this post was submitted on 05 Mar 2026

97 points (99.0% liked)

No Stupid Questions

47033 readers

692 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.

Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago

MODERATORS

L3s@lemmy.world

technopagan@lemmy.world

jeffw@lemmy.world

L3s@hackingne.ws

L4s@lemmy.world

Is it reasonable to be concerned about security issues when switching to Linux? (fedia.io)

submitted 5 days ago by can_you_change_your_username@fedia.io to c/nostupidquestions@lemmy.world

61 comments fedilink hide all child comments

I'm still in the research phase of switching to Linux and don't know if this concern is reasonable. I'm not tech savvy. I'm comfortable in the windows ecosystem and could use the dos prompt fine when they used it. I played with QBasic and C++ when I was younger and have built a few computers but that was a couple decades+ ago.

My concern is dealing with malware. I know that Linux has less issues with malware than Windows but, as I understand it, that's primarily because it has a comparatively small market share. I feel like I'm getting into Linux just as it's getting more popular and that it will get worse if the EU moves away from Microsoft because they will most likely adopt some form of Linux as their new standard. More less tech savvy people like me moving to Linux makes it a juicier target for people who create and use malicious software. It's not a reason to stay with Windows but is it a reasonable concern? Are there sufficient tools for people who don't really know what they're doing to be reasonably secure on Linux and will they keep up if the threat profile expands as Linux picks up more users?

you are viewing a single comment's thread
view the rest of the comments

[–] pheusie@programming.dev 2 points 2 days ago* (last edited 2 days ago) (1 children)

Aight. I'll give you some more then 😜:

Don't expect real-time protection (à la Windows Defender) on Linux. While decent options do exist^[Ironically, Microsoft Defender for Endpoint on Linux is one of the best out there.], the better ones come at a premium.
Though, related to the previous point, that's not necessarily a bad thing. The epitome of secure OSes, GrapheneOS (for mobile) and Qubes OS (for desktop), don't come pre-installed with one either. And I wouldn't be surprised if their respective maintainers would justify it by stating that proactive security is simply better than reactive security.
FWIW, Lynis is a battle-tested security tool used to audit the system. It doesn't work on Windows, but does on macOS, Linux and some other systems. It even goes as far as granting a numerical rating that represents how well the system performs on security and notes (point-by-point) what could be improved (and sometimes even how). While I would definitely not argue that it's the be-all and end-all, the numeral rating definitely makes it easy to compare distros at a glance.

There's perhaps more to go through, but I believe we should address the elephant in the room:

How much hardening did you even apply on your current/previous OS?

Like, if you've built a literal fortress, chances are that you'll have a hard time finding a suitable distro that provides similar protection OOTB. But, if you're just your average Joe and you just ran with how it came OOTB and at least didn't try to actively sabotage/compromise their system, then... chances are that a decent amount of mainstream distros will suit you fine. I kinda hinted at it in my previous comment, but a mainstream distro could be fine if you uphold best practices. So, in that scenario, the query shifts to:

Are you willing to adopt best practices?

If you're unsure whether you'll manage given your wants/needs out of the system, then that would (again) shift the question. This time we'd have to discuss the activities you engage in and 'decide' whether there are any distros out there that can handle those gracefully and responsibly.

Etc. Etc.

Warning: as you should be aware by now, and if you haven't yet, see the security entry on the (excellent) ArchWiki and the (infamous^[Madaidan used to be a security researcher on Whonix. Whonix is one of Linux' finest when it comes to privacy and security. Heck, it's involved in the preferred way to engage on the Tor network. It's even endorsed by Edward Snowden. So, by their efforts/contributions, Madaidan should have rightfully earned the required credentials and be regarded as somewhat of an authority on the subject matter. However, this article wasn't well-received. From what I saw, the community was mostly dismissive. Disappointingly so. Which..., unfortunately shows that there's a lot more circle jerking than what we'd all admit to. Anyhow..., FWIW, there was actually a slice of the community that did take it seriously. I'd characterize them as the security-conscious. Furthermore, note that Madaidan hasn't updated it for a couple of years now. So some of the writings have clearly become outdated. So, to be clear, the situation isn't as bleak as they described in their article.]) Linux entry on Madaidan's Insecurities, this can be a pretty ugly rabbit hole. I hope this doesn't discourage you, though.

Finally, consider giving answers to the bold and cursive questions 😉.

[–] can_you_change_your_username@fedia.io 2 points 1 day ago (1 children)

I'm closer to the average user than someone who has built a fortress. I use Firefox with ublock, ghostery, and privacy badger. I use the free tier of proton vpn. I run avast daily and malwarebytes weekly.

I think that I should already be close to best practices but I'm not sure how changing OS will affect that. I'm not really worried about being targeted for anything. I don't think that I really do much risky beyond the occasional torrent or downloading a patch for a game. I get games primarily from gog, don't open strange emails or click strange links, and use a password manager to generate secure passwords. One of the things that I'm most unsure about is keeping everything updated. Microsoft manages keeping everything updated for the most part on Windows and the last time I needed to find a driver anywhere except from Microsoft it came on a 3.5" floppy.

I use my computer primarily for single player gaming, discord, and fediverse sites. I need a spreadsheet and word processer, I use open office for that right now. I do financial and work related things on a different device.

[–] pheusie@programming.dev 2 points 1 day ago

Yet another very lengthy comment. I hope you will find it worth reading.

Wow, that's very insightful. Thank you for the effort!

If you allow me, I wish to provide some feedback and -if applicable- give pointers on how some of that translates to Linux.

I’m closer to the average user than someone who has built a fortress.

That's probably true, but you're definitely upholding excellent practices. Most people I know don't even practice a fraction of that 😅. So mad props for that!

FWIW, I will assume for now that you haven't delved into Windows Registry (or stuff like HotCakeX) for the sake of hardening. Which, to be clear, is absolutely fine. But is worth noting for the eventual mapping to a suitable distro.

I use Firefox with ublock, ghostery, and privacy badger. I use the free tier of proton vpn.

You can just continue doing these.

I run avast daily and malwarebytes weekly.

Unfortunately, I'm not aware on how we would translate this responsibly. This could be on me, though. Granted, the situation on Linux is different from how it is at Windows. Anyhow, as a non-expert, the furthest I came would boil down to:

ClamAV as the first layer of reactive anti-malware. AFAIK, this is your only free^[To be clear, it seemed to me that you would prefer this. Which is why I specifically targeted gratis options. But please let me know if you're willing to shell out.] option for real time protection^[Note that this might not be setup correctly OOTB. Consider checking out this entry within its documentation.].
Unfortunately, ClamAV is plagued by a tendency to output many false positives. Perhaps even moreso than most of its kind^[This is actually widely reported. See e.g. this reddit thread or see this discussion on the Linux Mint forum]. So, you'd naturally want a second opinion to verify its claims. Which, often comes in the form of relegating it to something more accurate. Enter VirusTotal. If this only happens occasionally, then the web app might suffice. But feel free to look into Lenspect for a dedicated app with a GUI, that functionally does the same. Or, if you're more interested in ease^[Labeling a terminal-based tool as the easier option might seem counter intuitive at first, but makes sense when you notice that it can scan folders. Which, makes it possible to move all flagged files (by ClamAV or otherwise) to a folder in which they can all be scanned in one go] of use and/or function, the more powerful VirusTotal CLI.
As for your weekly Malwarebytes, a couple of options do exist, but it's questionable to what degree they're effective. Though, there's somewhat of an exception: Kaspersky's Virus Removal Tool for Linux (KVRT) is pretty legit. But I would only recommend that if you trust Kaspersky (or, rather, trust that they're not compromised due to politics).

I think that I should already be close to best practices but I’m not sure how changing OS will affect that.

It will 😜. Look into the others comments for a healthy amount of pointers on this.

I’m not really worried about being targeted for anything.

I'm glad to hear that. It would otherwise complicate things a lot.

I don’t think that I really do much risky beyond the occasional torrent or downloading a patch for a game.

You should be fine as long as they're from trusted sources.

I get games primarily from gog

Unrelated to the rest of my commentary, but this is an excellent choice! You got great taste.

don’t open strange emails or click strange links, and use a password manager to generate secure passwords

Keep this up 👍.

One of the things that I’m most unsure about is keeping everything updated. Microsoft manages keeping everything updated for the most part on Windows

So, the gist is that as long as you're installing stuff from a repository, then upgrading your whole system should be a pretty straightforward, streamlined and seamless experience. Heck, it can even be automated if you want. The following is worth pointing out, though:

If your notion of "updated" means that the latest ('stable'^[This can sometimes be a convoluted term as it means different things depending on the context. Here, I use it to mean production-ready as per the developer of said software.]) release is found on your system, then this will affect your choice of distro. By contrast, there are distros that update in leaps. So, instead of going from versions 1 -> 2 -> 3 -> 4 -> 5 -> 6 -> 7 -> 8 (and so on, and so forth) , it does 1 (long pause^[In which it basically freezes and skips any version in between. Security updates are backported, though. So, you're not necessarily unsafe/insecure and/or at risk.]) -> 3 (long pause) -> 6 (long pause) (and so on, and so forth).
Automated background updates do exist, but I'd only recommend those on systems that do that OOTB. If however, you're fine with (or perhaps even prefer) pressing a button after a prompt for updates, then note that that's more widely available.

and the last time I needed to find a driver anywhere except from Microsoft it came on a 3.5" floppy.

So, if that was your experience on Windows, then I'm somewhat optimistic that you'd be more than fine on Linux. FWIW, drivers and whatnot are mostly found within the Linux kernel itself. Thus, making Linux a very smooth experience; your drivers simply receive the updates whenever an update to the kernel has been applied. Though, while rare, exceptions do exist. And they're quite notorious:

Nvidia used to be pretty bad in this regard, probably the result of a bad relationship. But, it has become a lot better in recent years. Still, I would recommend a distro that specifically handles Nvidia updates (about) as gracefully as they come. So, please mention it if you're on Nvidia.
Broadcom's wireless drivers. Tough luck. Thankfully, some distros have put in significant efforts to make this work. So, again, the specific distro could matter.
There are perhaps others, but these were the first that came to my mind.

I use my computer primarily for single player gaming, discord, and fediverse sites. I need a spreadsheet and word processer, I use open office for that right now.

Nothing out of the ordinary. Most of those translate pretty easily to Linux:

single player gaming -> For GOG specifically, there's Minigalaxy. But Heroic Games Launcher also supports GOG very well and can do more beyond that.
discord -> If you're fine with how it works within a browser, then you're all set. If you desire an official app, then the one provided on Flathub is your best option. However, the Flatpak format is known to have the capacity to cause 'issues'^[Many reasons exists for this, but an oversimplification -for the sake of brevity- would be due to its improved security.] with otherwise well-functioning software. So, alternatively, you may install it from your distro's repository.
fediverse sites -> Firefox is included in many distros, so you should be good to go OOTB.
open office -> I wasn't expecting this, but only some Linux distros have continued to include it within their respective repos. The absence of Debian, Fedora and openSUSE is quite telling. Granted, Apache has continued to create .deb and .rpm install files, so nothing's actually preventing you from installing it. FWIW, if you're not necessarily tied to OpenOffice, then perhaps the likes of LibreOffice (and many others) are worth mentioning.

I do financial and work related things on a different device.

Good job on compartmentalizing your activities across multiple devices!

Fam, as this has become an absolute unit of a comment, please feel free to dismiss as you feel like and only engage with the parts you want. If you've come this far, then I'd like to express my appreciation: Thank you!