Desktop Linux Security Review – EndeavourOS

This post documents my testing results for the Desktop Linux distro EndeavourOS. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

EndeavourOS collected 9 out of 18 possible points – An OK balance between UX and Security.

Distro Name: EndeavourOS (

Tested Version: Atlantis neo 21_5 (XFCE), downloaded on 2022-01-11

ISO MD5: 916ffee83602f9f59b00cf0971de299f

Total Score: 9 / 18

Summary of Installer – Security Features:

EndeavourOS’ graphical installer makes it easy to fully encrypt the disk. The installer also has no password strength indicator – Neither for the disk encryption password nor for the main user’s password.

Score: 1 / 2

Summary of Firewall:

EndeavourOS does not install a firewall per default. It does offer a Firewall installation under “Add more Apps” in the Welcome App.

Score: 0 / 4

Summary of Automatic Updates:

EndeavourOS does not download updates during installation. Setup of software update notifier is a thing in the Post-Install recommendations but is not done by default. Signature checking for packages is enabled by default.

Score: 1 / 3

Vulnerability Scanning Results:

Arch-Audit scans identified 0 critical and 0 high vulnerabilities right after installation. EndeavourOS clearly benefits from being an Arch based distro here.

Score: 4 / 4

Summary of User Privileges:

EndeavourOS is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

Summary of Default Browser:

EndeavourOS is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

EndeavourOS does not install FireJail, AppArmor, nor does it install SELinux.

Score: 0 / 1

Contact via Mastodon: