What do you mean most secure? Because that is a very broad thing.
this post was submitted on 13 Sep 2025
95 points (94.4% liked)
Linux
59379 readers
824 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
Since I was referring to win10 losing support I thought it was understood that I asked about security updates like windows does. Pardon me. But to specify, how is the ongoing security updates working on Linux? Who does it? Is it even being done? It is an assumption on my side that the security is done in the same manner like win and mac, with continuous updates but that might as well be a wrong assumption.
load more comments
(7 replies)
what i did after install mint, enable firewall, disable vnc, ssh ,rdp ports. install opensnitch, install pihole
I would argue that Linux is inherently much more secure than windoze, simply because of how it handles user space vs. System (root access vs. User access). Also by how transparent its configuration is and how much information is readily accessible detailing how it works and how to adjust things.
However, when talking security for anything above the average user’s browsing needs, it can get very complicated depending on what you are trying to achieve.
Think of it like building something to keep out honest people vs. to keep out hardened, knowledgeable, clever thieves. Obviously the latter is going to take more time and resources to achieve, while the need to keep out more sophisticated bad actors would probably only be needed if you have something they might want.
Here are some suggestions for searching if actual security is your goal. Others can chime in with more things if they want. This is just some topics/programs you can read about to dip your toes in.
- nftables/Firewalld (common firewalls)
- wireguard/openvpn (vpn protocols)
- rootless containers (podman)
Best of luck!
Windows has a lot of shit to second guess the user. Linux doesn’t. Linux doesn’t babysit you. It has some guardrails but the general idea with Linux is it’s your computer, it will do what you tell it do, even if it’s a bad idea. This makes things lighter, faster, more private, but it has also led to security incidents.
Windows and Mac will watch what you are doing. If they see something suspicious, the security software can jump in and telemetry means they can notice patterns as new malware appears on their users machines. This makes the machines slower and heavier and less private, but also easier for users to deal with because they doesn’t have to actually know anything. They can just buy their way out of a problem with superdupertotallaylegitantivirus2025pro.
Anyone who says Linux doesn’t get viruses is lying to you. It does. They all do. But it’s not that common because Linux is a smaller market share so most nefarious people won’t waste their time on a smaller target unless there is something that specific target has they want. So old people using fedora kinoite to access email and facebook are fine, but Pete Hegseth watching ignoring security practices and visiting shady sites is probably a worthwhile target and could be vulnerable.
Linux has major advantageous over the industry approach of “we know best” but it also has disadvantageous. If you are the kind of person who wants to learn and improve and grow, Linux could work for you. If you are more the irresponsible buy-someone-else’s-solution-to-my-problems type, it’s not.
You're going to need to be more specific. There are dozens of aspects of security.
But if you want to have the most secure machine, then never turn it on, encase it in lead, and drop it at the bottom of the ocean.
Since I was referring to win10 losing support I thought it was understood that I asked about security updates like windows does. But to specify, how is the ongoing security updates working on Linux? Who does it? Is it even being done? It is an assumption on my side that the security is done in the same manner like win and mac, with continuous updates but that might as well be a wrong assumption.
Security updates are provided by each package maintainer and released on their own schedule. Microsoft releases updates monthly on Patch Tuesday, unless there's a severe vulnerability that can't wait. But since Linux is a bunch of different packages rolled into a distro, there's no one authority managing updates.
So, this means you might get them faster, or if a maintainer is not engaged, slower. Or, if a package is abandoned, not at all. Distros generally make sure their provided packages are maintained, but updates to third-party packages are not guaranteed.
it's similar. in a mainstream distribution with a desktop environment, updates can typically be configured to notify you or install automatically. it's common for those updates to now also include third-party sources like flathub.
upgrades (to a next point release or major version) are different, some can be fairly straightforward--others, not so much. and those upgrades will be more frequent, as the "lifecycle" for most linux distributions is shorter than windows' 10 years.
There are also rolling release distros that never need upgrades. You install the system once and normal updates are all it needs.
Others have said it before but basically : what is YOUR (not me, not your best friend, nor your colleague, etc) threat model?
To clarify that means WHO is actually trying to threaten your security?
Typical for most people it would be :
- scammers trying to get pieces of your identity or your local cryptocurrency wallet or resources they can use to repeat that on to others.
For some people, like activists or political journalists it would be :
- national actors, e.g. governments, with their surveillance apparatus, who might end up on a list with a set of conditions that would trigger some automated scan to get e.g. Signal logs
For very very few people, say Edward Snowden, who within the previous group actually did trigger some action :
- actual team of hackers trying to hack into their devices
So as you can imagine if you are part of group 1, 2 or 3 then way you will protect yourself is totally different. What you will also have to protect is also different, e.g. if you have no cryptowallet but are traveling you might have to protect your phone physical phone and its data.
So... if you are serious about this, take a cybersecurity class. There are plenty available but how a computer works, software and hardware alike, is precisely what makes them simultaneously powerful and also dangerous. There are plenty of ways to break security (e.g. return oriented programing), plenty of ways that practically impossible (e.g. encryption) due to the very nature of computers (i.e. computational complexity) which IMHO makes this one of the most fascinating topic. Ask yourself come the credit card in your pocket (costing few bucks to make) can't be cracked by the largest super computers (costing billions) on Earth?
TL;DR: no offense but you don't seem to be ready for the answer without getting the basics first.
I used to use ClamAV, but not sure I noticed much of a difference, so haven't really used any antivirus software for a while now. Curious what people in this thread think of clam.
load more comments
(1 replies)
From a windows perspective Linux does 2 things differently which makes it more secure to Windows.
- Like MacOS it doesn’t need antivirus software like Norton. Windows needs antivirus because DOS the OS windows is based on, had it where any program had access to anything. This is still sadly true even on Windows 11. Linux is Sandboxed, where instead of giving the program full access to everything, you just give it a sandbox with what it needs.
Unless you deliberately run a program as the admin of Linux (su or sudo), malicious code can just delete system32.
- Linux’s is open source and while the desktop market share is tiny, there are a massive market in servers. As a result since there are a lot of eyes on the project if/when problems are found they are fixed quickly. I remember a time when a malicious actor was trying to add a backdoor into a library as a blob and it was caught.
Windows on the other hand is closed source, meaning if MS can’t find the issue, the only time it is found is when it’s in the field. To avoid downtime MS offers bug bounty programs for those who can find issues, rather than to let them exploit it.
load more comments
(6 replies)