Tails is an immutable distribution of Linux that runs entirely out of RAM, persisting nothing to long term disks. Typically used in a LiveCD like manner.
Notably no mention of Wireguard, managing your firewalls/routers/network architecture, IDS's/Intrusion response plans, key hygiene, and focusing on getting end users prepped for the infosec environment; noting that an ineffective infosec engagement with end users completely undermines everything you're trying to work for. Trying to go all in on most of those tools is a recipe for disaster for any org that actually has something else to do other than jumping through endless security hoops.
Tools aren't the be all end all. Educated and invested users are.
> BSD is a kernel specifically focused, iiuc, on being as secure and straightforward as possible.
No it is not, or at least it doesn't use any modern tools or make a serious attempt to do so. It's a family of OSes written by the kind of people who think if you grow a beard and stare very hard at your C code it will become secure and bug free.
It does change slowly, which is a good technique for avoiding introducing bugs, but it's barely heard of techniques like regression testing.
The secure one in particular has a lot of mitigations that especially feel like they just dreamed up what they think a security mitigation is, instead of engaging with research.
>It's a family of OSes written by the kind of people who think if you grow a beard and stare very hard at your C code it will become secure and bug free.
Staring hard at a set of C primitives and learning the way the primitives actually utilize modern hardware and compose is a fundamental part of computing. Part of programming is not just writing your code in the sense of what it does, but also knowing what it doesn't. All computation is at the bottom deterministic. We've just piled on so much abstraction (if not in high-level languages then in shit like uCode) that most practitioners will just tell you to embrace the madness of unbounded abstraction. You don't have to follow their advice. Tighter code is yours for the taking. Learn your hardware.
The price though tends to be portability. Also, compiler writers are completely deranged, and known for completely turning shit on it's head. Read your language spec, embrace your debugger, and go with God.
Just adding a small correction: you might be thinking of Bitlocker for FDE -- Bitwarden is a password manager. Thanks for the details on the other stuff, I didn't know what Whonix and Heads were
https://tails.net/
Heads similar.
https://heads.dyne.org/
Qubes is an OS endeavoring to isolate literally everything conceivable from each other.
https://www.qubes-os.org/
BSD is a kernel specifically focused, iiuc, on being as secure and straightforward as possible.
https://en.m.wikipedia.org/wiki/FreeBSD
Whonix seems to be focused around decreasing online or browser based metadata leakage?
Mullvad is a paid VPN service.
https://en.m.wikipedia.org/wiki/Whonix
Calyx/Pure/GrapheneOS
Apparently security focused Android distros.
KeePassXC, password manager, self hosted.
TrueCrypt/VeraCrypt: Encrypted volume management.
Bitwarden, FDE solution iirc.
Notably no mention of Wireguard, managing your firewalls/routers/network architecture, IDS's/Intrusion response plans, key hygiene, and focusing on getting end users prepped for the infosec environment; noting that an ineffective infosec engagement with end users completely undermines everything you're trying to work for. Trying to go all in on most of those tools is a recipe for disaster for any org that actually has something else to do other than jumping through endless security hoops.
Tools aren't the be all end all. Educated and invested users are.