After downloading graphene OS I have barely used my personal computer. I feel very insecure to use it since there is a lack of compartmentalization.
Currently dual booting windows (with Btidefender) and linux mint. I am comfortable with windows especially because I can run the antivirus on it.
Do you guys have any recommendations? Tails and Qubes aren't the most user friendly so those are kind of out of the picture.
johndoe55667788
I was going to recommend Qubes. As I find the latest 4.1 much more user friendly than previous versions. It's the only desktop OS that really does compartmentalization in a similar way as GraphenOS with its user profiles.
I suppose you can run your own VMs and get a similar experience.
Listen to advice guys and/but always make up your own mind!
Sadly there is no desktop OS that would be on par with GrapheneOS in terms of security.
When choosing a desktop OS, first think about what you'll be doing on it and how it relates to your threat model.
If an iPad with external keyboard and mouse would work for you as a replacement for desktop OS, that would probably be the most secure option. Obviously not everything can be done on iPad in a convenient manner.
ChromeOS is a good option for security if you're not afraid of Google for privacy. For example, I use a Chromebook in Guest mode for banking and nothing else.
MacOS on Apple silicon macbook is a fair option with good balance of security and convenience out of the box.
Windows had made significant improvements in terms of security in recent years. If you get Enterprise or Education edition you can further improve security and disable unwanted telemetry via group policies but it requires some effort.
QubesOS is nice for an easy way to manage many VMs but you need to understand its security limitations.
Tails Os anyone?
Prrprr2 Tails main use case is anti-forensics meaning it is designed not to leave traces of your activity on the computer.
Wnonix, on the other hand, is focused on preventing Tor leaks and excels at that. Whonix is best used on Qubes OS or 2 separate machines.
In addition to everything evalda said, I would keep an eye out for GrapheneOS on the Pixel Tablet. https://nitter.snopyta.org/GrapheneOS/status/1618382634710880256
johndoe55667788 I use Fedora Silverblue which is immutable (read-only system files) and compartmentalizes apps, much like Android/Graphene, using Flatpak as the default package manager. All app permissions can be controlled. It's possible to layer apps into the system if there is no Flatpak equivalent (e.g. I do this for a networking program and USBGuard, which locks down the USB ports so they can only be used by trusted devices).
Silverblue uses the Gnome desktop environment, but there are Pantheon, KDE, XFCE and Mate versions. IIRC, The latter three are (in their default settings) more Windows-like in their interface. A Sway version is in the works and I think a Budgie version is also on the cards.
Other immutable operating systems also exist.
It's easy to install an antivirus like rkhunter and ClamTK on any Linux distro if required.
Depending on what you have for hardware, if win 10/11 pro, 8 gb+ ram: turn off dual boot and run windows; enable hyper-v and run Linux as a VM.
If your picking up new hardware get secored-core windows 11.
DeletedUser115 For example, I use a Chromebook in Guest mode for banking and nothing else.
Does it need a Google account for guest mode or setup of the Chromebook?
