This is the single most important aspect of immutable distributions. Because the core of the system is mounted in read-only mode, it cannot be changed. With the core system locked down as read-only, it’s not possible to change settings in directories like /etc, /boot, /dev, /proc, or other critical locations. That means if you wound up with malware on your system, it wouldn’t be able to alter the contents of those directories.

Because of this, immutable distributions are more reliable than non-immutable. Even better, if you accidentally break something, it will most likely be fixed during the next reboot.

Atomic updates are quite different from standard updates. Instead of the OS treating an update on a package-by-package basis, it’s an all-or-none situation. In other words, if an update to a single package would break something, the update will not happen and the system rolls back to the previous working state.

You get the same by setting up btrfs snapshots with any regular distro…

With an immutable system, you are always guaranteed to have a bootable system.

lies