Linux

Security is an insanely broad topic. As an average desktop user, keep your system up to date, and don't run random programs from untrusted sources (most of the internet). This will cover almost everyones needs. For laptops, I'd recommend enabling drive encryption during installation, though note that data recovery is harder with it enabled.

There's a lot of people with the idea that open source can't be secure because people see the source code.

But imagine this. You have 2 locks, one that is completely viewable of the innerworkings, and another that is covered, both have been unbreakable, but could you imagine the balls on the guy that made the clear lock? Imagine feeling so confident that your lock was clearly the best, that you just expose it to any hacker ever and they still can't get in.

Microsoft can barely get things working with their closed source code.

In reality, anything is exploitable and hackable eventually. With the open source community there are so many eyes on it that when someone notices that the program is running 2 seconds slower than it used to, they discover a vulnerability instead of just accepting it and saying "probably MS doing some BS" and dealing with it.

I just want to say that you're probably worrying too much about it. Of course, there is lots of things one can do to improve security (which the others here are listing dutifully) and it is foolish to just assume that one's computer is entirely secure, because as a user, you will always have the ability to bypass that.

But there's a pretty firm consensus in the IT industry that Linux is more secure than Windows. And that the popular Linux distributions are more trustworthy organizations than Microsoft.

So, it's good to inform yourself, but if you survived on Windows, you at least should not worry about the Linux side of things. It's more than fine.

Microsoft being closed source hides their bugs and vulnerabilities. Even when security researchers have sent in reports MS has sat on them due to profit being motive not security, and not taking vulners seriously until the researchers say screw that and publish it.

Linux being open can have all eyes on it, and if there is an exploit, there is a community willing to help ASAP.

On many distros you may have weekly or even daily updates or patches coming through with fixes. A distro like OpenSUSE has various patch and list patch commands that show what security patches are avilailable, their status (critical, recommended) and if it's needed on your system or not depending on what you have installed. You don't get transparency on closed source systems.

If you are paranoid about security you can use AppArmor tools or SELinux. AppArmor can be set to learn how an app behaves, then you lock it so the app can't do new things.

SELinux you set rules for files and folders, so even with remote access an attacker can't access data if rules don't allow file listing over SSH etc

I've used Linux Mint and other distros daily for more than 10 years. Never had a virus or malware issue and don't even run antivirus software.

During that same time I've had to help friends remove viruses and malware from their Windows machines dozens of times. The latest Windows disaster I've assisted with was a few months ago. A retired friend had her Windows 10 machine hijacked and $8K stolen from her savings account. Making sure the malware was removed required hours of work formatting the drive and reinstalling Windows.

IMO you are far safer with a plain vanilla Linux install that you are with Windows, no matter what steps you take to secure your Windows installation.

Nothin, just install your favourite distro and don't run random command/scripts/binaries you found on the internet

To be honest, security in the desktop Linux space has traditionally been a bit shit.

Since you're new, it's important for you to understand that Linux is a kernel. That's the most low-down part of your operating system that handles your OS talking to your hardware and vice versa. Linux is not a full OS; it doesn't provide any userspace tools that an OS provides. That's why people don't install Linux on its own, but they install Linux distributions, which are full OSes using the Linux kernel that come with more or less software to make Linux a complete OS, or at least bootable. That means that there is no one way to do things in Linux. There are some Linux distributions that are security-focused, such as Qubes OS and Alpine Linux. There's also the new immutable distros, which provide security because the entire OS is defined declaratively, meaning you can easily rollback changes, and it's harder to get infected with malware on those systems. There's a lot of variability. Some systems are quite secure by default. A lot of other systems do not set up any security measures by default and expect the user to do that.

If you're interested in hardening your Linux install, I would recommend the Arch wiki's security page which has a lot of good advice.

Security is a really broad topic and the relevant security measures for you are going to vary based on your threat model. General good practices include using some form of MAC, setting up a firewall, don't install random crap you don't need (and if you are getting software from somewhere that isn't vetted, e.g. the AUR, you should vet it yourself—e.g. if you use the AUR, learn to read PKGBUILDs), use full-disk encryption. Anti-virus software is largely not necessary on Linux, especially if you only install software from your package manager and follow other security good practice.

So how can I as a new user make sure to have the most secure machine as possible?

That's not what you want. You want a reasonable level of confidence that your system is secure.

The process is similar to Windows - keep it up-to-date, use good passwords, don't run things as root (admin), and don't install things that are questionable.

The package manager under linux is where you should start, and that varys by distro some. But generally speaking things installed from there are "safe" and will be updated by the package manager when you do updates.

As others have said, Linux Security is a very broad topic. But the main thing is keeping your system updated, only install packages from your distro’s repositories, install a firewall and don’t install anything you don’t need should go a long way :)

For example, i use Alpine Linux as a desktop OS. This means i only install packages through apk, from the Alpine repositories. I run apk update and apk upgrade commands every friday. I use Flathub for most desktop software which i also update weekly. (To be even more secure, only install verified flatpak’s). my firewall has no incoming ports open (really not needed on my desktop). And i keep myself updated with the latest news regarding Alpine Linux, and Linux in general. So i am aware of most vulnerabilities as they are published. This is a pretty secure system.

Later on if you want even more security you can start following the CIS guidelines for your favorite distro, but the above should be a good start.

But good security is not just jeeping your system updated, it also means you have good backups in place, in case randsomware hits your system. And then there’s also the monitoring of your system for suspicious behaviour :) But these are far more advanced topics!

Linux is always more secure than win10, so whatever your need, Linux is more secure. The biggest threat is almost always yourself, and what you open up, give away, and how easy you make the codes you use and so forth.

the most secure possible? you'll need to learn a ton. you'll get there, but it'll take a while.

decently secure? install Linux Mint, install your updates, don't run sketchy commands with URLs in them unless you know what you're doing, maybe follow a hardening guide. you'll be okay.

if you need to be extremely secure and private, install Tails on a USB stick. it will be slow and frustrating, and you'll need to save files to a second USB drive, but it will probably keep you pretty safe, and it's decently user-friendly. just make sure you keep Tails updated! you'll have to do that by flashing the new Tails onto a new USB drive, there's no easy way around that.

those are your two most user-friendly, safe approaches.

Great to hear you're willing to move to Linux!

Like other comments pointed, there is no such thing as "most secure". It's a deep rabbit hole and it's better in general to assume that any device connected to the internet is at risk. Hell, any storage can be compromised if the entity interested put enough effort into it.

I recommande reading the page on Privacy Guides, it gives a good overview. In general, you should consider your thread model: what is you situation and why do you want security or privacy for?

• Regarding security, I would say for a general case, any modern, popular Linux distro with full disk encryption is probably good enough and as secure as any other OS. I would recommande going with a Fedora Silverblue or an OpenSUSE Tumbleweed, but the more popular Ubuntu or Mint are great as well for new users.
• If you also want "good enough" privacy, you should focus more on the software you are running, and the situation of your data, especially in your usage of your web browser. But that's a different topic entirely.
• If you actually want more advanced security though, that's where it becomes difficult/fun. You need to consider what you are trying to protect yourself from, specifically. Virus? Maybe a compartmentized OS like Qubes might be a solution. Physical access to your device? You can get a dead man switch that kills you system disk if your laptop is taken away from you. You want to hide your OS install from a security inspection? You can set a deniable full disk encryption with a facade OS that protect your from a rubber hose attack. Probably many other things exist I am not aware of.

But anyway, if your question is "Is a Linux distro at least as secure as my previous Windows", the answer is definitely YES imo. And if you want MOAR, it's gonna be a fun ride!

[edit: and yes, updates! Update you system plz.]

• Set a decently good password (password is required frequently on Linux, so do go overboard with a 40-random-characters-long password, you will regret it)
• don't install programs or run scripts from shady sources, prefer to install programs from the Software store (package manager and flatpak)
• setup a backup system to regularly copy all your files to a separate storage device. This is the way to protect yourself from ransomware but also user errors! Having the possibility to format your drive, reinstall and restore backup in a 1 hour time span is going to give you the peace of mine you need for exploring and experimenting with Linux

So how can I as a new user make sure to have the most secure machine as possible?

1. Always use uBlock Origin in a Firefox-based browser (e.g., LibreWolf, Zen).
2. Never click on links in communication of any kind that you didn't expect or are too good to be true.
3. Never reinstall Windows.

⚜︎ arscyni.cc: modernity ∝ nature.

Keep your user account in user space.

Avoid unnecessary root access.

Just make sure everything's updated.

Microsoft do a good job of updating drivers and their applications, but Windows application updates vary so much.

For Linux - mostly - the distro maintainers handle all updates and just updating is usually enough.

After that it's down to you... if you disable all the built-in protection and visit dodgy websites then any OS is going to struggle.

You can improve the out-of-box security by removing software you don't use, improving default configurations (one size doesn't fit all) and considering if you want additional security software - this applies to any OS.

So, to return to your question, choose a Linux distro which has regular updates and only contains applications that you use.

One of the tips I'd give is the same for Windows, the best anti-virus is the user to know what he/she is doing. Linux is a better in that regard because it obfuscates very little, unlike Windows.

Also in line with viruses, given how many variants of a base system there can be, unless the virus is compiled in your machine, to my knowledge chances are higher for a virus to fail to function properly, or even at all. A way for a coder to circumvent it would be to bloat the code with system-specific instructions, which would be harder to create and optimize, but if a big enough group in resources take on the challenge, it could potentially be achieved.

On another point, something I expect to become a problem in Linux is that you need the admin's password, which is pretty much the master key of the system, for way too many things, even to install a web browser or the equivalent of 7-Zip. With scams usually involving social engineering, having the user hand a key from a system that depends mainly on it makes the system far more vulnerable.

Now, given Windows is still the bigger desktop system, scammers and virus distribution still focus on it, but as Linux grows, more ill-intended people may focus on it.

But still, Windows has far less variants, barely anything there uses passwords or more adninistration-oriented safelocks, and is much worse for troubleshooting (and having used most systems from 98FE onward, I also think it's getting worse), so I'd say Linux still has the advantages in those points I could think of.

To have the most secure machine possible, you might need a hardened kernel but you absolutely need to have SELinux (or equivalent) rules set up.

The easiest way to have a go at this would be to install OpenSuSE (any version will do, they all ship with SELinux ootb) and follow guides on how to setup SELinux permissions.

Most of the security is in the kernel so you can make sure you have the latest kernel. Also secureblue is a security focused distro that makes use of GrapeneOS's hardened malloc so that's the most secure one that I'm aware of.

So how can I as a new user make sure to have the most secure machine as possible?

Shut the computer down. That's it; computer as secure as possible.

Otherwise, if you actually want to use your computer, google for "threat model" first.

But generally: use an adblocker in your webbrowser, don't execute random commands/tools from the internet before you know for sure what you're doing, update stuff now and then and make backups.

https://www.comparitech.com/blog/information-security/linux-security-guide/

Security is a rabbit hole.

You're going to end up wasting a lot of time and effort on learning about something that in the end will not have a substantial impact on your computing experience.

It will make you look good in front of losers on the internet you'll never meet, though.

You don't actually need "perfect" security in the future, any more than you did in the past. Windows was not perfect, right? So stop looking for perfection. Instead, look for "good enough for 99.9% of the world". And you can get that with many of the popular Linux distributions.

Basically, install a popular distro, and keep your software to whatever is in the package manager. Don't install random shit manually. Don't download random software from random websites. Don't fuck with security settings unless you read up on the topic very thoroughly. Then you'll be fine.