I’m still in the research phase of switching to Linux and don’t know if this concern is reasonable. I’m not tech savvy. I’m comfortable in the windows ecosystem and could use the dos prompt fine when they used it. I played with QBasic and C++ when I was younger and have built a few computers but that was a couple decades+ ago.
My concern is dealing with malware. I know that Linux has less issues with malware than Windows but, as I understand it, that’s primarily because it has a comparatively small market share. I feel like I’m getting into Linux just as it’s getting more popular and that it will get worse if the EU moves away from Microsoft because they will most likely adopt some form of Linux as their new standard. More less tech savvy people like me moving to Linux makes it a juicier target for people who create and use malicious software. It’s not a reason to stay with Windows but is it a reasonable concern? Are there sufficient tools for people who don’t really know what they’re doing to be reasonably secure on Linux and will they keep up if the threat profile expands as Linux picks up more users?
One thing to think about with Linux—where I think you’re getting the wrong impression—there’s something like fifteen billion Linux installations globally. Compare that to Windows where there’s about 1.9 billion.
Yet for some painfully obvious reason, Windows has about an order of magnitude more serious, actively exploited vulnerabilities than Linux. For every serious, actively exploited Linux vulnerability (which includes basically anything in the tens of thousands of packages + kernel that are available and ready to install in any Linux install), Windows has vastly more. And that’s just the stuff branded by Microsoft!
There’s a whole lot of reasons why you’re much more secure in just about every way on a Linux install, but believe it or not, you know what the single most important factor is, that prevents malware from being much of a problem? Default permissions!
It sounds silly, but whenever you download something on a Linux desktop you can’t just execute it. You have to take an extra step and mark that thing/malware as executable before you can run it. It’s a step where everyone stops to think, “hmm… Maybe I should double check this.” 😁
This doesn’t stop the truly careless, of course. But it’s easily the biggest factor in preventing the sorts of “drive by malware” that people often get suckered into running.
Contrast this with Windows where literally everything is executable by default. You can change a .txt to an .exe and BAM! Windows will now attempt to execute it when you double click on that file (that would throw an error, but you get the idea).