With the recent windows 10 EoL news, I was able to move my dad over to Linux mint. But he does a lot of finance stuff. Long ago, Linux had a belief that desktop Linux are not the primary target for crackers but I don’t believe that true anymore since it’s getting significantly popular lately like Europe government migration over to Linux and Libreoffice.
My question would be , given my dad is just as careful on Linux as he has been on windows, would it be fine to do finance like banking and trading (not the fastest kind )?
If not, what would be your distro of choice for that? Even browsers (I installed Firefox and Edge from Microsoft website deb file)
OpenBSD
ducks
But x11 is insecure
ducks
I mean… Not wrong
Based upon your wording, I am assuming your father is not particularly tech savvy, if this is the case first and foremost you should be picking a distro that is maintained by a large group of trustworthy developers, this removes the niche distros from the running. Secondly, since he isn’t going to want to learn the terminal, you should be picking a distro that installs programs with a GUI package manager or flatpak manager, this removes the likes of arch, gentoo, & open suse tumbleweed. Thirdly, you will want a distro that is based on one you understand well enough to run tech support, I don’t know which that is for you, if it is Debian based stick with mint, fedora based go with fedora workstation or fedora KDE, if it is opensuse I don’t have any recommendations sorry.
After you select the distro you need to educate your dad that he should only be getting new programs through the package manager, and I would either tell him the inherit insecurity of some flatpaks or remove flathub from your mirror list unless there is something he really needs in which case you need to do your research.
In general security on Linux is a lot more active for IT than it is for Windows, but for the general user if they can get by using a well known distro’s repos you shouldn’t have any security issues.
If you are overly worried you could add apparmor to the system to isolate the system from programs or pick an immutable distro like bazzite, but in general the immutables are smaller teams which is why I don’t prefer them.
Thanks for the thought process it’s really helpful and also reassuring since it’s quite similar to mine and yeah. Secureblue definitely sounds cool but I’m afraid it would not fit my dad’s need. In the end it’s gonna be up to whether I and my father can trust the maintainers or not
Secureblue is what I’d use if security was a major concern. Every time I’ve tried to use a non-Ubuntu distro I’ve immediately ran into a few technical issues so I stick with Ubuntu.
Generally I think I’m safe as long as I don’t install untrusted software, and the distro didn’t package untrusted software.
If you’re picking a distro for someone else I would not recommend a small project distro or something incredibly niche 😅
Any of the big projects should be decent. Fedora, maybe fedora silverblue or whatever their imutable variant is called, opensuse, Mint, Ubuntu, debian. (Personally I don’t like some of the choices Ubuntu makes but it may still be a very good option for less technical folks)
Others can tell you which of those have the best security defaults, but to be honest it doesn’t sound like you actually have particularly exceptional security needs relative to what any distro will provide. I’d prioritize something stable and user friendly- which, again, your best bet is NOT picking a niche small project or something most people have never heard of
Qubes OS gives him high security with relative ease.
Fedora Silverblue with auto update and Flatseal tightened apps is a nice middle ground.
RHEL minimises supply chain attack risk and provides features like kernel hot patching. He can use free developer subscriptions. Also try SUSE.
Security wise Chromium is a bit better than Firefox. Try to seal it up with SELinux. Red Hat only supports Firefox however.
SecureBlue can be used as a reference, but it’s still downstream so personally I’d avoid using it in case of supply chain attacks unless securing Silverblue is too much of a hassle.
Keep in mind that Flatpak sandbox interferes with browser sandboxes.
Maybe Secureblue?
That also comes with its own hardened browser based on GrapheneOS’s.
And if you don’t go with Secureblue and its browser, I’d recommend using a browser Chromium based, probably Brave. I know that’s a controversial choice, but in terms of security and ad blocking, it’s one of the better options. And disable JIT for V8.
Ubuntu or mint both are fine
security or ease , pick one
Kali Linux
/s
OpenBSD. No Linux, but much more secure. And yes, there is quite some amount of Linux-specific malware around these days.
Ah now it makes sense why you are spamming the Ring reaper. Still needs an exploit to get it on your machine. BSD has way less hardware support then Linux.
The precise amount of hardware support of an operating system largely depends on your hardware. For example, iOS runs on iPhones while Linux does not. Does iOS have greater hardware support now?
Frankly, there is not one piece of hardware in my household that wouldn’t work with OpenBSD. I’m sure I could say the same about Linux. And you.
Exploits for Linux systems aren’t exactly sparse, actually.
Android runs on the iPhone: https://projectsandcastle.org/
iOS might be Unix-like. But I don’t see that anyone is working on Linux specifically.
True, but my issue with OpenBSD is that the performance is really lacking in terms of desktop smoothness. It feels like sub 60 fps compared the smoothness of Linux and FreeBSD.
I hope it’s just a current driver incompatibility and not related to their hardening. Will try again once 7.8 releases.
OpenBSD gets SMP improvements all the time, so yes, chances are that 7.8 will be even snappier. For banking, however, desktop smoothness would not be my primary concern.
There have been some pretty giant performance jumps since the 6-series. I find running -current totally reasonable for a desktop user.