Hi there,

Win10 is soon not supported. Tbh Linux have been on my radar since I started to break from the US big tech.

But how is security handled in Linux? Linux is pretty open-source, or am I not understanding it correctly. So how can I as a new user make sure to have the most secure machine as possible?

  • @deadcade@lemmy.deadca.de
    link
    fedilink
    811 month ago

    Security is an insanely broad topic. As an average desktop user, keep your system up to date, and don’t run random programs from untrusted sources (most of the internet). This will cover almost everyones needs. For laptops, I’d recommend enabling drive encryption during installation, though note that data recovery is harder with it enabled.

    • @Tanoh@lemmy.world
      link
      fedilink
      151 month ago

      That is good advice, however sadly a lot of install scripts are basically: download this script from us, and pipe it to a root shell.

      • @procapra@lemmy.ml
        link
        fedilink
        81 month ago

        Why not? You (usually) just click the check box during install, and you have 1 extra password when you boot up your system. Doesn’t seem too hard but I might be missing something.

          • Xylight
            link
            fedilink
            English
            5
            edit-2
            1 month ago

            It’s a few extra steps to start fixing, but it’s still definitely possible once you get the crypto device mapper.

            • @Attacker94@lemmy.world
              link
              fedilink
              1
              edit-2
              1 month ago

              So long as you know that is the trade off, I would tend to agree with you, but knowing the standard desktop user, most will opt for the opposite of your statement.

        • Tenderizer78
          link
          fedilink
          English
          11 month ago

          It’s surprisingly annoying trying to configure LUKS full disk encryption. I had to look up instructions many times over on Mint.

          • @NewNewAugustEast@lemmy.zip
            link
            fedilink
            21 month ago

            Wait what? I don’t use mint, but with every other distro you just check the box at install and that is it.

            Are you saying its hard to configure after you have already installed? I could imagine it might be, but why not export a list of programs you use and back up the home directory. Reinstall and check the box, restore home, and import your package list?

            • Tenderizer78
              link
              fedilink
              English
              1
              edit-2
              1 month ago

              Firstly, LUKS is under “physical disk for encryption” which is a stupid and confusing name.

              Secondly, if you want to dual-boot with LUKS you need to manually configure the partitions.

              Thirdly, you need to seperately assign root to be installed on the “physical disk for encryption”, and they have multiple volumes for that in the list.

              Fourthly, as with all LUKS encrypted Linux distros you need a seperate EFI, boot, and root partition.

              Fifthly, all of this partitioning is on a really small window that can’t be resized.

              • @NewNewAugustEast@lemmy.zip
                link
                fedilink
                31 month ago

                I don’t dual boot, so I guess there is that. But everything else seems very confusing. All other installers say, do you want this encrypted? You click yes. And that’s it.

                • Tenderizer78
                  link
                  fedilink
                  English
                  11 month ago

                  TBH I’ve installed Mint, Kubuntu, and OpenSUSE and I don’t remember which ones had which issues. I think they’re all Mint but maybe not.

      • @OhVenus_Baby@lemmy.ml
        link
        fedilink
        11 month ago

        They should not us LUkS and instead use veracrypt for folders and files. That way if any repartitioning or modification is needed it’s simple in gparted or GNOME disks on mint.

        Source is been there and done that. Luks partitions are not easily resized.

    • EpicStuff
      link
      fedilink
      English
      128 days ago

      I hear don’t run random stuff from the internet alot but back when i was using windows, if i found something interesting on say github i would just download and run it and i expected windows defender to block any viruses. Is there something similar for linux? Like if I go around installing random Aur packages, is there anything stopping viruses from doing virus things?

      • @deadcade@lemmy.deadca.de
        link
        fedilink
        128 days ago

        Is there anything stopping viruses from doing virus things?

        Usually that’s called sandboxing. AUR packages do not have any, if you install random AUR packages without reading them, you run the risk of installing malware. Using Flatpaks from Flathub while keeping their permissions in check with a tool like Flatseal can help guard against this.

        The main difference is that even with the AUR being completely user submitted content, they’re centralized repositories, unlike random websites. Malware on the AUR is significantly less common, though not impossible. Using packages that have a better reputation will avoid some malware, simply because other people have looked at the same package.


        There is no good FOSS Linux antivirus (that also targets Linux). Clamav “is the closest”, though it won’t help much.