Hi there,
Win10 is soon not supported. Tbh Linux have been on my radar since I started to break from the US big tech.
But how is security handled in Linux? Linux is pretty open-source, or am I not understanding it correctly. So how can I as a new user make sure to have the most secure machine as possible?
It depends on how you installed it.
If you installed something via apt on a Debian based system then Debian will track the projects and push updates when the are available. If you are doing things with Snap or Flatpack then the developers of those specific applications will have some form of update plan.
Ah okay… I am kinda new in the lingo so sorry if I butcher some of it.
So it is the developers of the distros who are pushing updates?
I know you can never trust companies like Microsoft, but they are a bit more regulated by laws as they are big corps… How can you trust a distro enough to e.g. use online banking ?
I think the ethos of open source flips this thinking. You should not trust. Microsoft may not be noting down your banking details, but you actually don’t and can’t know if it is. What it is doing is storing other personal data, because that is in its policies. Now, to what extent it takes advantage of this capability and permission, it is again unknown and unknowable.
Microsoft may be a big corp, but some distros are the backbone of highly critical systems, and collectively they run the vast majority of servers.
You don’t “trust” your distro. Or your laws. Everything being done is in the open, so you can see for yourself. If you lack the knowledge to do that, there are others who are doing it and many are sharing what they find. You will “trust” on some level, because of its reputation, how established it is, but trust here means something very different from letting a huge blob of unknown code do whatever it does because I trust you.
This is actually what I am a bit afraid of. Im danish and Denmark is becoming way to digital in the sense where we use digital ID to access banking and other systems which needs you to be identified (tax, healthcare etc).
The open source stuff is a bit daunting when you actually don’t know shit like me.
But as you say, Microsoft might not be better.
Honestly, Microsoft is one of the most active participants in the shitty fascist dystopian surveillance shitshow in the us right now. It’s not that it “might not be better”, they are literally one of the worst.
Open source doesn’t work on trust, it works on scrutiny. Which is much easier to do when everything is open and therefore auditable. The threat model is very different, and the mitigation process is much faster since thousands of companies, including the biggest ones, need a secure Linux to run all their servers.
Open source software security issues comme mainly from :
What open source software won’t do because doing so would immediately kill a project:
If you’re trying to avoid forced telemetry and similar tracking, you’re generally safer with most of the big Linux distros. Most of them don’t collect data at all, and if they do, it’s usually easy to opt out with just a click.
Going for lesser-known distros does increase your risk a bit, but the fact that they’re open source helps deter some bad actors, since the code can be inspected by others.
And if you’re worried about super-sophisticated backdoors, keep in mind you’re not exactly safe with Microsoft either. A rogue employee could still cause harm, and because it’s closed source, any malicious changes might take way longer to catch.
That’s an interesting question. It’s pretty nuanced. I don’t know of any laws that would stop Microsoft from going “oops, we had a bug in our software, sorry about that”. Same for the linux distros. Unless you’re a corporate customer, then that would be included as part of some contract. So at the end of the day you trust Microsoft’s reputation. You’d trust your distro of choice as well. So as a thought experiment I would suggest that the most secure operating system provider is the one that ships a very similar version of its OS to both end-users and enterprise customers. Some Linux distributions fall into that category, some definitely not.
Also, keep in mind that some distros are run mostly by individual contributors not employed by any knowingly reputable company, so I’d stay away from those by default.