I’m still in the research phase of switching to Linux and don’t know if this concern is reasonable. I’m not tech savvy. I’m comfortable in the windows ecosystem and could use the dos prompt fine when they used it. I played with QBasic and C++ when I was younger and have built a few computers but that was a couple decades+ ago.

My concern is dealing with malware. I know that Linux has less issues with malware than Windows but, as I understand it, that’s primarily because it has a comparatively small market share. I feel like I’m getting into Linux just as it’s getting more popular and that it will get worse if the EU moves away from Microsoft because they will most likely adopt some form of Linux as their new standard. More less tech savvy people like me moving to Linux makes it a juicier target for people who create and use malicious software. It’s not a reason to stay with Windows but is it a reasonable concern? Are there sufficient tools for people who don’t really know what they’re doing to be reasonably secure on Linux and will they keep up if the threat profile expands as Linux picks up more users?

  • netvor@lemmy.world
    11·
    22 hours ago

    Lot of people will tell you something like “don’t run stuff aS rOoT” but from personal security POV root is almost irrelevant. Potential attacker can do plenty of damage without root.

    root only allows crossing boundaries of the current user, but for personal use, everything you care about is probably 100% accessible under your normal user account. You don’t need root to steal your photos and passwords, you don’t need root to shimmy a daemon in your ~/.profile to start every time you log in, you don’t need root to mine shitcoins, use your machine as part of botnet or whatnot.

    Good advice is to vet everything you install, or choose a third party to vet it for you. In ideal world,

    • choose a stable, well-maintained and up-toodate distro with a good reputation,
    • limit installing software from official sources only. …and you’re probably going to be fine.

    In less than ideal world, maybe add flatpak to the mix but assume that the repository is a wild west. Running AppImage apps or installing third-party .deb/.rpm/etc. packages, again, if you trust the source, you trust the source.

    (But for f’s sake, don’t just run curl | bash scripts (with sudo or not) from random github repos and stuff.)