I honestly doubt that GOS is as secure as Qubes with its physical isolation. I don´t use Qubes myself though, mostly because of its lack of user-friendliness.

    Linux Mint, and Windows 10 Pro for work, but I'm migrating to Linux full time and using web apps only for work. Let's see how long I can make it without needing full Office app features.

    For Outlook, Teams, and Dynamics, the web works just fine. I'm not sure how excel and word will work. I'll cross that bridge when I get there.

    Been exclusively daily driving QubesOS, both for work and personal, for a few years now. Never going back.

    Moved straight from Windows to Qubes. Migrated almost cold turkey over the span of 2 weeks. Was a steep learning curve at first because I had zero Linux knowledge, but it was a great learning experience and I feel so much better off for having taken the plunge. Qubes has fantastic documentation and an active and helpful community, so I always felt happy with the resources and support available. The best advice I can give to someone looking to switch over to Qubes is to first take an Introduction to Linux course online (Udemy or similar). That'll get you familiar with the terminal, filesystem and an idea of how Linux system administration works. Then really read and study Qubes' Getting Started documentation (on their website), followed by installing Qubes onto a spare bare metal machine (or VirtualBox if no second machine) and then playing around with creating domains and generally testing things out.

    Once you develop a familiarity and understanding of Qubes it really does make you feel like a god and in total control of your personal computing. The concept of gaining security by isolating different domains of your digital life and activities isn't hard to grasp, but does require some thoughtful time spent as to how you want to architect and compartmentalize all your activities. For me, it was a journey and I started with the most simple default setup (which by itself already delivers tremendous security improvements over a typical Windows or Mac or even Linux setup), and gradually compartmentalized more until reaching a long-term setup I was comfortable with. It's like compartmentalizing your untrusted apps or Play Services onto a separate user profile on Graphene, but the domain management system on Qubes is far more comprehensive and powerful. Graphene's implementation is great, but Qubes is on another level even if simply due to the level of control afforded on desktop over mobile. Qubes also makes managing networking and all possible kinds of networking setups on your system a breeze.

    Still occasionally experience kinks and issues with Qubes here and there, but nothing that a willingness to problem-solve can't fix within a day or two.

    While others have mentioned Qubes being super-secure by default, it's also stressed that while Qubes does already provide a more secure framework, the security of the OS running within each isolated domain ("Qube") is also very important. I run Kicksecure (hardened Debian) within each of my Qubes VMs. For those concerned with security and running vanilla Debian on bare metal, I recommend taking a look at Kicksecure. Very easy to install over vanilla Debian, and hardens your system with no noticeable changes to the desktop experience and no tradeoff in functionality. I liked reading Whonix developer Madaidan's articles (search for "Madaidan's Insecurities") on operating system security. He also seems to be a fan of Graphene and Qubes, and is in fact quite critical of standard Linux.

    If we're talking strictly bare-metal (no virtualization) installations: if I wasn't running Qubes, I'd probably opt for something like HardenedBSD (security-hardened BSD based on FreeBSD). I've played around with HBSD both on baremetal and as a Qubes VM, and from what I've studied it seems like a good functional-yet-secure middle-ground between Linux and something like OpenBSD, but I imagine the switch to BSD is not for most people (and while security may benefit, fingerprinting will certainly become a major issue).

    mythodical secure boot needs a fair bit of knowledge? Its usually just toggled from BIOS. Am I misunderstanding you?

        • [deleted]

        • Post #98

        Can't tell. But I'd prefer to use any Linux distributions that come with Gnome DE.

        openSUSE Tumbleweed while I wait for openSUSE Aeon or Kalpa to be production ready.

          Xtreix I am aware that Richard sincerely hates KDE ... still not sure why. But still, KDE (Kalpa) is necessary because there's a lot of people that prefer Plasma instead of GNOME. And both DE's have their pros and cons. Therefore I really hope Aeon and Kalpa will succeed. In the meantime, Tumbleweed is a safe haven.

            Zzgooloo secure boot can sometimes be that easy, but an optimal configuration can be quite complex. For example, have a look at the Arch Linux wiki article on Secure Boot.

              User2288 quite outdated experience... Ssd trim is not a thing anymore, most (all?) hardware work out the box (no driver to install), in fact it takes much more time to get a usable PC out of a preinstalled Windows (remove bloatware / spyware) than to install Linux !

                Arch. I mainly use to code and write. Everything else on GrapheneOS.

                LMDE6 (Linux Mint Debian Edition)
                Most applications consisting of flatpaks for some low-level sandboxing. (Absolutely not a replacement for GrapheneOS though)
                I would recommend Qubes and/or TailsOS for security.

                • [deleted]

                • Post #112

                I'm an avid user of Debian Sid and it's my go-to operating system that powers all of my computers.