Zzgooloo secure boot can sometimes be that easy, but an optimal configuration can be quite complex. For example, have a look at the Arch Linux wiki article on Secure Boot.

User2288 quite outdated experience... Ssd trim is not a thing anymore, most (all?) hardware work out the box (no driver to install), in fact it takes much more time to get a usable PC out of a preinstalled Windows (remove bloatware / spyware) than to install Linux !

Arch. I mainly use to code and write. Everything else on GrapheneOS.

LMDE6 (Linux Mint Debian Edition)
Most applications consisting of flatpaks for some low-level sandboxing. (Absolutely not a replacement for GrapheneOS though)
I would recommend Qubes and/or TailsOS for security.

  • [deleted]

I'm an avid user of Debian Sid and it's my go-to operating system that powers all of my computers.

10 days later

overpass

mythodical

some easy security tips:

Use Flatpak, on non-KDE use Flatseal to control the permissions and restrict them as much as possible.

If you dont mind some apps missing, use the verified flatpak apps only

flatpak remote-add --subset=verified flathub-verified https://dl.flathub.org/repo/flathub.flatpakrepo

But you can also just install the apps via terminal and using flathub.org to find them, there security level and the blue "verified check" are displayed.


Use automatic updates / update very often. Know that stable Distros hold back nearly all updates, which means things will stay broken and not all security updates are backported. Exception is Firefox ESR (used in Torbrowser and Thunderbird) which seems to get all security patches, of various levels.


Use a user account not in the wheel/sudo group. Apps are either installed via flatpak or the system, so in both cases they appear on all user accounts by default.

Some things may not be possible, but I will upload some polkit rules with a guide on how to fix those. (the repo is still empty for now)

Using an account with no sudo permissions is important, as apps and scripts on Linux can pretty much do whatever they want, Malware is incredibly easy.


Dont use Desktops using X11, use Wayland. GNOME, KDE are long done, but LXQt and more are also working on it. If you use Mint, dont. It relies on old buggy software (Xorg) and their Wayland transition will take forever. (Also they theme apps, which is very controversial).

There are many Distros with modern packages

  • Fedora (including the immutable variants and ublue.it)
  • Opensuse Tumbleweed
  • Arch, EndeavorOS
  • Debian Sid

And also Distros with pretty updated packages

  • Opensuse Slowroll
  • Ubuntu Spins

Give Software least permissions via Flatseal, use as little as possible, and checkout (and contribute to!) my list of recommended Software!


Use a Firewall. Block all ports by default, you likely dont need them.

Disable CUPS if you dont print

sudo systemctl disable cups
sudo systemctl mask cups

hello!
i used for years qubesos on my pc.i liked very mutch.i dont use right now because i not have any more pc and until now i cant get a laptop that have the specivication that qubesos need . but qubesos is very privet located os for pc's .

5 days later

Install minimal arch Linux and then add Gnome as your desktop environment (Wayland). Not easy for beginners but its super fast + beautiful desktop UI and no adverts popping up on your OS unlike Windows 11

    jackFang For a beginner Manjaro might be of interest if they want pacman + a clean desktop

      I use Windows 10 for what remains on Gmail accounts, FB etc. I's heavily tweaked with no automatic sevices allowed...like updates and other normally enabled services.

      I use Linux Mint as a daily driver and have Virtualbox installed with with Kali OS and Whonix OS for secure stuff. I also use Tails occasionally.

        Jobloggs Just wondering, why use Windows for FB/Gmail/other web apps? If its a tracking thing you could isolate your browsers

          raccoondad I use different browsers for different functions. I use Mullvad, Brave, Firefox and Librewolf to name a few.

          Seems my original post has been deleted? Strange...

            20 days later

            Mint, I tried QubesOS but it did not like my graphics card

            • mmmm replied to this.

              mmmm
              Yeah I read that on their forums the other day, I am now only working in VM's that I will be able to export when I change hardware

              • mmmm replied to this.