:L We don't really have the typical problems because we don't go downloading random unknown software from Uncle Untrustworthy's Software Barn.

Repositories are centralized and carefully managed. This and things like a tougher less permissive filesystem, more secure display server and more, makes such precautions less needed.

I'm sure they exist, but heck if I could tell you what their names are; never needed them in my 7+ years of using Linux.

And you can toughen it with things like Sandboxing, Apparmor/SeLinux, and many other various methods, but that's getting into paranoia, and at that point you'd be having a simpler life with airgap networking.

You don't need antivirus/malware, just install and update your app from the package manager in your choosen distro and you should be safe.

Or those that need kernel-level DRM/anti-cheat.

Speaking of "too many layers", I've run (but not tried to seriously play) Realms of Antiquity on an Android phone. Talk about layers here!
* Game is actually a TI-99/4A game, so it ships with an emulator.
* The emulator is a Windows application. Since Android, under the hood, is a (rather unusual) Linux based system, WINE is used to make it work as a Linux program.
* But, this is an arm64 system, so we need to add box64 over the top to get the emulator to work.

On the other hand, if I had a Ti-99/4A emulator for Android, I could just cut this all down to one layer of emulation.

(Worth noting that DOSBox does CPU emulation, so it does allow you to run x86 DOS games on ARM devices, if that situation should come up.)

Indeed, those are the more important questions to ask, and "you don't need it" is not a valid answer.
And then there are drivers, utilities, productivity software you're used with or specifically need because you work with others who use it...
Plus just the way you're used to use a computer day to day, or some basic functions (hello being able to make a system image backup while the system's live, as one "little" thing).

Most games will probably work, even if they'll take some learning and tinkering. Those other things are the more notable issues.

Maybe I'm different but I was very fast to adapt. It's nice being able to just have everything lined up to search though, select, and install without all the faffing about of getting 30 seperate installers, having to manually track updates, nor having them be a complete mystery. Better/saner defaults too, like not having to ever think about firewalld.

Be it DNFdragora, Synaptic, or just the search command in your local package manager.

Or whatever Flatpak has, I guess, but that's not the path I walk.

Yeah ClamAV is free, and so is AppArmor and SELinux. You are all set.

For extra security, there is also innernette!

https://www.youtube.com/watch?v=x9S2ciB-6jc

How is that not a valid answer?

I’ve been running Linux for longer than I can remember, including a public-facing server for more than 10 years, and never installed any such tool. Am I, by doing that, exposing myself to some kind of attacks?
(to be fair, I did not use these in my Windows days either)

I’m not against security tools, not at all, but I’m only going to install, run and maintain tools I see a real use for. And until now, anti-virus/malware is not the kind of stuff I felt a need for.
(some systems install these by default, so there are obviously diverging opinions on this topic)

Not necessarily, but also not relevant. If someone comes to ask how do they do or get something, telling them that they shouldn't isn't a valid answer, nor is questioning their justification (or, for the most part, even asking for one - you want something because you just do, end of).
I wouldn't, firmly reject "walled gardens", whoever maintains them, and specifically want to have full manual control of updates, and also of connections/firewall.

I agree… and disagree ;)

Telling them "Don’t do that!" without any explanation is not useful, this is the part where I fully agree with you.

On the other hand, when switching to a very different kind of system we might take with us some old habits that are not useful in the new context, maybe even counter-productive. Of course it takes more effort to explain in details why these old habits are no longer required, so the "Don’t!" messages are going to spawn earlier and more numerous than the ones including useful explanations.

Think I've mentioned this before, but for an application firewall on Linux, I'd recommend (and have been using for years now): https://github.com/evilsocket/opensnitch

Keep in mind Linux comes with a kernel-level firewall, which, though disabled by default on most distros doesn't take much to enable for extra security. Do you need extra security? Well, depends on what you plan to do. By default a distro doesn't expose any types of vulnerable network services anyway, this isn't Windows where all manner of imaginable and unimaginable things go on behind your back.

There's also firewall-config, but that's much more bog standard, and less paranoia focused.

As I previously mentioned, most distros and applications come with their own hardening modes and needed. Most of em' don't even know the internet exists.

Yep, you did.
And, again, in my case it's not about security in itself, and not primarily even about a feeling of security, but about control. Outbound connections, updates, scheduled tasks, whatever, I want my system to just do what and when I want it to, and to let me know whenever something happens and ask me for action unless I tell it otherwise.
To me it's quite simple: When someone asks how do they do something, if you know, tell them. If you don't, move along.

I just got one of those chinese gaming handhelds, and discovered that it comes with sshd enabled, root allowed to log in, and an easily guessable password. This is obviously an insecure setup, and could lead to the device being hacked if connected to the internet.

(If you have such a device, of course, you could fix this hole by logging in and either changing the password or switching to public key authentication and uploading a public key for which you possess the private key.)

On a games store forum, this is sensible. This is what I tend to do too, and when I see people asking things that I find absurd, I simply skip the thread.

But I work on support forums too, and there you can’t simply let people shoot themselves in the foot. In no small part because they would then get back at you angrily, demanding that you pick up the pieces, thus wasting even more of your time.