you are just exploiting my words. I never said Linux will protect me whatever happens. But it will have a better protection inherently, than any windows

bootkitty wasn’t implemented ever and if you use GUID Partition Table and your bios is set to uefi without csm, it can’t affect you, since Bootkitty embeds itself into the Master Boot Record and there exploits the LogoFail vulrenability (this was already patched btw) with as far as i remember, a self-extracting steganographical bitmap image for arbritary code execution to bypass Secure Boot with injecting face certifications to Moklist. Also, it only runs on select devices, far from all Linux systems are vulrenabe.

there are much less vulrenabilities on Linux. No system is totally unpenetrable, but having 2-5 vulrebabilities is always better than having 30-40

most antivirus apps are very invasive, heavy on resources and even spy on you. Windows defender is usually enough. However, virustotal is still recommended

there is an update, i applied it at the weekend

i checked every option. maybe it was an old version or a modified one

configure automatic snapshots and invest in a few terrabytes of storage on a home cloud, like a NAS server

idk but if my system becomes unbootable, i’d reinstall. Otherwise, set up a NAS for yourself and upload snapshots to it, configure this process to be automatic. Especially if you like to tinker with your system or/and you use a rolling release

16.47 on Cromite. But most of the identify information is not even true, almost everything is spoofed. User agent, timezone, operating system, browser name, screen size and color depth, device, even the battery percentage

i didn’t have that option in Archinstall

yes, i2p on any other system than android is a massive trainwreck. I also plan to use docker containers

i also hate powershell, batch all the way. @echo off i my anthem now

i used Tumbleweed with KDE. It is something i can recommend. Not that customizable, but it has tons of features and very stable for a rolling distro. It only breaks if you try to customize stuff too much

… and the latest security patches

depends on workload. Debian has very old packages and can be insecure but it is a set it and forget it type of thing, it is good when uptime is critical for a server. For desktops, or servers that need better security, but can tolerate a little downtime, rolling releases are good too, if you are enough to update frequently, and you should, since updates usually contain a lot of patched vulrenabilities

nixOS appeals to niche audiences who like to brag about it. I think it is not a good idea to base everything on config files, since there is a lot of room for user error

Tails in itself is reasonably secure too, but it was mostly designed for use with public computers and forensics, and ofc to conceal network activity that might seem suspicious. And it is a good solution if you need a portable linux, and your android phone is not a good choice for your use case.

they are the most widely used, hackers and malware developers target these distros first

i tried lxqt and gnome. those were disappointments. And i used kde and cinnamon too, those are good

no, Qubes, Bazzite, Garuda were made with security in mind. Containerization, selinux enforcing, hash checks, address space layout randomization is also built in. These are all more secure than Fedora. Qubes for example, uses vm containers to completly isolate every app, so the system is almost impossible to compromise by malware or hacking. Bazzite uses immutable root file system, much like stock android. it may not along well with unix philosophies, but there isn’t really a way for a malicious code to run with elevated privilages or to manipulate system files. Garuda automatically creates snapshota from the system, so if it is compromised, it can be rolled back quickly. Snapshots for external devices or cloud are supported as well. It uses zram compression on swap, this helps avoid data leakages to the disk, so makes sure that after a reboot, every session quits, since data from ram can’t leak on the disk. it also uses firejail and chaotic aur sandboxing. There is a smaller support for secure boot too. So these are all highly secure operating systems. And to some degree, privacy and security overlap each other.