Which Linux distros are more SECURE than Windows: (Are SELinux and Wayland enough?)

I’ve been wanting to switch from Windows to Linux, but I’m reluctant: the consensus seems to be that Linux is less secure against targeted attacks. Those are included in my threat model.

Before I give up and stick with Windows, I want to ask:

Even if Linux in general is thought to be less secure than Windows, I know that there is enough variation between distros to be significant. Secureblue and Qubes, for example, sound like they would trump Windows security.

Since I’m a Linux first-timer, though, I don’t know if I want to start there.

Hence my curiosity: where do more beginner-friendly distros like Fedora or Silverblue fall? Are they, with SELinux and Wayland, enough to be a genuine upgrade from Windows, or are there notable drawbacks in switching to them? If so, what are they?

NOTE: I know that security is within actions rather than tools. I still want to choose a good distro, as I don’t plan to hop often.

aeon is most secure os
silverblue 2nd most secure
Gnome os willbe a good option once the test done
Gnome os actually provide everything like systemd homed uki and so on.

1 Like

This as a solid options and can be hardened well. the BRACE toolkit will be a great tool to use. I daily drive silverblue with hardening measures in place.

Qubes and Secureblue are considered top tier and can be restrictive depending on use case. If you play a lot of video games they may not be the best solution.

2 Likes

Get a cheap optiplex micro just for these security sensitive things: banking, email, sensitive documents, etc. Qubes recommends separate VMs for separate use cases but for non-extreme threat models, a separate “business” only machine works for me.

All my games are in a separate device.

2 Likes

It’s a lot more complicated than that. There are good reasons for why many security experts still recommend Linux distributions (like Tails and Whonix) for highly targeted individuals. Here’s how I see it:

  • Mac (and to a lesser extent, Windows) have better security features and exploit mitigations, but said companies (Apple, Microsoft, Google, etc) significantly harm or risk the users privacy or security in various ways. Windows in particular is notorious for this. These issues are inherent to proprietary systems which provide “tyrant security”, leaving you more vulnerable to the whims of said companies and their governments.

  • Mac and Windows have well established first and third party anti-malware solutions whereas Linux does not. However, Linux is currently far less likely to be targeted by malware and in many people’s experience it seems to result in far fewer infections than Windows.

  • A competent attacker might have an easier time targeting a standard desktop Linux system rather than a Windows system. But if you are being targeted by a competent attacker, I’d find it hard to believe they’d only have success on Linux and not Windows. Therefore it makes more sense to me to focus on good security practices and use layers of defenses rather than to hope Windows can prevent a compromise. This hypothetical only makes sense to me if your attackers are both incompetent yet familiar with Linux, but this is ultimately my opinion which can’t meaningfully be proven one way or another.

So whether Windows is better than Linux in your situation really depends on who your threats are and how far you’re willing to go to protect yourself from them. I personally think most people in most situations could use Linux (or ideally QubesOS), even if they expect to be targeted. So long as they practice proper security and don’t depend on the protections of their OS alone, they’ll be better off IMO.

Nothing fits neatly on a 2D spectrum and it’s hard to comment further on how suitable they are for you without any more information on your threat model. Unless you want to elaborate, I can only say that they should be more than enough for the average person and if you believe you are being targeted, you’re probably going to want to make use of virtual machines as an extra layer of defence rather than exclusively depend on the protections offered by your host OS.

The developer of Secureblue stated that operating system is for those who want to prioritize security after deciding they want to use Linux, which might imply they believe it may not be “more secure” than Windows. As explained in my rant at the beginning, what’s “more secure” is a complicated topic and not a simple spectrum of more or less secure.

That being said, QubesOS is a whole different beast as it is not a Linux distro but rather a Xen distro. It has been considered on par with or better than Windows/Mac even by critics who consider Linux so horribly unsafe that it must be avoided.

8 Likes

Why do you want to switch?

How familiar are you with Windows? Which security measures have you used? Did you make use of WDAC, Applocker, Security Baselines or similar?

Thank you so much for this very in-depth response! It gives me a lot to think about. Before I say anything more, I’d like to note that I’m not super tech-savvy, and only knee-deep in privacy at most. My goal is to be in control of my technology, but not to be forced to spend too much time on it.

To elaborate on my threat model, there is unresolved DV with an unclear degree of programming skills. Unrelatedly, there have also been online attackers on social media who have sniffed out my email, past accounts, past activities, and possibly more, before I had started taking privacy and security seriously. There’s a chance I stayed pseudononymous in the second one, but I can’t guarantee they aren’t motivated to find out more. So, there is the possibility of expansion within my threat model: I admit I don’t know my opponents and their capabilities/connections well, and it’s not like they will divulge the extent of their surveillance to me. Thus, to a decent extent, I still want to have setups that provide protections against those companies and governments. There are no established corporation or government-level attackers in my life for now, though, compared to the established fact of DV in my life.

Since virtual machines seem to be an important tool for defense, and I’ve been planning to make use of them myself, would beginner recs here like Fedora/Silverblue smoothly allow for fairly frequent use of VMs? Or, is it more that if I’m going to be using VMs, I might as well move to Qubes even despite not being a power user?

Due to the targeted nature of my threat model, Linux being less likely to fall prey to malware seems not as immediately relevant to me, but it may decrease the amount of info that data brokers have on me in the future: that may be nice. If my attackers aren’t notified to me switching to Linux, it may also trip them up. And Linux can almost certainly protect better than Windows against corps and governments.

The distinctions between competence of attacker gives me lots to think about for sure. Because of the uncertainty within my threat model, I have a desire to cover all my bases well enough to feel safe again, and not be constantly toiling. The higher placement of targeted attacks within my threat model than most threat models is still something I want to prioritize.

Another note: I do plan on opening up the possibility of using Qubes in my future, which is why I originally planned to start with Fedora flavors.

1 Like

These are both very good questions to ask, and I appreciate being asked them.

The reason I want to switch is out of a desire to have control over my technology. I don’t like the constant sense of things happening, being revealed about me and being sent off, without me knowing or being able to understand.

I think using Linux can grant me that sense of understanding and control over my usage. Since I don’t have much personal, hobbyist love for tech itself, I hope that it can do so while still allowing me to not spend ludicrous amounts of time and energy on it, unless it’s in the beginning, during the learning curve.

As for my familiarity with Windows: I’ve actually only used it for a rather short while, and haven’t yet used any of those measures you named. Before that, I used Chromebooks because parents and schools didn’t know better than to buy the cheapest thing, and I was too young to know myself.

Since I haven’t had the time to build up substantial habits on Windows, and don’t use their proprietary software yet, I thought that might work in my favour while learning Linux. Maybe even using Qubes right away.

(For some admittedly unclear reason, my instincts still scream at me to start with Fedora and play with VMs there first.)

I’ll factor that into my response then, sometimes simpler is better!

Is this someone who can get physical access to your devices? If so, defense against physical attackers might be the most important thing, in which case a mobile phone (preferably a Pixel or iPhone) would be one of the best and easiest options. Keep it up to date and regularly reboot it. If you need to have a desktop/laptop, my understanding is most Linux and Windows PCs have poor protection against physical attackers so I’m not sure if picking one over the other would help you much in that department.

The best thing you can do with a PC you already own is to ensure secure boot is enabled, use full disk encryption, and keep it powered off when not in use. You might also consider using Tails for more sensitive things. If you’re looking to buy a new device, Mac might be your best bet for protection against a physical attacker. Chromebooks are cheaper and I believe they provide similar protections, but they also seem much more privacy invasive and less capable for certain computer tasks.

As you probably know, this would have a lot less to do with what device/OS you use and more to do with which services you use and how you use them. Definitely try to go back and delete what you can and be careful going forward. Use a decent password manager (ideally protected with security keys), email aliases, and try to stick to privacy-respecting services in general. The Extreme Privacy book is useful for people at serious risk. It doesn’t always have the best cybersecurity advice (For example, I believe they recommend less secure Linux distros) but it has great advice on how to protect your personal information.

Using virtual machines are probably going to be a bit of a pain no matter what. Fedora Workstation is a great beginner distro and it can run virtual machines as well as any other Linux distro. Whonix is purpose built to be a secure and anonymous guest OS, but if you don’t need anonymity or prefer a simpler solution you can just stick with running a Fedora VM in GNOME Boxes or something.

Virtual machines on Fedora (or any desktop Linux distro) just aren’t well integrated like they are on QubesOS and they do not provide the same level of security. So yes, QubesOS would be ideal but it also comes with many downsides. There’s a large learning curve, it has very strict hardware requirements, and there are limitations to what tasks you could realistically use QubesOS for. If you don’t want to get too much into things like you said, I’d just stick with Fedora Workstation and try to use VMs for anything risky.

  • Do you have reasonbable suspicion about being targeted?
  • High risk hobbies, opinions or job?
  • Which attacks do you have in mind? Physical? Remote?

For mobile the recommendation is quite easy: GrapheneOS. You can even use its desktop mode on Pixel 8 or higher.

For desktop it’s more difficult, because there is no simple good solution and it needs more info to give recommendations.

1 Like

My reply to TheDoc in this thread explains why I have targeted attacks within my threat model. Both physical and remote attacks are included.

Thank you for the recommendation! It’s quite helpful.

To answer your post directly, SELinux and Wayland are not enough on their own. The implementation matters. SELinux on Fedora vs on Android are very different. Different compositors implement Wayland differently. Until recently, KDE allowed all apps to use the screen capture API unprompted, for example. It’s better to have these things than not, though.

It’s my opinion that Secureblue is on par with Windows when it comes to security, or trades blows depending on how you look at it. If you are comfortable with Windows level security, I would hesitate to recommend any other distro for one reason or another, but not Secureblue.

  • Similar application sandboxing model (both fairly weak; point is they are similar)
  • Hardened memory allocator option
  • Disk encryption with automatic TPM unlock (recommend with PIN)
  • Firewall deny incoming traffic by default

The main downside is that the learning curve is higher and the resources are lower compared to other Linux distros, which is already a pain point for beginners. And of course some things break or don’t “just work” due to the hardening. Their Discord server is active and welcoming though.

1 Like

Thank you for the care taken to give a direct response! I have been kind of wondering if I would get one, though I understand the general hesitation from responders.

Being told this about Secureblue is interesting. What makes Secureblue more difficult than its upstream Fedora distros? I have seen that Secureblue explicitly doesn’t prioritize beginner friendliness, but is it something I could be less concerned about given my lack of time spent with Windows itself? I do mainly spend my computer time in browsers and file managers so far.

I’m still surprised that Secureblue isn’t considered MORE secure than Windows, given that security is its main thing. But that’s interesting. Anyone else want to weigh in directly on my question?

Thank you so much for your consistently in-depth responses.

I should first apologize: in hindsight, “only knee-deep in privacy at most” may have been a misleading way for me to put it, because it sounds like I have no interest in furthering my privacy beyond knee deep, when I mostly just meant that I haven’t gone far yet compared to the average privacy-savvy person. I would actually be happy to be 100% private and anonymous, if such a thing exists. I don’t mind going as far as it can possibly take me as long as I don’t accidentally commit to something that will constantly demand unforeseen amounts of my time, cognitive load and resources for years to come. It’s better if it’s something that can become habitual and well-grasped with time.

Importantly, I wish I could understand the implications of, and be in control of, all that I do and send out on a machine. Tech in this day and age feels by large inherently deceptive: it seems to have a vested interest in presenting as more helpful and simple than it is, while doing less savory things behind users’ backs. The constant sense of lack of ownership was wearing on me, and I felt like something like Linux could help place the control back in my hands.

I appreciate your distinctions between actions for devices I already own or ones I’m looking to buy! Same with your many recommendations. Though I recognize a lot of what you say are general recommendations, it registers better and with more certainty when said to me with my needs in mind.

Extreme Privacy sounds interesting. How does one even read this untraceably, though?

Thank you also for your honesty and well-explained thoughts on VMs and Qubes. Maybe starting upstream isn’t the worst idea! Another responder has said that they hesitate to recommend anything below Secureblue, so I’m waiting on more clarity before I decide to bring down the gavel regarding my desktop OS.

The reality is that security is too complicated to precisely rank all tech in a 1-dimensional order. Sometimes a solution is blatantly less secure than another, but ultimately you have to define your needs and evaluate options based on those.

That said, most Linux distros are pretty clearly less secure than Windows in a myriad of ways. They simply have different priorities. Secureblue being a security focused project mostly helps it close the gap.

Upstream Fedora is a fine choice for most people. My hesitation in recommending it relates to higher threat models, which you claim to have, and a handful of default settings. It can be configured to be decently secure; after all Secureblue is just a highly configured Fedora system. I did some Linux penetration testing in University and can say Secureblue’s changes would have made those activities a lot harder, which is great.

Secureblue is only more difficult to use because it does cause some breakage intentionally and it is more obscure so there’s less of a knowledge base. It sounds like you mostly use the web browser so Secureblue could be fine. They even have a hardened web browser called Trivalent which is pretty nice to use.

By the way, you can rebase between Secureblue and upstream Fedora Atomic and their various desktop environments very easily, which is nice if you don’t want to reinstall Linux to try something new.

1 Like

Am I right to assume that you mean domestic violence with DV? What do you mean by unresolved?

Programming skills have nothing to do with being a black hat. Most programmers have zero skills in exploiting smartphones or laptops. You might be targeted, but, from what I’ve read so far, I don’t see any indication of them having the skills to do so, purely based on hacking and would not overstress the security aspects.

Have there been any credential leaks, usage of weak passwords or reuse of passwords which could have led to this?

I’m glad to help! :smile:

I totally forgot that I wanted to make this point earlier:

You didn’t mention any details as to what skills they might have, but it’s worth pointing out that it’s unlikely for most app/web developers to also be formidable threat actors. If this person works in offensive cybersecurity, you’d be more justified in taking more extreme measures.

It looks like the digital version on Payhip only accepts card payments, so you’re probably stuck with using payment masking services and you might be able to get away with giving a fake name and email alias.

Physical copies are sold on Amazon which might be more private if you’re willing to put a lot of work in, but considering the DV situation I doubt a physical copy is any safer. If you were still interested, I remember in the past on Michael Bazzell’s (author of the book) podcast he talked about creating a pseudonymous Amazon account.

If I’m remembering correctly, he’d create an account using a Gmail created on a dedicated burner phone paid in cash, all done using public WiFi. He’d pay for things with Amazon gift cards purchased in cash. First he had to make 1-2 small digital purchases to build account reputation before he could start shipping anything, and the first thing you ship can’t be expensive either. I can’t remember how he received items, it must’ve been at an address not tied to him or at his house which wasn’t under his name? You’ll wanna research this more before going this route because things might’ve changed. Funnily enough it might be covered in the book.

Those are the only legal ways to attain this book shown on their website. Maybe there’s a tiny chance your library or local book stores have it? Not that I’d endorse this, but I know a lot of people would sail the high seas and then pay creators through other means as a way of protecting their privacy. :person_shrugging:

One thing to keep in mind before buying this book is that they do not plan to update it as piracy killed their book business. The more time passes, the less accurate it’ll be. Intel Techniques also tends to be U.S.-centric so if you’re outside the United States, some parts of the book will only be partly useful or entirely useless.

Everyone here will have their own opinion. I think this goes back to my first comment on how OS security features can only do so much and in my opinion, it isn’t worth stressing too much over them when instead you can focus on best practices and using layers of defences, such as virtual machines.

If you feel like you’re willing to try Secureblue you can totally go for it, just understand it won’t be as easy to use and you’re more likely to run into issues which will require some time and energy to resolve. I doubt the difference between Fedora Workstation and Secureblue is world-changing, especially if you’re going to be doing anything risky within a virtual machine.

1 Like

Qubes

Yes, its technically a “Xen Distro”, but the qubes themselves are linux VMs.

“Linux is less secure than Windows” is a very misleading statement at best. For the following rationale below, I would say pretty much any Linux distro is more secure than Windows in practice:

While yes, its just somewhat more easy (likely) for exploit brokers to find bugs like local privilege escalation (LPE) exploits or sandbox escapes for standard Linux desktops than it is Windows. While this might mean for an APT buying exploits, that a linux LPE exploit might cost a few thousand dollars more to buy than LPE for windows, it doesn’t equal out to much if they already stockpiled exploits for most systems.

If your threat model includes some government APT or spyware company, or even a well-resourced criminal organization, whether or not you use Fedora or Ubuntu will seldom matter; they will most likely attempt to deliver 0-day or N-day exploits through your browser, or by redirecting traffic or sending you an infected file through social engineering. The issue is that the most threatening organizations just develop or purchase arsenals of exploits to ensure they have coverage against a variety of browsers, OSes, kernels etc.

Look at this table and ask yourself, how much it would it cost to compromise your computer?

Indeed, against well-resourced adversaries, your best options are to:

  • Hide, resisting fingerprinting and advertising if possible,to prevent them from having a vector to deliver malware to you in the first place.
  • Compartmentalize, with either VMs or seperate computers, to prevent an adversary from compromising all of your activity,
  • Be Amnesic, with either disposable qubes, VM snapshots, or live OSes to prevent a compromise from lasting

Some OSes may include exploit mitigations that prevent LPE in some cases, but how much does this matter to the regular user,? Relevant xkcd:


If you’re not following a security by compartmentalization approach that Qubes does, even if you have a very secure kernel, and the attacker executes their malware on your device through a more vulnerable program (i.e. browser, video player, PDF file reader), this is already a catastrophic scenario for most users. If an decently sophisticated adversary managed to run arbitrary code on your device, not in the bounds of a sandbox or VM, then whether or not you have X11 or Wayland probably doesn’t matter; you’re already hosed.

In summary, this is why most Linux’s weaker kernel security may not matter at all against well-resourced adversaries.

In fact, Linux has three strong security advantages over Windows:

  1. Low attack surface (less bloatware)
  2. Lack of telemetry and forced advertising
  3. Reliance on centralized, vetted software repository

1: For one of the most disastrous mass compromises of windows devices happened because Windows turns its printing services on by default., unlike a lot of Linux distros. Pre-installed such as Outlook, file transfer services, remote desktop services introduce unnecessary vulnerabilities if they aren’t needed.

2: Windows is very aggressive with pushing advertising on its users, which assists criminals with delivering malware to specific individuals. If you’re targeted by an ISP-level adversary, Windows’ telemetry can uniquely identify you by your traffic alone, which will assist the adversary in delivering malware to you. With Linux, not only do you usually lack telemetry, you can even easily modify your OS to route itself through Tor (whonix), or through a VPN, etc. While of course, privacy != security, in practice, denying a resourced adversary the ability to identify/fingerprint your can largely interfere with their ability to exploit your computer.

  1. Linux’s reliance on vetted repositories rather than the Window’s approach of finding most software on random websites is one of the primary reasons why Linux users far are less likely to be compromised. This security benefit is what matters to most users who are concerned with unsophisticated criminals rather than powerful APTs. Convincing users to install malware by duplicating legitimate websites or social engineering is one of the most common, and simple ways Windows users are infected, but this rarely happens with most Linux distros (or iOS). After all, it is far safer for a regular user to type “sudo dnf install libreoffice” than to try to find and download OpenOffice from a website that may or may not be real.

In practice hese issues specific to Windows are far more likely to get you compromised than the Linux kernel’s lack of certain security features.

4 Likes