Linux Mint, and Windows 10 Pro for work, but I'm migrating to Linux full time and using web apps only for work. Let's see how long I can make it without needing full Office app features.

For Outlook, Teams, and Dynamics, the web works just fine. I'm not sure how excel and word will work. I'll cross that bridge when I get there.

Been exclusively daily driving QubesOS, both for work and personal, for a few years now. Never going back.

Moved straight from Windows to Qubes. Migrated almost cold turkey over the span of 2 weeks. Was a steep learning curve at first because I had zero Linux knowledge, but it was a great learning experience and I feel so much better off for having taken the plunge. Qubes has fantastic documentation and an active and helpful community, so I always felt happy with the resources and support available. The best advice I can give to someone looking to switch over to Qubes is to first take an Introduction to Linux course online (Udemy or similar). That'll get you familiar with the terminal, filesystem and an idea of how Linux system administration works. Then really read and study Qubes' Getting Started documentation (on their website), followed by installing Qubes onto a spare bare metal machine (or VirtualBox if no second machine) and then playing around with creating domains and generally testing things out.

Once you develop a familiarity and understanding of Qubes it really does make you feel like a god and in total control of your personal computing. The concept of gaining security by isolating different domains of your digital life and activities isn't hard to grasp, but does require some thoughtful time spent as to how you want to architect and compartmentalize all your activities. For me, it was a journey and I started with the most simple default setup (which by itself already delivers tremendous security improvements over a typical Windows or Mac or even Linux setup), and gradually compartmentalized more until reaching a long-term setup I was comfortable with. It's like compartmentalizing your untrusted apps or Play Services onto a separate user profile on Graphene, but the domain management system on Qubes is far more comprehensive and powerful. Graphene's implementation is great, but Qubes is on another level even if simply due to the level of control afforded on desktop over mobile. Qubes also makes managing networking and all possible kinds of networking setups on your system a breeze.

Still occasionally experience kinks and issues with Qubes here and there, but nothing that a willingness to problem-solve can't fix within a day or two.

While others have mentioned Qubes being super-secure by default, it's also stressed that while Qubes does already provide a more secure framework, the security of the OS running within each isolated domain ("Qube") is also very important. I run Kicksecure (hardened Debian) within each of my Qubes VMs. For those concerned with security and running vanilla Debian on bare metal, I recommend taking a look at Kicksecure. Very easy to install over vanilla Debian, and hardens your system with no noticeable changes to the desktop experience and no tradeoff in functionality. I liked reading Whonix developer Madaidan's articles (search for "Madaidan's Insecurities") on operating system security. He also seems to be a fan of Graphene and Qubes, and is in fact quite critical of standard Linux.

If we're talking strictly bare-metal (no virtualization) installations: if I wasn't running Qubes, I'd probably opt for something like HardenedBSD (security-hardened BSD based on FreeBSD). I've played around with HBSD both on baremetal and as a Qubes VM, and from what I've studied it seems like a good functional-yet-secure middle-ground between Linux and something like OpenBSD, but I imagine the switch to BSD is not for most people (and while security may benefit, fingerprinting will certainly become a major issue).

mythodical secure boot needs a fair bit of knowledge? Its usually just toggled from BIOS. Am I misunderstanding you?

    • [deleted]

    Can't tell. But I'd prefer to use any Linux distributions that come with Gnome DE.

    openSUSE Tumbleweed while I wait for openSUSE Aeon or Kalpa to be production ready.

      Xtreix I am aware that Richard sincerely hates KDE ... still not sure why. But still, KDE (Kalpa) is necessary because there's a lot of people that prefer Plasma instead of GNOME. And both DE's have their pros and cons. Therefore I really hope Aeon and Kalpa will succeed. In the meantime, Tumbleweed is a safe haven.

      Zzgooloo secure boot can sometimes be that easy, but an optimal configuration can be quite complex. For example, have a look at the Arch Linux wiki article on Secure Boot.

      User2288 quite outdated experience... Ssd trim is not a thing anymore, most (all?) hardware work out the box (no driver to install), in fact it takes much more time to get a usable PC out of a preinstalled Windows (remove bloatware / spyware) than to install Linux !

      Arch. I mainly use to code and write. Everything else on GrapheneOS.

      LMDE6 (Linux Mint Debian Edition)
      Most applications consisting of flatpaks for some low-level sandboxing. (Absolutely not a replacement for GrapheneOS though)
      I would recommend Qubes and/or TailsOS for security.

      • [deleted]

      I'm an avid user of Debian Sid and it's my go-to operating system that powers all of my computers.

      10 days later

      overpass

      mythodical

      some easy security tips:

      Use Flatpak, on non-KDE use Flatseal to control the permissions and restrict them as much as possible.

      If you dont mind some apps missing, use the verified flatpak apps only

      flatpak remote-add --subset=verified flathub-verified https://dl.flathub.org/repo/flathub.flatpakrepo

      But you can also just install the apps via terminal and using flathub.org to find them, there security level and the blue "verified check" are displayed.


      Use automatic updates / update very often. Know that stable Distros hold back nearly all updates, which means things will stay broken and not all security updates are backported. Exception is Firefox ESR (used in Torbrowser and Thunderbird) which seems to get all security patches, of various levels.


      Use a user account not in the wheel/sudo group. Apps are either installed via flatpak or the system, so in both cases they appear on all user accounts by default.

      Some things may not be possible, but I will upload some polkit rules with a guide on how to fix those. (the repo is still empty for now)

      Using an account with no sudo permissions is important, as apps and scripts on Linux can pretty much do whatever they want, Malware is incredibly easy.


      Dont use Desktops using X11, use Wayland. GNOME, KDE are long done, but LXQt and more are also working on it. If you use Mint, dont. It relies on old buggy software (Xorg) and their Wayland transition will take forever. (Also they theme apps, which is very controversial).

      There are many Distros with modern packages

      • Fedora (including the immutable variants and ublue.it)
      • Opensuse Tumbleweed
      • Arch, EndeavorOS
      • Debian Sid

      And also Distros with pretty updated packages

      • Opensuse Slowroll
      • Ubuntu Spins

      Give Software least permissions via Flatseal, use as little as possible, and checkout (and contribute to!) my list of recommended Software!


      Use a Firewall. Block all ports by default, you likely dont need them.

      Disable CUPS if you dont print

      sudo systemctl disable cups
      sudo systemctl mask cups

      hello!
      i used for years qubesos on my pc.i liked very mutch.i dont use right now because i not have any more pc and until now i cant get a laptop that have the specivication that qubesos need . but qubesos is very privet located os for pc's .