Hey 👋 dear Linux Community,
I’m still kinda new to Linux (started using this year 😅) I already made it to my main OS, even if I still missing some things which I used on Windows, anyway. What I wanted to ask you guys, what recommendations do you have for Linux Mint (Cinnamon)? In terms of security, optimization, (a way to make the UI looking modern ;-;) and privacy? I would be very interested in what you do guys to optimize your Linux setup :) I’m pretty technical, so there is nothing which could overwhelm me (probaly).
Thx! 🤍
#privacy #dataprotection #linux #linuxmint #opensource #foss #cybersecurity @linux
I only use quotation Marks if I can directly Quote it: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
probably should have given it with the first comment. I even searched out the Post to quote it correctly but didn’t think to link it. Here it is: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekze9n6/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
“GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer, etc”
same Thread, a few Comments further up. I linked it here for you: https://www.reddit.com/r/GrapheneOS/comments/bddq5u/comment/ekxifpa/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Since the Telemetry also is a Dealbreaker for me on the Privacy-Front i agree with you there. But in regards to security:
Microsoft has huge security-Teams and is often at the Forefront of new security-technologies / -concepts. TPM comes to Mind immediately.
in my personal Opinion, Windows (as well as Linux) carry too much legacy-Cruft in the Name of backwards-compatability. But since I’m not an established Cybersecurity Expert and I’m aware of that, here’s what I’ve read from actually established Cybersecurity Experts:
from what I’ve read, they recommend either Android or ChromeOS as the most secure ‘Desktop’ OS. After that it depends on what you need. MacOS apparently has better Sandboxing while Windows has better Exploit Mitigations.
Linux is universally seen as not as secure as any of them.
Jesus, that was a lot more Effort than I imagined. I hope you’re going to actually look into the Points I raised and I didn’t just ‘yell at the Clouds’, so to speak.
The funny thing is that a few of the articles I found that I thought you were missquoting were using quotes from that thread just a few comments below but no one was quoting that particular part. In any case there’s one important word left out “typical”, that’s important because you can harden the security of Linux by a lot more than you can Windows, which means that even if the typical Linux was less secure than the typical Windows that says nothing about which can be made more secure.
I’m glad we see eye-to-eye on privacy, because unlike him I don’t think you can decouple both of them so easily, and in fact I believe that privacy is one subset of security (George Orwell and all of that).
I’m not a cybersecurity expert by any means, but I did study for OSCP for a while but ended up working in programming servers instead, so I’m also not a layman on this. Every cybersecurity expert I’ve ever met uses Linux, it’s not universally seen as less secure like you’re describing, one guy has that idea and from his answers on that thread it looks like he’s focusing on one aspect, i.e. binary isolation, as the be end all for security and forgetting all other areas of attack, not to mention that even if you were to consider that then Linux has native docker and almost everything exposed to the internet nowadays runs inside docker which provides a lot more isolation than most other comparable technology.
Which leads me to believe he’s talking about home use, and if you go to home use Linux has a package manager, so on that alone it beats windows on security since that can’t be MITM like a website can. So in windows you’re never sure if what you’re installing is the program you want or a virus. Even if we forget about that for a second, most people use windows with their admin account, so any malware a user inadvertently puts in the system has full system access, unlike Linux where the default is a limited user account with password prompt to use sudo. Even if a person uses windows with a non-admin account and has a hardened security, privilege escalation on windows is a joke, if you’re interested go check out hackthebox and run through a few machines, you’ll notice that on Linux privesc is usually looking for missconfigurations or errors from the user, whereas Windows is 90% of time check version, look out a CVE, exploit it.
So, let’s recap, it’s harder to get into your Linux system, if something gets in by default it has less access, and to extend that access is also harder. How exactly is Windows more secure? Just because it checks a chip to ensure your hardware hasn’t changed? Chances that an attack would change my hardware at home are close to zero, and if someone stole my hardware good luck getting past luks, if I have the slightest suspicion that my hardware has been compromised I can simply unplug the disk, use a separate hardware to boot, copy the info from that disk and nuke everything, something that would be insecure in windows because it auto executes mounted drives by default, so plugging my old disk in could trigger whatever trap someone had setup.
Honestly, the more I think about it the more absurd it sounds that someone would prefer Windows for security reasons. Servers have to be the most secure computers, actual people get paid a lot of money to make sure servers are secure, and the vast majority of servers run Linux.