Hi there,

Win10 is soon not supported. Tbh Linux have been on my radar since I started to break from the US big tech.

But how is security handled in Linux? Linux is pretty open-source, or am I not understanding it correctly. So how can I as a new user make sure to have the most secure machine as possible?

  • jutty@blendit.bsd.cafe
    5·
    6 hours ago

    I think the ethos of open source flips this thinking. You should not trust. Microsoft may not be noting down your banking details, but you actually don’t and can’t know if it is. What it is doing is storing other personal data, because that is in its policies. Now, to what extent it takes advantage of this capability and permission, it is again unknown and unknowable.

    Microsoft may be a big corp, but some distros are the backbone of highly critical systems, and collectively they run the vast majority of servers.

    You don’t “trust” your distro. Or your laws. Everything being done is in the open, so you can see for yourself. If you lack the knowledge to do that, there are others who are doing it and many are sharing what they find. You will “trust” on some level, because of its reputation, how established it is, but trust here means something very different from letting a huge blob of unknown code do whatever it does because I trust you.

    • UheldigeBenny@feddit.dkOP
      1·
      6 hours ago

      This is actually what I am a bit afraid of. Im danish and Denmark is becoming way to digital in the sense where we use digital ID to access banking and other systems which needs you to be identified (tax, healthcare etc).

      The open source stuff is a bit daunting when you actually don’t know shit like me.

      But as you say, Microsoft might not be better.

      • WFH@lemmy.zip
        5·
        5 hours ago

        Honestly, Microsoft is one of the most active participants in the shitty fascist dystopian surveillance shitshow in the us right now. It’s not that it “might not be better”, they are literally one of the worst.

        Open source doesn’t work on trust, it works on scrutiny. Which is much easier to do when everything is open and therefore auditable. The threat model is very different, and the mitigation process is much faster since thousands of companies, including the biggest ones, need a secure Linux to run all their servers.

        Open source software security issues comme mainly from :

        • plain old bugs like everything else
        • supply chain attacks (Example), which are actually very difficult to pull off since they tend to actually fail because of said scrutiny

        What open source software won’t do because doing so would immediately kill a project:

        • deliberate backdoors “for law enforcement” like most commercial platforms
        • invasive telemetry/spyware
        • Microsoft Recall that literally records and stores indefinitely absolutely every single interaction you have with your computer
        • basically everything that’s deliberately harmful to privacy and/or security
        • enshittification to maximize profit since there is basically no financial incentive and no venture capitalist behind distros
      • Aelyra@lemmy.ml
        3·
        6 hours ago

        If you’re trying to avoid forced telemetry and similar tracking, you’re generally safer with most of the big Linux distros. Most of them don’t collect data at all, and if they do, it’s usually easy to opt out with just a click.

        Going for lesser-known distros does increase your risk a bit, but the fact that they’re open source helps deter some bad actors, since the code can be inspected by others.

        And if you’re worried about super-sophisticated backdoors, keep in mind you’re not exactly safe with Microsoft either. A rogue employee could still cause harm, and because it’s closed source, any malicious changes might take way longer to catch.