Serious Discussion Here's why you should change to Linux - securing Windows is too much work

[Victor M]

Have a look at this hardening resources page: GitHub - beerisgood/Windows11_Hardening: a collection about Windows 11

There are miles of configurations that you need to do to stay secure. Sure there may be a way to automate it all. At some point, it becomes a chore.

 

[Bot]

Indeed, hardening Windows can be quite a task. Linux, on the other hand, offers a more secure environment out of the box, with less need for extensive configuration. It's all about choosing what works best for your needs and skills.

 

[Digmor Crusher]

IMO Linux is too much work.

 

[Victor M]

IMO Linux is too much work.

Using it or securing it ?

 

[bazang]

Have a look at this hardening resources page: GitHub - beerisgood/Windows11_Hardening: a collection about Windows 11

There are miles of configurations that you need to do to stay secure. Sure there may be a way to automate it all. At some point, it becomes a chore.

At least 25% of them are enabled by default, even on Home version of Windows.

You can find other GItHub pages where you can do all of that and more by running a few PowerShell scripts.

A fundamental principle of hardening anything - whether it is a workstation, server, network device, etc - is that the user needs to know the internals so that they know what they are doing. In other words the user has to have the inclination and ability to put in the effort and figure it out. Otherwise they are just heading for trouble when their post-hardening encounters issues and they do not know how to troubleshoot breakages or other problems (which is rare in the home environment but quite common in a mixed-hardware\software enterprise environment).

Problems arising from hardening systems is not the terrible usability boogeyman that some people on the forums like to propagandize. All those people do to discourage adoption of Windows hardening is create FUD for their own agenda. (I am not talking about you @Victor M )

Hardening Linux to the extent and same level as can be done on Windows is 50X more difficult. It requires much more research and labbing. There are guides and documentation available just as for Windows, but not nearly to the same range and depth. Official distro hardening documentation can range from trivial to very long, complex, and tedious.

Hardening a workstation for home is not the same as doing it for an enterprise or commercial deployment.

Most home users are better off keeping things as simple as possible - which means the vast majority of home users are best served by a Chromebook.

 

[Victor M]

You can find other GItHub pages where you can do all of that and more by running a few PowerShell scripts.

Thanks for the tip.

Hardening Linux to the extent and same level as can be done on Windows is 50X more difficult.

I wouldn't say that Linux hardening is 50X more difficult, but my degree is in IT.

Most home users are better off keeping things as simple as possible - which means the vast majority of home users are best served by a Chromebook.

Chromebooks seems secure from what I've read.

 

[Digmor Crusher]

Using it or securing it ?

Using it, tried once and did not like it at all, confusing. I suppose if I put more effort into it I may have had a different opinion.

 

[Acadia]

I use both Windows and Linux, Linux in a virtual machine. I much prefer Windows: it simply works, and it works without having to constantly jump through hoops all the time. And if anyone thinks Windows monthly updates are too numerous ...
Acadia

 

[Slerion]

just install this and 90% of tweaks and privacy issues are solved regarding windows

An optimized modification of Windows, designed for gamers.

We designed Atlas to maximize performance and minimize latency. Experience higher framerates and lower latency compared to stock, slow Windows.

atlasos.net

 

[bazang]

I wouldn't say that Linux hardening is 50X more difficult, but my degree is in IT.

10X

Not nearly as many security features in Linux to be tweaked and hardened, but of the ones that are there the person has to do extensive research.

Hardening a Linux workstation or server for enterprise requires a LOT of effort.

 

[jackuars]

• The first few weeks of Linux is all about the Great Distro hunt - exploring the unique features and quirks, finding the perfect match that suits your needs - whether you are a developer, gamer or just a curious user, and then getting ready to fall in love with the one that feels just right.
• The next few weeks of Linux is all about Customization craze - using your creativitiy and personalizing it, tailoring your desktop, installing your favorite apps from the store, and getting comfortable with the new look and feel and start to feel like a pro
• The final few weeks of Linux is about Completing the transition - diving deeper into the word of Linux and unlocking it's full potential, learning the ins and outs of the command line and then experiencing the satisfaction of a true power user.

Once you are ready, the moment of truth arrives, you've crossed the point of no return and there's no going back to Windows again. The freedom and the flexibility will keep you hooked.

 

[wat0114]

Once you are ready, the moment of truth arrives, you've crossed the point of no return and there's no going back to Windows again. The freedom and the flexibility will keep you hooked.

Well for me, that "moment of truth" only happened after many years of going back-and-forth between Linux and Windows. Only within the past few years I've stuck primarily with Linux, although I keep Windows in a dual-boot setup for those rare occasions when I need it, such as recently importing test data to an excel spreadsheet and graphing the results. I just couldn't figure out how to do that with LibreOffice Calc.

 

[simmerskool]

IMO Linux is too much work.

nah, take a look at Zorin 17.1, some other distros may be as easy to migrate to too.

 

[jackuars]

Well for me, that "moment of truth" only happened after many years of going back-and-forth between Linux and Windows. Only within the past few years I've stuck primarily with Linux, although I keep Windows in a dual-boot setup for those rare occasions when I need it, such as recently importing test data to an excel spreadsheet and graphing the results. I just couldn't figure out how to do that with LibreOffice Calc.

Unless your are using PowerQuery or PowerPivots and simply using Pivot tables......you could graph the results with relative ease. Or if you want a MS Office friendly environment, WPS Office on Linux might suit you better.

 

[Arequire]

I think it's less about Windows being too much work to secure and more that people exaggerate the need to secure it.

 

[bazang]

I think it's less about Windows being too much work to secure and more that people exaggerate the need to secure it.

Windows was developed and intended to be centrally managed by qualified security. This has ALWAYS been Microsoft's intent, regardless of the creation of Windows Home version.

Microsoft operates on a "hands-off, trickle-down" perspective and approach to home user security. The reasons for this are obvious - dealing directly with the general public and individual families\users in terms of either security or support as standard operating procedure is economically unfeasible as well as impractical.

Although every single time Microsoft has attempted to improve user security, there's that faction of the online user mob that rails against Microsoft and accuses it of over-reach and infringing upon "user rights." Whiskey Tango Foxtrot. "User rights? Oh you mean the right to download anything and execute it regardless of the fact that if you did that and it was malicious then that infection would spread from your system to a whole bunch of others? Oh I see, you're one of those selfish, self-centered 'users want to use stuff' types. You're angry about that 'User Right.'"

people exaggerate the need to secure it.

Securing a system is always to be done in a common sense manner that is proportionate to actual risk. For example, a system used by young children or by indiscriminate downloaders needs to be secured. In that case it probably is best to use default deny and virtualization. For the family made-up of a young professional couple that is security conscious, then less security is warranted. For the one-person household, like a 89 year old female that turns her system on once per year, what do you think is required to secure it?

One problem with security forums is that they are full of paranoid individuals that promote protections on the paranoid\overkill end of the spectrum.

Systems are not to be secured on the basis of "Anything can happen. Therefore, any system needs to be secured against anything possible." That perspective is completely ridiculous but that has been the argument from security forums since the very first security forum popped-up.

 

[oldschool]

One problem with security forums is that they are full of paranoid individuals that promote protections on the paranoid\overkill end of the spectrum.

Which is why noobs go overboard installing multi-layered security apps without understanding their mechanisms and the OS itself. Which is, once again, why my motto is: Stay safe, not paranoid.

 

[bazang]

Which is why noobs go overboard installing multi-layered security apps without understanding their mechanisms and the OS itself. Which is, once again, why my motto is: Stay safe, not paranoid.

Awareness, training, and education are far more effective than software.

Security is not software. It is a process.

These are unpopular facts on a forum where most members are focused on security software. What they are failing to realize is that the best that technology has been able to provide them is software and a few bits of hardware. Then there are those now beating the drums of "next gen AI" and other marketing gimmicks. The current state of AI is not capable of keeping users safe without those users doing most things securely. Going back to "Security is not software. It is a process."

This really upsets one person in particular here at MT.

 

[Andy Ful]

Here's why you should change to Linux - securing Windows is too much work.​

Many people (home users) can use computers with preinstalled Linux. They will be as safe as Windows users with extremely protected & hardened system.
But it is not necessarily true that securing Windows at home is too much work. One can do it easily in ten minutes. The problem is that such protected Windows will be as usable (or as unusable) as Linux, because the software will be also limited to the applications signed by Microsoft, and Universal Windows Platform (UWP) Apps from Microsoft Store.
Of course, many people can be happy with such limited (but safe) Windows-like-Linux. I have in mind people who use computers just like any preprogrammed home appliance (for example a coffee maker).

Edit.
The UWP apps are delivered in Microsoft Store via the GET button (and not via the INSTALL button).
Examples of good UWP apps from Microsoft Store:
https://malwaretips.com/threads/applications-that-work-well-with-smart-app-control.131260/

 

[mlnevese]

I've seen people "protect" their systems in such ways they couldn't even change simple settings because it was "Managed by an administrator" as they messed with system policies with no idea of what they were doing. Education is essential to know WHAT you are doing and WHY you are doing it.

Some go so overkill the system can barely boot...