Serious Discussion Why do you feel you are Locked In to Windows ?

F

ForgottenSeer 109138

I used to feel that way but then I woke up and realized 99% of what I was doing was in a browser so I switched to ChromeOS and didn't miss a thing. Then from there I switched to macOS. I don't miss a single thing. In fact macOS attracts quality developers. Bugs are far and few between.

I Use ChromeOS now only I enable the Linux environment which I run my Lab in when testing and learning, and then remove the environment when finished with that session to reinsert the restrictions again. ChromeOS is very secure by default.

That was one of the things I learned very early on with Mint, to avoid Flatpaks if at all possible and to only install software packages from the official Mint repo. And not to download or install anything from the Internet/non-Linux software. Too much potential for trouble otherwise, same as how you have to watch what you download in Windows. The only things I added to Mint were the Stacer monitor, Strawberry music player and the Chromium browser as a backup browser. My system is pretty much bare-bones and I do not venture out of the Mint repo OS environment. I run this same Mint config on two laptops and am very happy with both, they work very well.

C.H.

Absolutely, keeping everything to minimum and installing from trusted sources is very smart not to mention compatibility and performance wise, better.
 
F

ForgottenSeer 107474

That was one of the things I learned very early on with Mint, to avoid Flatpaks if at all possible and to only install software packages from the official Mint repo

C.H.
Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?
 
Last edited by a moderator:
  • Like
Reactions: vtqhtr413

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Hi Home Users,

Why do you feel you are locked in to Windows ?

Around ten points to consider in light of using operating systems like those involving Linux:


And a check list as you move away from Windows:


It becomes more challenging if "home users" include most computer users.
 
  • Like
Reactions: Gandalf_The_Grey
F

ForgottenSeer 109138

Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?
Probably the fact that Flatpaks are made by developers not associated with the original software which in itself is reason alone. Ubuntu is still shipping Flatpaks with the sandbox escape vulnerability that is widely known. The current " CVE-2024-32462 " allows a malicious or compromised Flatpak app the ability to execute arbitrary code outside its sandbox.

Need a list of reasons why sticking to Official mint repo is intelligent.

Flatpaks have been found to have security risks, including sandbox escape bugs and vulnerabilities in packaged software. Some say that Flatpaks are insecure because:
  • Sandbox escape bugs: Flatpaks have had at least two sandbox escape bugs in the past, and more are likely to be discovered in the future.
  • Vulnerable packaged software: Opening a file downloaded from the internet can compromise a system if the packaged software has a vulnerability, such as Adobe Reader or Visual Studio Code.
  • Untrusted sources: Packages from untrusted sources won't be protected by the package format.
  • Full access to host system: Most apps have full access to the host system, even though users are led to believe they are sandboxed.
  • Lack of security updates: Flatpak runtimes and apps don't receive security updates.
  • Unconfined environment: Applications are designed with an unconfined environment, and the APIs they need may not exist or may not be updated to use new APIs.
  • Inadequate permissions model: The current permissions model doesn't stop potential malware from ruining files


I don't have any problem with Windows either, software wise. Just that I find my red team find security holes with ease.
@Victor M Looks like you need to present them a Linux challenge. Using Lynis system auditing to harden your installation then using other open-source tools for monitoring and prevention.

Samhain HIDS and Suricata IDS/IPS


Samhain is a host based intrusion detection system that monitors the file system for changes. Log file and port monitoring/analysis with detection of rogue SUID executables and hidden processes. Another alternative is Tripwire HIDS.

Suricata is a network IDS/IPS (intrusion detection/prevention system)
It runs in basically two modes. Detection mode which will log and alert the user so they can investigate, and a Prevention mode which will block attempts. It monitors network traffic for suspicious activity by comparing it to a database of known threats and pre-defined rules. Users can also create custom rules as well.
 
Last edited by a moderator:
  • Like
Reactions: harlan4096

transformer69

Level 1
Mar 17, 2023
23
To me windows has always felt like a more premium user interface and audio-visual experience compared to any linux distro of the contemporary generation.
I like the experience of the built in apps they have, i.e weather, calculator, sticky notes, magnifier etc.
The cpu temperatures and battery life on windows laptops are also a lot better.
 
F

ForgottenSeer 109138

Brave flatpak is maintained by Brave
This was implemented and verified within the last couple weeks and a rarity, as it was listed as an unofficial package. The vulnerabilities and issues still stand, and for most other flatpaks they are not maintained or developed by the original software makers.
 
F

ForgottenSeer 107474

1714048995803.png
 

Captain Holly

Level 6
Verified
Well-known
Jan 23, 2021
260
Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?
It was what I read on the Linux Mint Forum. In the Beginner questions section. I saw several threads there all advising that it is best to keep to the official packages in the Software Manager repo. So I took their advice and still follow it now. I am not computer smart enough to question it. To be honest there is nothing else I need to add to my config anyway. I am very happy with it as it is. I did add one other package though. The Ntag MP3 tag editor. Strawberry does a good job of reading tags but I have had to doctor up a couple here and there, Ntag works just as well as MP3Tag in Windows.

C.H.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top