Hi, Im searching for a secure distro for normal daily use for my laptop. Currently Im running arch linux with full disk encryption, secure boot, linux hardened, firewalld and most apps as flatpaks (with some disabled permissions using flatseal). I think its pretty secure laptop but it could be more secure.
Tails and Whonix are the most secure but they are not ment for normal daily use…
There is a lot of new immutable distros. Getting (system) malware is harder to get on them. Im most interested in blendOS, because its based. Does anyone know if it has full disk encryption, secure boot, etc. or can it be done by the user? What about other distros like Fedora Silverblue?
Any other recommendations?
Thank you :)
Puppy Linux - the OS is spooled into RAM from a single signed compressed image. by default there is no write back to physical data store; this can include user folders etc. each boot can be a clean slate.
Since the OS itself is in a single compressed & signed package, if someone alters it via a sidecar boot to an alt OS, it and you would know.
When there are chain of custody issues it is pretty secure when added with the usual bevy of other securing options.
What’s your use case?
Programming, school, and everything else.
You don’t need a security focused distro to hide the hentai from your mom, nor to shield your 0.0047 XMR from hackers.
And you dont need a lemmy account for posting useless comments
I do actually, you can’t post as guest.
Seems to me like you already have a secure setup. You just need to keep it secure. I personally can’t imagine downgrading from using Arch to an inflexible immutable distro.
an inflexible immutable distro
Besides the somewhat unfortunate and false ‘immutable’ name, what makes them inflexible according to you?
Can’t install a new system package for most immutable distros without going through some magic incantation, then doing a reboot as an example.
Everything immutable is designed to be inflexible for the user. Am not saying that it’s a bad thing if that’s what you clearly want.
Everything immutable is designed to be inflexible for the user
laughs in NixOS being as flexible as Arch, having about the same number of packages and better stability, as well as offering rollbacks, a stable release if you want that breadth of package availability on a static release system, that also has a declarative configuration, making it far, far easier to set up over time, or on multiple machines
NixOS is very different from something like Fedora Silverblue or MicroOS. Am not even sure we are talking about the same thing here.
Still immutable. You can’t make a claim about all immutable systems, when some don’t follow the same principles and don’t necessarily have the same limitations. With SilverBlue you can still use rpm-ostree and I think it is also possible to install such packages on MicroOS, but I don’t know how.
Found an article that clearly describes what immutable distros are. I don’t know where NixOS fits in all this.
My claim about them being inflexible is because that’s how they are designed. Doesn’t take 5 minutes to come to that conclusion compared to traditional distros.
They are not as flexible, but claiming them to be inflexible creates a false perception. It might not be as easy to change some parts of them, but it is certainly possible
How is blendOS based?
And personally most distros will do since linux is secure over all. I like Linux Mint personally and is good for programming and generic use.