With the recent windows 10 EoL news, I was able to move my dad over to Linux mint. But he does a lot of finance stuff. Long ago, Linux had a belief that desktop Linux are not the primary target for crackers but I don’t believe that true anymore since it’s getting significantly popular lately like Europe government migration over to Linux and Libreoffice.
My question would be , given my dad is just as careful on Linux as he has been on windows, would it be fine to do finance like banking and trading (not the fastest kind )?
If not, what would be your distro of choice for that? Even browsers (I installed Firefox and Edge from Microsoft website deb file)
Security is the output of removing vulnerabilities and insecure configs
So, the real answer is: what’s the minimal software you need and the most regularly updated.
So, my choice is Arch.
Yep, installation takes a little longer and needs more technical skills, but only install the bits you need (also learn a little more this way) and then updates are tiny and can be done as often as you’re comfortable with.
Whatever you choose, it will break / die / be deleted or corrupted one day, so always backup your data separately than the OS (separate drive partitions can help) and you’re done.
I think most Linux distros will be fine. As of today desktop marketshare is still small, the governments mostly work within custom business applications. And to this date Linux malware and viruses for the desktop are practically unheard of. The common attacks are against the browsers, not the underlying operating system (so do timely updates and install an adblocker) or we’d expect phishing or phone scams and that’s against the human in front of the computer, again not the operating system. That makes me say they’re about all alright. Of course they’re not all equal. Immutable distros and sandboxing will help here. But the real deal is other countermeasures, like be aware how phishing works and try not to mix online banking and pirating games from shady websites. That belongs on separate user accounts or even installed operating systems. And use password managers, 2 factor authentication and these things. (And don’t use Edge, or some browser from some random third-party repository.)
Top choice regarding security? Qubes OS. But that’s not just a distro.
this is the first time knowing the Qubes OS. and upon researching on wikipedia, it’s meant to be used with multiple OSes for different tasks…? wow
It is. the underlying OS is actually a type 1 hypervisor, XEN. better take a look at their official website then wikipedia though.
It essentially is multiple OSes, one host and plethora of separate virtual machines that only communicate what they were designed to communicate.
This way pretty much nothing can get access to userspace.
OpenSUSE is big on the security and usability front. None of the services you install activate by themselves. Firewall active by default. The first user doesn’t get access to every group under the sun after installation.
And everything can be controlled through GUI tools. But it doesn’t throw a fit when you’ve done something yourself through the CLI.
Also SELinux by default now instead of AppArmor. It can be a pain but it works. I.e. files dumped into a SAMBA share aren’t autoshared unless they have the samba SELinux setting applied, etc
if you’re looking for something with the most security, then Qubes. It’s heavy, it’s slow, but good luck to anyone looking to break into that system.
Bit of a learning curve and a bit to wrap your head around it but I would tell him to think of it like you have access to a bunch of individual computers that don’t talk to each other but you control all of them. So he could have a Qube for casual web browsing, could have a Qube for work, and another Qube for financial stuff. all independent of each other. IF something were to happen (malware, trojan, whatever) just simply close that qube window and spin up another.
Maybe Secureblue?
That also comes with its own hardened browser based on GrapheneOS’s.
And if you don’t go with Secureblue and its browser, I’d recommend using a browser Chromium based, probably Brave. I know that’s a controversial choice, but in terms of security and ad blocking, it’s one of the better options. And disable JIT for V8.
First time hearing about Secureblue. And it sounds great. Though their motivation is quite welcome to see, I’m unsure if it will be actively maintained for a long time. It’s quite young project.
PureOS might be one, though it’s maintained by an American computer corporation.
