What are you talking about? Windows isn’t very secure to begin with. Bazzite in particular is one of the more secure Linux desktop distros as it’s immutable and comes with SELinux enabled by default. It’s secure enough to actually cause me problems lol.
I don’t use or particularly believe in secure boot.
I have a fully encrypted root partition, with automatic unlocking using the TPM. Wasn’t even that hard to setup either. Bazzite makes it fairly easy to enroll a secure boot key if you really want that, as do some other distros. Nothing you are describing is that difficult.
A lot of systems use AppArmour instead of SELinux, as this is easier to work with while still providing enhanced security.
It’s not hard to set up if you already have sufficient baseline technical knowledge to feel comfortable copy-pasting the right commands from the Internet with hope that you don’t brick your computer (which ironically fedora or opensuse kinda did although I eventually found out how to work around the failure which makes my laptop permanently unable to use an older version of Linux lololol).
Arch was really easy to set up, I followed tutorials for fedora from fedora which never worked, and opensuse worked until a power outage then never again. So easy. So simple.
Secureboot with shim is the easiest, the arch (/standalone) way seems to work better and more securely since it’s my own keys, but again depends on feeling a lot of unearned confidence. Some distros like Ubuntu and suse include mechanisms for secureboot, others do not, hence hit or miss.
Tldr I know what you’re telling me, and from my pov and experience none of that changes what I said for the average “go on, try Linux, you’ll like it” user.
What are you talking about? Windows isn’t very secure to begin with. Bazzite in particular is one of the more secure Linux desktop distros as it’s immutable and comes with SELinux enabled by default. It’s secure enough to actually cause me problems lol.
It’s a real challenge to get a fully encrypted system with secure boot (easier now but still hit or miss with Linux) and tpm.
What you’re describing is the user never security model which is as you said restrictive enough to be annoying, and more controlled than windows.
I don’t use or particularly believe in secure boot.
I have a fully encrypted root partition, with automatic unlocking using the TPM. Wasn’t even that hard to setup either. Bazzite makes it fairly easy to enroll a secure boot key if you really want that, as do some other distros. Nothing you are describing is that difficult.
A lot of systems use AppArmour instead of SELinux, as this is easier to work with while still providing enhanced security.
It’s not hard to set up if you already have sufficient baseline technical knowledge to feel comfortable copy-pasting the right commands from the Internet with hope that you don’t brick your computer (which ironically fedora or opensuse kinda did although I eventually found out how to work around the failure which makes my laptop permanently unable to use an older version of Linux lololol).
Arch was really easy to set up, I followed tutorials for fedora from fedora which never worked, and opensuse worked until a power outage then never again. So easy. So simple.
Secureboot with shim is the easiest, the arch (/standalone) way seems to work better and more securely since it’s my own keys, but again depends on feeling a lot of unearned confidence. Some distros like Ubuntu and suse include mechanisms for secureboot, others do not, hence hit or miss.
Tldr I know what you’re telling me, and from my pov and experience none of that changes what I said for the average “go on, try Linux, you’ll like it” user.