Jack Wallen / Elyse Betters Picaro / ZDNET
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
An immutable distribution increases the security of the OS.
Linux offers several different immutable distributions.
Most of these are general-purpose, so anyone can use them.
What is an "immutable" Linux distribution?
Put simply, an immutable distro is one in which certain directories are read-only and cannot be changed. For example, the /usr directory contains many of your applications' binary executable files and is mounted read-only. Other directories mounted with only read permissions include /lib (essential shared libraries for system operation), /opt (used for optional software packages), and /var (stores variable data).
Also: What is immutable Linux? Here's why you'd run an immutable Linux distro
By mounting the directories that house application executables read-only, those apps cannot be swapped out for malicious counterfeits, which could damage your system or steal your data.
How does an immutable distro work?
Here's how that works:
The system creates a working image prior to the upgrade. The upgrade happens. The computer must be rebooted for the upgrade to apply. If anything goes wrong during the upgrade, the newly created image is applied, so you're back where you started.
With an immutable distribution, you never have to worry about an upgrade breaking things.
My colleague Steven Vaughan-Nichols goes into more detail on the ins and outs of immutable distros.
Now that I've sold you on immutable distributions, you might be wondering what options are available. Here are my five favorites.
1. carbonOS
CarbonOS was designed to be intuitive and robust. What does that even mean? Well, carbonOS uses the GNOME desktop to basically get out of your way, so you can focus more on what you want/need to do. With carbonOS, all system files are mounted read-only, and installed apps are sandboxed, so they are isolated from one another.
Also: How to run a Windows app on Linux with Wine
One thing to know about carbonOS is that it's an independent distribution -- it doesn't use Ubuntu, Fedora, Arch, openSUSE, or any other distribution as its foundation. Because of this, carbonOS is not beholden to another distribution, so it can act independently. That independence allows the development team to focus on the users, crafting an OS that is user-friendly, stable, and fun.
CarbonOS adheres to certain guidelines: a refined and consistent UI, performance, stability, and innovation. If you are fond of the GNOME desktop and want to use an immutable distribution, CarbonOS is the one you want.
2. Fedora Silverblue
Like carbonOS, Fedora Silverblue uses GNOME and it's immutable. And there's another similarity: Both distros use rpm-ostree for managing updates. Rpm-ostree is a hybrid image/package management system that makes immutable distributions possible. Both also depend on Flatpak apps.
Also: 5 Linux distros that take a little work out of the box, but are so worth the effort
To be honest, the biggest difference between carbonOS and Fedora Silverblue is that carbonOS is independent, while Fedora Silverblue is based on, well, Fedora. And because Fedora is a well-established distribution (unlike carbonOS, which is relatively new), it brings the benefits of a larger community. Essentially, Fedora Silverblue is Fedora, only immutable; therefore, if you like Fedora and you want an immutable OS, Silverblue is the way to go.
3. VanillaOS
VanillaOS is another immutable distribution that uses the GNOME desktop, which makes for a fairly quick learning curve. VanillaOS delivers a somewhat untouched GNOME environment, but you can always tweak it with whatever extensions you want. However, the developers have included a few extensions, such as Apps Menu, Auto Move Windows, Places Status Indicator, Removable Drive Menu, System Monitor, User Themes, Window List, and Workspace Indicator.
Also: I tried a Linux distro that promises free, built-in AI - and things got weird
The big difference between VanillaOS and either carbonOS or Fedora Silverblue is that this distribution is an amalgamation of Debian, Ubuntu, Alpine, Fedora, Arch, and openSUSE, which is made possible by the Apx package management wrapper. With Apx, you can install applications from various sources (apt, dnf, pacman, zypper, Flatpaks, AppImages, and even Android apps). This means you'll have a vast array of applications to choose from, all the while using an immutable operating system.
Like carbonOS and Fedora Silverblue, VanillaOS is a general-purpose operating system, so you can easily use it as your desktop OS. If you want an immutable Linux distro that uses GNOME but gives the desktop environment a bit more user-friendliness, VanillaOS is a great choice.
4. blendOS
Similar to VanillaOS, blendOS allows you to install apps from various sources (RPM, DEB, etc). BlendOS is also beautiful. This immutable distribution allows you to choose from a variety of desktop environments, including GNOME, KDE Plasma, XFCE, Cinnamon, MATE, Deepin, and LXQt. The Deepin version of blendOS is especially pleasing to the eye.
Also: This is my favorite Linux distro of all time - and I've tried them all
The biggest difference between blendOS and the others on this list is that blendOS tends to cater to developers. The distro ships with Electron 25, Hardware Locality Isotope, Neovim, Qt Assistant, Qt Designer, Qt Linguist, Qt QDBus View, Qt V4L2 test Utility, Qt V4L video capture utility, Software Token, and Podman -- all of which are geared toward developers. That doesn't mean you can't benefit from blendOS, but you'll need to take the time to install the apps you want (such as LibreOffice, GIMP, etc).
If I had to pitch blendOS to the average user, I'd most likely whisper in their ear, "Try one of the other distributions first."
5. Nitrux
Nitrux is based on Debian. Combine that with immutability, and you can guarantee this distribution is rock-solid as they come. Once upon a time, Nitrux used the KDE Plasma desktop as a basis for the NX Desktop and included MauiKit Applications. However, as of this June, the developers opted to go a different route with Hyprland and its utilities + Waybar + Wlogout.
Hyprland is a tiling window manager, which makes Nitrux out of reach for most average users. However, if you want an incredibly efficient desktop, this is the way to go.
Also: I install these 11 apps on every new Linux system, and you should, too - here's why
Nitrux has also shifted from the Liquorix kernel to the Cachy option, because Liquorix still does not include a patch to enable PSI (which is necessary for Waydroid to function). Nitrux also shrugs off the systemd init system for OpenRC. On top of that, Nitrux uses the XanMod kernel, which includes a few features to make it even more stable and responsive. Those features include kernel caching, full multicore block layer runqueue, BBRv2 TCP congestion control, ORC Unwinder for stack traces, high-responsiveness multitasking Task Type scheduler, and several third-party patch sets.
All of this comes together to make Nitrux a very fast, immutable distribution.
Get the morning's top stories in your inbox each day with our Tech Today newsletter.