Nothin, just install your favourite distro and don’t run random command/scripts/binaries you found on the internet

So how can I as a new user make sure to have the most secure machine as possible?

That’s not what you want. You want a reasonable level of confidence that your system is secure.

The process is similar to Windows - keep it up-to-date, use good passwords, don’t run things as root (admin), and don’t install things that are questionable.

The package manager under linux is where you should start, and that varys by distro some. But generally speaking things installed from there are “safe” and will be updated by the package manager when you do updates.

Linux is always more secure than win10, so whatever your need, Linux is more secure. The biggest threat is almost always yourself, and what you open up, give away, and how easy you make the codes you use and so forth.

• Set a decently good password (password is required frequently on Linux, so do go overboard with a 40-random-characters-long password, you will regret it)
• don’t install programs or run scripts from shady sources, prefer to install programs from the Software store (package manager and flatpak)
• setup a backup system to regularly copy all your files to a separate storage device. This is the way to protect yourself from ransomware but also user errors! Having the possibility to format your drive, reinstall and restore backup in a 1 hour time span is going to give you the peace of mine you need for exploring and experimenting with Linux

the most secure possible? you’ll need to learn a ton. you’ll get there, but it’ll take a while.

decently secure? install Linux Mint, install your updates, don’t run sketchy commands with URLs in them unless you know what you’re doing, maybe follow a hardening guide. you’ll be okay.

if you need to be extremely secure and private, install Tails on a USB stick. it will be slow and frustrating, and you’ll need to save files to a second USB drive, but it will probably keep you pretty safe, and it’s decently user-friendly. just make sure you keep Tails updated! you’ll have to do that by flashing the new Tails onto a new USB drive, there’s no easy way around that.

those are your two most user-friendly, safe approaches.

Keep your user account in user space.

Avoid unnecessary root access.

Just make sure everything’s updated.

Microsoft do a good job of updating drivers and their applications, but Windows application updates vary so much.

For Linux - mostly - the distro maintainers handle all updates and just updating is usually enough.

After that it’s down to you… if you disable all the built-in protection and visit dodgy websites then any OS is going to struggle.

You can improve the out-of-box security by removing software you don’t use, improving default configurations (one size doesn’t fit all) and considering if you want additional security software - this applies to any OS.

So, to return to your question, choose a Linux distro which has regular updates and only contains applications that you use.

So how can I as a new user make sure to have the most secure machine as possible?

Shut the computer down. That’s it; computer as secure as possible.

Otherwise, if you actually want to use your computer, google for “threat model” first.

But generally: use an adblocker in your webbrowser, don’t execute random commands/tools from the internet before you know for sure what you’re doing, update stuff now and then and make backups.

To have the most secure machine possible, you might need a hardened kernel but you absolutely need to have SELinux (or equivalent) rules set up.

The easiest way to have a go at this would be to install OpenSuSE (any version will do, they all ship with SELinux ootb) and follow guides on how to setup SELinux permissions.

You don’t actually need “perfect” security in the future, any more than you did in the past. Windows was not perfect, right? So stop looking for perfection. Instead, look for “good enough for 99.9% of the world”. And you can get that with many of the popular Linux distributions.

Basically, install a popular distro, and keep your software to whatever is in the package manager. Don’t install random shit manually. Don’t download random software from random websites. Don’t fuck with security settings unless you read up on the topic very thoroughly. Then you’ll be fine.

Security is a rabbit hole.

You’re going to end up wasting a lot of time and effort on learning about something that in the end will not have a substantial impact on your computing experience.

It will make you look good in front of losers on the internet you’ll never meet, though.

There’s plethora of resources if you want to make your Linux install even more secure than the defaults (so-called “hardening”)

I would argue that Linux is inherently much more secure than windoze, simply because of how it handles user space vs. System (root access vs. User access). Also by how transparent its configuration is and how much information is readily accessible detailing how it works and how to adjust things.

However, when talking security for anything above the average user’s browsing needs, it can get very complicated depending on what you are trying to achieve.

Think of it like building something to keep out honest people vs. to keep out hardened, knowledgeable, clever thieves. Obviously the latter is going to take more time and resources to achieve, while the need to keep out more sophisticated bad actors would probably only be needed if you have something they might want.

Here are some suggestions for searching if actual security is your goal. Others can chime in with more things if they want. This is just some topics/programs you can read about to dip your toes in.

• nftables/Firewalld (common firewalls)
• wireguard/openvpn (vpn protocols)
• rootless containers (podman)

Best of luck!

what i did after install mint, enable firewall, disable vnc, ssh ,rdp ports. install opensnitch, install pihole

I used to use ClamAV, but not sure I noticed much of a difference, so haven’t really used any antivirus software for a while now. Curious what people in this thread think of clam.