I’m still in the research phase of switching to Linux and don’t know if this concern is reasonable. I’m not tech savvy. I’m comfortable in the windows ecosystem and could use the dos prompt fine when they used it. I played with QBasic and C++ when I was younger and have built a few computers but that was a couple decades+ ago.
My concern is dealing with malware. I know that Linux has less issues with malware than Windows but, as I understand it, that’s primarily because it has a comparatively small market share. I feel like I’m getting into Linux just as it’s getting more popular and that it will get worse if the EU moves away from Microsoft because they will most likely adopt some form of Linux as their new standard. More less tech savvy people like me moving to Linux makes it a juicier target for people who create and use malicious software. It’s not a reason to stay with Windows but is it a reasonable concern? Are there sufficient tools for people who don’t really know what they’re doing to be reasonably secure on Linux and will they keep up if the threat profile expands as Linux picks up more users?
Distros that don’t have SELinux generally have AppArmor, which is similar, and has the advantage that it doesn’t have quite such a boneheaded design getting in the way all the time. :3 So I wouldn’t pick a distro just to get SELinux, personally!
(I don’t like how SELinux sticks labels on individual files, except those labels are apparently pointless, because there’s a tool specifically to go through your whole filesystem and reset all the labels if they get screwed up. Which can happen (e.g. if you mount a home directory that doesn’t have the labels of every single file in it set to “this is a home file”, because you moved it from a Debian install where that isn’t a thing).)
– Frost
I can’t find it now, but there was some talk about AppArmor being dropped due to its limiations, but I guess that’s no longer the case?
But yeah the selinux “just relabel all” is an annoying duct tape solution to anyone who has issues. Optimally you should only need to relabel a dir/file once or set the appropriate selinux policy flag if you do run into a problem.
The user friendly solution is supposed to be the troubleshooter, which actually works pretty well most of the time, but it still requires the user to know how SElinux works to use correctly.