Moved from Windows to Fedora. Keep updates up to date. Not sure what else should be done for a proper Fedora configuration. Here are the applications currently installed for some sense of Privacy/Security:
Mullvad Browser (main browser used)
Mullvad VPN
Brave Browser (used when Mullvad doesn’t on some websites)
Proton Pass
Do I need a Firewall application?
Do I need an anti-virus application?
Any additional configurations or applications that I should be using?
Edit: Summarizing responses
My use case is better described as; internet browsing, reading, watching videos, stuff like that.
Fedora Workstation does not require any additional Privacy/Security tweaks
Silverblue (fedora) is better for Privacy/Security
No need for additional firewall or anti-virus applications
What’s “best” for you? It’s hard to say. What do you consider best for yourself? This is highly subjective.
And whether or not you also need select apps or tools in place is also hard to say because your threat model and computer use case is unknown. You would need to share a lot more about your needs for us to properly answer your question(s).
General recommendation is to use all the recommended tools by PG to the extent to which you want to use them or may have a need for.
General advice I have for anyone is follow the best OPSEC practices recommended by the likes of Privacy Guides and Techlore and adjust per your needs and requirements. You’ll immediately be far better than 99% of people who don’t do anything to better their online and digital privacy & security.
On Fedora, security is not as great as what you get by default on Mac or even Windows. If using desktop Linux, it’s always best to be very mindful about the commands you run in your terminal to do the things you may need to do. Always double check what each command is for and what it is supposed to do.
Besides that, there isn’t really anything particular I’d say. The standard “rules” and suggestions for using the your computer and keeping it safe applies.
Anti-virus software is not needed if you ask me. It will bog down your system and won’t be privacy respecting.
Also, using the eli5-please tag would be the identifying as a newbie question. You did not use that and so that threw me off a bit. Not complaining or saying you are at fault.
It’s included and enabled, but only accessible via the terminal by default. It’s also not very beginner friendly compared to some alternatives (in my opinion).
Likely not. The dominant perspective in the Linux community is that AV is a subpar solution compared to proactive preventative measures of avoiding compromise in the first place, and developing smarter safer browsing habits and awareness.
If you’d like to use an AV there is Clam-AV.
I’d also suggest you look into using a DNS provider like NextDNS or Quad9 with good Malware blocklists built-in. A good adblocker in your browser, and leave google-safebrowsing enabled–especially if you consider your browsing habits somewhat unsafe.
OP already appears to have Mullvad so they appear to be “protected” via/with obfuscation. But yes, otherwise, it is always best to set this up when using the open internet.
It should be noted that the default Fedora Workstation firewall zone opens SSH and ports 1025-65535 for TCP and UDP. Which is imo too permissive.
This is especially made worse because Fedora 43 Workstation now includes Cockpit which listens on port 9090.
If you want a GUI: sudo dnf install firewall-config
My overall impression is that my configuration is “good enough” Privacy/Security baseline configuration for “low risk” use of the Internet. (fedora linux 43 workstation, Mullvad VPN and Browser (all default configurations).
I loaded the firewall gui and it appears that the following are the default configurations:
Ports: tcp 1025-65535 and udp 1025-65535
Services: dhcpv6-client, ipp, samba-client, ssh are all selected.
Browsing using Mullvad Browser is: DNS over HTTPS (Max protection) over Mullvad is selected by default.
If you installed Mullvad Browser from Flathub, it’s best to uninstall it, as it’s not genuine. Use the hardened Firefox (or simply Librewolf) instead. Brave Browser handles graphics better. Don’t touch the firewall. Antivirus software is unnecessary. Avoid installing RPM Fusion unless absolutely necessary. Don’t forget to install KeePassXC.
Now I’m wondering if I should be using Secureblue instead of “vanilla” fedora…. Is there an easy way to migrate, or do I need to do a fresh install of Secureblue and try to reload all of my applications and files.
It would be nice if I could go from fedora and “upgrade” to Secureblue.
You don’t wanna use secureblue. It will require lots of setting up and maintainence from my experience. Not too beginner friendly. If anything, I would rather you use Silverblue, but only if you don’t use your Fedora computer for much: internet browsing, reading, watching videos, stuff like that.
Here is some additional configuration advice provided by PG that might be applicable to you: Linux Overview - Privacy Guides
Quick question. Does OpenRGB run smoothly on Silverblue or is it better to use a non Atomic distro for this like Fedora Workstation or Fedora KDE Plasma?
Generally speaking, no. Your machine is probably already behind a firewall (the “router”). Also, a desktop computer should not have open ports so there is nothing to protect against.
Perfect! I’ll probably use the appimage version directly from their website since it’s a universal installer. I think I heard somewhere that the flatpack version offered isn’t an official version and may have other requirements for it to work. I did see they have a Fedora rpm version but I’m guessing that installing it using rpm-ostree in Silverblue would make it part of the base image which should be a last resort.