closer to the latest releases (Debian Stable is sometimes several releases behind).

If Parrot OS does not offer the most secure distribution possible, it does offer more security than most distributions. Parrot OS installs with a wide range of privacy and security tools, many of which are easily configured or installed ready for use. More than anything, Parrot OS offers easy access to privacy and security. Although Parrot is potentially more secure than most distributions, its greatest accomplishment is security education, something that is sadly lacking elsewhere despite years of concern and growing necessity. Parrot OS provides both a basic curriculum and a practical set of tools.