Serious Discussion Why do you feel you are Locked In to Windows ?

[Practical Response]

I used to feel that way but then I woke up and realized 99% of what I was doing was in a browser so I switched to ChromeOS and didn't miss a thing. Then from there I switched to macOS. I don't miss a single thing. In fact macOS attracts quality developers. Bugs are far and few between.

I Use ChromeOS now only I enable the Linux environment which I run my Lab in when testing and learning, and then remove the environment when finished with that session to reinsert the restrictions again. ChromeOS is very secure by default.

That was one of the things I learned very early on with Mint, to avoid Flatpaks if at all possible and to only install software packages from the official Mint repo. And not to download or install anything from the Internet/non-Linux software. Too much potential for trouble otherwise, same as how you have to watch what you download in Windows. The only things I added to Mint were the Stacer monitor, Strawberry music player and the Chromium browser as a backup browser. My system is pretty much bare-bones and I do not venture out of the Mint repo OS environment. I run this same Mint config on two laptops and am very happy with both, they work very well.

C.H.

Absolutely, keeping everything to minimum and installing from trusted sources is very smart not to mention compatibility and performance wise, better.

 

[LennyFox]

That was one of the things I learned very early on with Mint, to avoid Flatpaks if at all possible and to only install software packages from the official Mint repo

C.H.

Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?

 

[monkeylove]

Hi Home Users,

Why do you feel you are locked in to Windows ?

Around ten points to consider in light of using operating systems like those involving Linux:

The Year of the Linux dissatisfaction

Article explaining my recent negativity and dissatisfaction with the Linux distribution testing, focusing on the state of the wider Linux desktop ecosystem, my requirements for home and work, my present and past usage of Linux, my testing rigor, missing or inadequate capabilities like graphics...

www.dedoimedo.com

And a check list as you move away from Windows:

Moving away from Windows - the software checklist

Follow-up article explaining my rationale for moving away from Windows as the operating system of choice, focusing on software parity between Windows and Linux, with a detailed breakdown of application categories, native or equivalent functionality, WINE support, and other key factors

www.dedoimedo.com

It becomes more challenging if "home users" include most computer users.

 

[Practical Response]

Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?

Probably the fact that Flatpaks are made by developers not associated with the original software which in itself is reason alone. Ubuntu is still shipping Flatpaks with the sandbox escape vulnerability that is widely known. The current " CVE-2024-32462 " allows a malicious or compromised Flatpak app the ability to execute arbitrary code outside its sandbox.

Need a list of reasons why sticking to Official mint repo is intelligent.

Flatpaks have been found to have security risks, including sandbox escape bugs and vulnerabilities in packaged software. Some say that Flatpaks are insecure because:

• Sandbox escape bugs: Flatpaks have had at least two sandbox escape bugs in the past, and more are likely to be discovered in the future.
• Vulnerable packaged software: Opening a file downloaded from the internet can compromise a system if the packaged software has a vulnerability, such as Adobe Reader or Visual Studio Code.
• Untrusted sources: Packages from untrusted sources won't be protected by the package format.
• Full access to host system: Most apps have full access to the host system, even though users are led to believe they are sandboxed.
• Lack of security updates: Flatpak runtimes and apps don't receive security updates.
• Unconfined environment: Applications are designed with an unconfined environment, and the APIs they need may not exist or may not be updated to use new APIs.
• Inadequate permissions model: The current permissions model doesn't stop potential malware from ruining files

I don't have any problem with Windows either, software wise. Just that I find my red team find security holes with ease.

@Victor M Looks like you need to present them a Linux challenge. Using Lynis system auditing to harden your installation then using other open-source tools for monitoring and prevention.

Samhain HIDS and Suricata IDS/IPS

Screenshot-2024-04-25-5-25-47-AM hosted at ImgBB

Image Screenshot-2024-04-25-5-25-47-AM hosted in ImgBB

ibb.co

Samhain is a host based intrusion detection system that monitors the file system for changes. Log file and port monitoring/analysis with detection of rogue SUID executables and hidden processes. Another alternative is Tripwire HIDS.

Suricata is a network IDS/IPS (intrusion detection/prevention system)
It runs in basically two modes. Detection mode which will log and alert the user so they can investigate, and a Prevention mode which will block attempts. It monitors network traffic for suspicious activity by comparing it to a database of known threats and pre-defined rules. Users can also create custom rules as well.

 

[transformer69]

To me windows has always felt like a more premium user interface and audio-visual experience compared to any linux distro of the contemporary generation.
I like the experience of the built in apps they have, i.e weather, calculator, sticky notes, magnifier etc.
The cpu temperatures and battery life on windows laptops are also a lot better.

 

[LennyFox]

Probably the fact that Flatpaks are made by developers not associated with the original software which in itself is reason alone.

Brave flatpak is maintained by Brave.

 

[Practical Response]

Brave flatpak is maintained by Brave

This was implemented and verified within the last couple weeks and a rarity, as it was listed as an unofficial package. The vulnerabilities and issues still stand, and for most other flatpaks they are not maintained or developed by the original software makers.

 

[LennyFox]

 

[Captain Holly]

Thanks for your insights and sharing your experience. I also only use software from the official repo, plus flatpaks offered in Linux's software manager.

Containers like Flatpak (explainer) combined with immutable (explainer) repo's are the future of Linux. In future I might move to Fedora Silverblue, but as Windows user I like Mint to much for the moment and stripped everything I did not need from the official repo and installed flatpaks using Linux Mint software manager.

The flatpaks I installed, always came with broader rights than needed (that is common knowledge), but I never needed to dive into flatpak permissions command line to adjust permissions, because Flatseal (GUI to this permissions command line) always did the trick to harden (strip rights from) the flatpak.

I only met one occasion to add rights (for installing NextDNS cert), simply allow (using Flatseal) read/write access to the folder where the cert is installed by the browser once and make it read only afterwards (by adding the magical :RO in Flatseal). So I am curious what information convinced you to stay away from flatpaks?

It was what I read on the Linux Mint Forum. In the Beginner questions section. I saw several threads there all advising that it is best to keep to the official packages in the Software Manager repo. So I took their advice and still follow it now. I am not computer smart enough to question it. To be honest there is nothing else I need to add to my config anyway. I am very happy with it as it is. I did add one other package though. The Ntag MP3 tag editor. Strawberry does a good job of reading tags but I have had to doctor up a couple here and there, Ntag works just as well as MP3Tag in Windows.

C.H.