10 practical tips for securing your Linux Mint system
www.fosslinux.com
While Linux Mint is known for its security features, it is not immune to threats, including malware, viruses, and hackers. It is essential to secure your Linux Mint system to protect critical, personal, and sensitive information from unauthorized access or theft.

Windows refugee here. I’m planning to move to Linux Mint but want to make sure I don’t do something stupid, as I’m unfamiliar with the Linux operating system.

I found this link with 10 tips to secure Mint.

Is this a good list? Anything else I should do to secure a Mint install?

Thanks for helping a noob!

  • jamesbunagna
    4·
    2 days ago

    Thanks for the clarification!

    If you trust both the source and the file, then downloading by itself shouldn’t constitute a problem. Supply-chain attacks are still possible, but that’s a hard problem to solve anyways. I suppose I’d only trust Qubes OS to handle that gracefully.

    For general browsing, GrapheneOS-folk would advice against Firefox(-based browsers). Instead, they’d recommend (something based on) Chromium. Personally, I do follow that advice. But I understand if you’d like to stick to Firefox(-based browsers).

    Coming back to Linux Mint, I won’t go over my (personal) qualms with the security model of the distros it’s based on. But as Linux Mint offers one of the best onboarding experiences, it would be a disservice to lead you elsewhere. Become comfortable with Linux through it. And, perhaps one day, if you feel like venturing elsewhere, you can try out distros that offer better security. Thankfully, Linux Mint’s OOTB security should be sufficient until then.

    As for the article, everything except for the fourth recommendation is a W. Utilizing ClamAV could be cool, but it’s based on a very naive understanding. You wouldn’t want an untrusted file on your system in the first place. Obviously, a lot more mileage[1] is possible. But one has to learn to walk before they can run 😉.

    1. Note that the information and instructions found on the excellent ArchWiki often work on and/or apply to other distros as well.
    • anonymous111@lemmy.worldOP
      3·
      1 day ago

      Thank you for your advice. I will take it. As a beginner, I’ll start with Mint.

      Would your reccomend any other secure distro for the future?

      • jamesbunagna
        1·
        1 day ago

        For this writing, I’ll focus on the OOTB experience. Furthermore, a daily driver for general use is assumed. I’ll also try to keep it (relatively) brief and concise for the sake of brevity. The tier list found below goes from worst to best.

        • Tier -1 : Actively detrimental distros. Joke/meme distros, abandoned/discontinued projects and even outright malicious products. Simply don’t use for production. The likes of Hannah Montana Linux and Red Star OS comes to mind.
        • Tier 0 : Unopinionated distros. These should be regarded as blank canvases from which it’s expected that you meld and forge it to your liking. As such, at least by default, they offer nothing in this regard. However, it’s possible to build a fortress if you wish. Both Arch and Gentoo fall under this category.
        • Tier 1 : Distros that have put in some work into security, but ultimately fall short. These distributions include security features and maintain regular updates, but their implementation choices can introduce security compromises. This tier often includes derivatives that modify their parent distribution’s security model, sometimes prioritizing convenience over security best practices. While it may be suitable for general use, they may not provide the same security guarantees as their upstream sources.
        • Tier 2 : Distros with sane security defaults that rely on backports for their security updates. These distributions prioritize stability while maintaining security through careful backporting of security fixes. Rather than updating entire packages, they selectively patch security vulnerabilities into their stable versions. This approach provides a good balance of security and stability, though it means newer security features might take longer to arrive (if at all). Debian and Ubuntu are prime examples of this.
        • Tier 3 : Distros with excellent security defaults and a (semi-)rolling release. For most normies, this is as secure as it needs to be. As it’s on a (semi-)rolling release, it receives security updates as soon as they come. Furthermore, this also allows them to benefit from new security features as soon as they appear. Curiously, the two distros that most resonate with this, i.e. Fedora and openSUSE Tumbleweed, are also known to innovate (and thus are pack leaders) when it comes to security solutions. FWIW, their respective atomic/immutable distros also belong in this tier.
        • Tier 4 : Security-first distros. The crème de la crème. These are probably overkill for most people. This is also the first (and only) tier that may sacrifice usability and function for the sake of security. If your highest priority is security, then you can’t go wrong with this one. Kicksecure and secureblue are its flag bearers.

        I’d personally grant Linux Mint a position in tier 2, though perhaps others would go with tier 1 instead. As such, a step-up would be a distro from either Fedora or openSUSE.

          • jamesbunagna
            3·
            1 day ago

            As I noted in the footnotes of this comment, Qubes OS is technically not a Linux distro as it’s based on Xen instead. But yeah, it’s without a doubt the gold standard when it comes to secure by default desktop operating systems; far surpassing even Kicksecure and secureblue.

            As for Tails, while its amnesiac property is excellent for protection against forensics, it’s not meant as a daily driver for general computing; which was also touched upon in the aforementioned footnotes.