Linux

what i did after install mint, enable firewall, disable vnc, ssh ,rdp ports. install opensnitch, install pihole

As others have said, Linux Security is a very broad topic. But the main thing is keeping your system updated, only install packages from your distro’s repositories, install a firewall and don’t install anything you don’t need should go a long way :)

For example, i use Alpine Linux as a desktop OS. This means i only install packages through apk, from the Alpine repositories. I run apk update and apk upgrade commands every friday. I use Flathub for most desktop software which i also update weekly. (To be even more secure, only install verified flatpak’s). my firewall has no incoming ports open (really not needed on my desktop). And i keep myself updated with the latest news regarding Alpine Linux, and Linux in general. So i am aware of most vulnerabilities as they are published. This is a pretty secure system.

Later on if you want even more security you can start following the CIS guidelines for your favorite distro, but the above should be a good start.

But good security is not just jeeping your system updated, it also means you have good backups in place, in case randsomware hits your system. And then there’s also the monitoring of your system for suspicious behaviour :) But these are far more advanced topics!

From a windows perspective Linux does 2 things differently which makes it more secure to Windows.

1. Like MacOS it doesn’t need antivirus software like Norton. Windows needs antivirus because DOS the OS windows is based on, had it where any program had access to anything. This is still sadly true even on Windows 11. Linux is Sandboxed, where instead of giving the program full access to everything, you just give it a sandbox with what it needs.

Unless you deliberately run a program as the admin of Linux (su or sudo), malicious code can just delete system32.

2. Linux’s is open source and while the desktop market share is tiny, there are a massive market in servers. As a result since there are a lot of eyes on the project if/when problems are found they are fixed quickly. I remember a time when a malicious actor was trying to add a backdoor into a library as a blob and it was caught.

Windows on the other hand is closed source, meaning if MS can’t find the issue, the only time it is found is when it’s in the field. To avoid downtime MS offers bug bounty programs for those who can find issues, rather than to let them exploit it.

Great to hear you're willing to move to Linux!

Like other comments pointed, there is no such thing as "most secure". It's a deep rabbit hole and it's better in general to assume that any device connected to the internet is at risk. Hell, any storage can be compromised if the entity interested put enough effort into it.

I recommande reading the page on Privacy Guides, it gives a good overview. In general, you should consider your thread model: what is you situation and why do you want security or privacy for?

• Regarding security, I would say for a general case, any modern, popular Linux distro with full disk encryption is probably good enough and as secure as any other OS. I would recommande going with a Fedora Silverblue or an OpenSUSE Tumbleweed, but the more popular Ubuntu or Mint are great as well for new users.
• If you also want "good enough" privacy, you should focus more on the software you are running, and the situation of your data, especially in your usage of your web browser. But that's a different topic entirely.
• If you actually want more advanced security though, that's where it becomes difficult/fun. You need to consider what you are trying to protect yourself from, specifically. Virus? Maybe a compartmentized OS like Qubes might be a solution. Physical access to your device? You can get a dead man switch that kills you system disk if your laptop is taken away from you. You want to hide your OS install from a security inspection? You can set a deniable full disk encryption with a facade OS that protect your from a rubber hose attack. Probably many other things exist I am not aware of.

But anyway, if your question is "Is a Linux distro at least as secure as my previous Windows", the answer is definitely YES imo. And if you want MOAR, it's gonna be a fun ride!

[edit: and yes, updates! Update you system plz.]

Most of the security is in the kernel so you can make sure you have the latest kernel. Also secureblue is a security focused distro that makes use of GrapeneOS's hardened malloc so that's the most secure one that I'm aware of.

One of the tips I'd give is the same for Windows, the best anti-virus is the user to know what he/she is doing. Linux is a better in that regard because it obfuscates very little, unlike Windows.

Also in line with viruses, given how many variants of a base system there can be, unless the virus is compiled in your machine, to my knowledge chances are higher for a virus to fail to function properly, or even at all. A way for a coder to circumvent it would be to bloat the code with system-specific instructions, which would be harder to create and optimize, but if a big enough group in resources take on the challenge, it could potentially be achieved.

On another point, something I expect to become a problem in Linux is that you need the admin's password, which is pretty much the master key of the system, for way too many things, even to install a web browser or the equivalent of 7-Zip. With scams usually involving social engineering, having the user hand a key from a system that depends mainly on it makes the system far more vulnerable.

Now, given Windows is still the bigger desktop system, scammers and virus distribution still focus on it, but as Linux grows, more ill-intended people may focus on it.

But still, Windows has far less variants, barely anything there uses passwords or more adninistration-oriented safelocks, and is much worse for troubleshooting (and having used most systems from 98FE onward, I also think it's getting worse), so I'd say Linux still has the advantages in those points I could think of.

https://www.comparitech.com/blog/information-security/linux-security-guide/

What do you mean most secure? Because that is a very broad thing.

Windows has a lot of shit to second guess the user. Linux doesn’t. Linux doesn’t babysit you. It has some guardrails but the general idea with Linux is it’s your computer, it will do what you tell it do, even if it’s a bad idea. This makes things lighter, faster, more private, but it has also led to security incidents.

Windows and Mac will watch what you are doing. If they see something suspicious, the security software can jump in and telemetry means they can notice patterns as new malware appears on their users machines. This makes the machines slower and heavier and less private, but also easier for users to deal with because they doesn’t have to actually know anything. They can just buy their way out of a problem with superdupertotallaylegitantivirus2025pro.

Anyone who says Linux doesn’t get viruses is lying to you. It does. They all do. But it’s not that common because Linux is a smaller market share so most nefarious people won’t waste their time on a smaller target unless there is something that specific target has they want. So old people using fedora kinoite to access email and facebook are fine, but Pete Hegseth watching ignoring security practices and visiting shady sites is probably a worthwhile target and could be vulnerable.

Linux has major advantageous over the industry approach of “we know best” but it also has disadvantageous. If you are the kind of person who wants to learn and improve and grow, Linux could work for you. If you are more the irresponsible buy-someone-else’s-solution-to-my-problems type, it’s not.

You're going to need to be more specific. There are dozens of aspects of security.

But if you want to have the most secure machine, then never turn it on, encase it in lead, and drop it at the bottom of the ocean.

I used to use ClamAV, but not sure I noticed much of a difference, so haven't really used any antivirus software for a while now. Curious what people in this thread think of clam.