Hi there,
Win10 is soon not supported. Tbh Linux have been on my radar since I started to break from the US big tech.
But how is security handled in Linux? Linux is pretty open-source, or am I not understanding it correctly. So how can I as a new user make sure to have the most secure machine as possible?


Security is an insanely broad topic. As an average desktop user, keep your system up to date, and don’t run random programs from untrusted sources (most of the internet). This will cover almost everyones needs. For laptops, I’d recommend enabling drive encryption during installation, though note that data recovery is harder with it enabled.
That is good advice, however sadly a lot of install scripts are basically: download this script from us, and pipe it to a root shell.
Install scripts for what exactly?
Majority of software is packaged natively.
i personally wouldn’t recommend encrypted drive for a beginner though
Why not? You (usually) just click the check box during install, and you have 1 extra password when you boot up your system. Doesn’t seem too hard but I might be missing something.
when you fuck shit up you can’t really easily boot in from a usb drive and learn the recovery process
It’s a few extra steps to start fixing, but it’s still definitely possible once you get the crypto device mapper.
Better to lose the data than have it stolen.
So long as you know that is the trade off, I would tend to agree with you, but knowing the standard desktop user, most will opt for the opposite of your statement.
It’s surprisingly annoying trying to configure LUKS full disk encryption. I had to look up instructions many times over on Mint.
Wait what? I don’t use mint, but with every other distro you just check the box at install and that is it.
Are you saying its hard to configure after you have already installed? I could imagine it might be, but why not export a list of programs you use and back up the home directory. Reinstall and check the box, restore home, and import your package list?
Firstly, LUKS is under “physical disk for encryption” which is a stupid and confusing name.
Secondly, if you want to dual-boot with LUKS you need to manually configure the partitions.
Thirdly, you need to seperately assign root to be installed on the “physical disk for encryption”, and they have multiple volumes for that in the list.
Fourthly, as with all LUKS encrypted Linux distros you need a seperate EFI, boot, and root partition.
Fifthly, all of this partitioning is on a really small window that can’t be resized.
I don’t dual boot, so I guess there is that. But everything else seems very confusing. All other installers say, do you want this encrypted? You click yes. And that’s it.
TBH I’ve installed Mint, Kubuntu, and OpenSUSE and I don’t remember which ones had which issues. I think they’re all Mint but maybe not.
They should not us LUkS and instead use veracrypt for folders and files. That way if any repartitioning or modification is needed it’s simple in gparted or GNOME disks on mint.
Source is been there and done that. Luks partitions are not easily resized.
I hear don’t run random stuff from the internet alot but back when i was using windows, if i found something interesting on say github i would just download and run it and i expected windows defender to block any viruses. Is there something similar for linux? Like if I go around installing random Aur packages, is there anything stopping viruses from doing virus things?
Usually that’s called sandboxing. AUR packages do not have any, if you install random AUR packages without reading them, you run the risk of installing malware. Using Flatpaks from Flathub while keeping their permissions in check with a tool like Flatseal can help guard against this.
The main difference is that even with the AUR being completely user submitted content, they’re centralized repositories, unlike random websites. Malware on the AUR is significantly less common, though not impossible. Using packages that have a better reputation will avoid some malware, simply because other people have looked at the same package.
There is no good FOSS Linux antivirus (that also targets Linux). Clamav “is the closest”, though it won’t help much.