Which linux distribution offers both high performance and security?

I’m considering switching from Windows to Linux. Due to work reasons (python/java programming), Linux actually has better compatibility for me. i tested but the performance of QubesOS is not that good.
I hope it would be better to have a linux distribution that is secure and performant enough, guys do u have any recommendations?

If you’re okay with an immutable distribution, then I would highly recommend trying openSUSE Aeon, and if you want a traditional distribution, then try Fedora with @SkewedZeppelin’s brace.

1 Like

thx, i’ll try it

For home use i recommend that what @Lukas recommend opensuse aeon which is just a opensuse micro os
2nd would be fedora silverblue. Not the traditional distro still if you want you can try ultramarine os which is just fedora with all free and non free repos. which you will ultimately do.
Also you can tru ublue os.

MicroOS is a server distribution and is made for servers, Aeon is a desktop distribution and is made for desktop use.

Microos is also have desktop if you try to install you will find dektop option like kde and gnome is there. Just install it and you have dektop.

This is an outdated video, and he is using an outdated ISO.

Aeon has it’s own image which can be downloaded here: https://aeondesktop.github.io/

Yes i know but this is the same thing.

No, Aeon has its own separate image and its own installer called tik, which you can find here: GitHub - sysrich/tik: Transactional Installation Kit

Performance-wise they are all fine, as long as you don’t do some HPC stuff. Would look for a distro which is supported by the tools you need and a Wayland-based desktop environment with which you feel comfortable, e.g. KDE. Security-wise they are all more or less not great by default. Would stay away from forks of forks (e.g. no Linux Mint). Some distros are better than others in terms of security, but the question is how much it matters, if you only use it for work and programming. How proficient are you with using Linux?

Qubes is overkill for a daily driver of the general public


It’s not really overkill, it’s just bad in terms of resource usage, UX, gaming, etc. That’s why the general public shouldn’t use it.


I think performance is mostly the same across most distributions if they use unmodified, upstream kernels from Android. Security is what really differentiates between the various distros.

Some distros ship with a set of security policies called SELinux to improve security by limiting the reach of certain privileged processes. On some distros like Arch Linux, you need to set that up youself.

As @Lukas mentioned, openSUSE Aeon and Fedora Linux are great options.

However, if you are brand new to Linux I would suggest not using brace for the meanwhile since you need some technical knowhow in order to diagnose any potential issues that can arise with the hardening.


I am afraid to ask this question, but whats so special about opensuse again?

Note: MicroOS Desktop was renamed to Aeon.

I told you.


MicroOS is a server OS.

MicroOS Desktop was a dekstop OS that had two variants, GNOME and KDE.

Then both GNOME and KDE versions turned from MicroOS Desktop into openSUSE Aeon and openSUSE Kalpa.

Then the developer of Aeon created his own installer and started shipping Aeon images.

So no, Aeon isn’t just MicroOS.

1 Like

What are the key differences between this and silverblue?


Fedora Atomic (Silverblue/Kinoite) OpenSUSE MicroOS (Aeon/Kalpa)
Release schedule Every 6 months Rolling
Recommended app installation Flatpak, AppImage, Toolbox Flatpak, Distrobox
Can install RPMs? Yes (rpm-ostree) Yes (transactional-update)
Can change base system? No Yes (transactional-update)
Prevents configuration drift? Yes Only if you don’t touch transactional-update
Desktop environments Gnome, KDE, others Gnome, KDE (alpha)

Fedora Silverblue/Kinoite: you have a base image that can’t be changed (“immutable”) and you install apps mainly as Flatpaks or in containers (via the preinstalled toolbox package), but you also have the option to “layer” RPMs on top of your base image. Some won’t work, e.g. if the RPM wants to install kernel modules. It follows the same release schedule as Fedora, with a new release every 6 months and only minor updates in between. If an update goes wrong, you can revert to the previous base image of your system. You can also switch between images (e.g. Gnome to KDE) easily and without messing up your system.

OpenSUSE Aeon/Kalpa: Instead of having the base system as an immutable image on which you can layer RPM packages on top, it uses btrfs snapshots and whenever an update or change to the system happens this will be done in the new (future) snapshot. After a reboot you’ll be in the new snapshot but if anything goes wrong you can revert to the previous snapshot. Unlike Fedora, it’s not possible to “layer” an RPM (so that it remains cleanly separated from the default system) but you have more flexibility as you can basically make any changes you want to the new snapshot using transactional-update, whether that’s installing an RPM or changing any system config files. Installing kernel modules and low-level drivers is also possible. However, the more you tinker the more you’re on your own, because you risk having a “configuration drift” (drifting away from the default install). Other differences are that it uses distrobox instead of toolbox (distrobox is much better imo) and that the base system is a rolling release (using OpenSUSE Tumbleweed packages) so you are continuously updating to the newest packages.