With the recent windows 10 EoL news, I was able to move my dad over to Linux mint. But he does a lot of finance stuff. Long ago, Linux had a belief that desktop Linux are not the primary target for crackers but I don’t believe that true anymore since it’s getting significantly popular lately like Europe government migration over to Linux and Libreoffice.
My question would be , given my dad is just as careful on Linux as he has been on windows, would it be fine to do finance like banking and trading (not the fastest kind )?
If not, what would be your distro of choice for that? Even browsers (I installed Firefox and Edge from Microsoft website deb file)
security or ease , pick one
Qubes OS gives him high security with relative ease.
Fedora Silverblue with auto update and Flatseal tightened apps is a nice middle ground.
RHEL minimises supply chain attack risk and provides features like kernel hot patching. He can use free developer subscriptions. Also try SUSE.
Security wise Chromium is a bit better than Firefox. Try to seal it up with SELinux. Red Hat only supports Firefox however.
SecureBlue can be used as a reference, but it’s still downstream so personally I’d avoid using it in case of supply chain attacks unless securing Silverblue is too much of a hassle.
Keep in mind that Flatpak sandbox interferes with browser sandboxes.
OpenBSD
ducks
If you’re picking a distro for someone else I would not recommend a small project distro or something incredibly niche 😅
Any of the big projects should be decent. Fedora, maybe fedora silverblue or whatever their imutable variant is called, opensuse, Mint, Ubuntu, debian. (Personally I don’t like some of the choices Ubuntu makes but it may still be a very good option for less technical folks)
Others can tell you which of those have the best security defaults, but to be honest it doesn’t sound like you actually have particularly exceptional security needs relative to what any distro will provide. I’d prioritize something stable and user friendly- which, again, your best bet is NOT picking a niche small project or something most people have never heard of
I think most Linux distros will be fine. As of today desktop marketshare is still small, the governments mostly work within custom business applications. And to this date Linux malware and viruses for the desktop are practically unheard of. The common attacks are against the browsers, not the underlying operating system (so do timely updates and install an adblocker) or we’d expect phishing or phone scams and that’s against the human in front of the computer, again not the operating system. That makes me say they’re about all alright. Of course they’re not all equal. Immutable distros and sandboxing will help here. But the real deal is other countermeasures, like be aware how phishing works and try not to mix online banking and pirating games from shady websites. That belongs on separate user accounts or even installed operating systems. And use password managers, 2 factor authentication and these things. (And don’t use Edge, or some browser from some random third-party repository.)
And to this date Linux malware and viruses for the desktop are practically unheard of.
This is dangerously false.
edit: I’m sorry to see I have disturbed a few people here, downvoting the truth without a comment. Explains a lot of contemporary politics, I think.
Can I get some list or a reference to educate myself? As far as I know it still holds true. There’s rootkits, a lot of old stuff and exploits of webservers or embedded devices, supply chain attacks towards developers and the one day the Mint ISO file got compromised. But I’m completely unaware of desktop computer malware with high risk or actually spreading?! And the list on Wikipedia seems to confirm what i said…
Okay, let’s assume for fun that there’s highly developed Linux malware that exclusively infects servers and leaves desktops alone. What exactly is a server? Is it a server as soon as a web server service is running? A DNS service? An SMTP service? Some of these are also included with Linux desktops.
But that’s not the point. There’s no specific “Linux server malware”. There’s Linux malware. It targets the Linux kernel (current data point), not any web stuff.
For example it’s something that has an Apache webserver installed and that Apache is accessible from outside… So the Apache exploit can do something. Do you have both conditions met on your laptop/desktop computer? I’m pretty sure that won’t be the case, and that’s the difference here. And yes, that’s specific.
Let me repeat my last paragraph, as you seem to have stopped reading after the first question mark:
But that’s not the point. There’s no specific “Linux server malware”. There’s Linux malware.
You’re wrong. How would an Apache exploit “hack” your Steam or online banking app? That’s just not possible.
How would something that exploits the default password on a router infect my machine with a different password?
Malware uses specific attack vectors and specific vulnerabilities.
Malware uses specific attack vectors and specific vulnerabilities.
The “specific vulnerabilities” are usually in the Linux kernel, quite present on every single Linux system. Please follow the link I posted above. This is not about Apache or any other arbitrary user-facing software.
This is dangerously unspecific.
Thank you!
I add this overview article https://www.geeksforgeeks.org/ethical-hacking/what-is-linux-malware/
Maybe Secureblue?
That also comes with its own hardened browser based on GrapheneOS’s.
And if you don’t go with Secureblue and its browser, I’d recommend using a browser Chromium based, probably Brave. I know that’s a controversial choice, but in terms of security and ad blocking, it’s one of the better options. And disable JIT for V8.
First time hearing about Secureblue. And it sounds great. Though their motivation is quite welcome to see, I’m unsure if it will be actively maintained for a long time. It’s quite young project.
if you’re looking for something with the most security, then Qubes. It’s heavy, it’s slow, but good luck to anyone looking to break into that system.
Bit of a learning curve and a bit to wrap your head around it but I would tell him to think of it like you have access to a bunch of individual computers that don’t talk to each other but you control all of them. So he could have a Qube for casual web browsing, could have a Qube for work, and another Qube for financial stuff. all independent of each other. IF something were to happen (malware, trojan, whatever) just simply close that qube window and spin up another.
Top choice regarding security? Qubes OS. But that’s not just a distro.
OpenBSD. No Linux, but much more secure. And yes, there is quite some amount of Linux-specific malware around these days.
True, but my issue with OpenBSD is that the performance is really lacking in terms of desktop smoothness. It feels like sub 60 fps compared the smoothness of Linux and FreeBSD.
I hope it’s just a current driver incompatibility and not related to their hardening. Will try again once 7.8 releases.
OpenBSD gets SMP improvements all the time, so yes, chances are that 7.8 will be even snappier. For banking, however, desktop smoothness would not be my primary concern.
PureOS might be one, though it’s maintained by an American computer corporation.
