Desktop Linux Security Review – Garuda Linux

This post documents my testing results for the Linux distro Garuda Linux. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Garuda collected 10 out of 18 possible points – A good score for a UX focused distro.

Distro Name: Garuda Linux (

Tested Version: KDE Dragonized (220101), downloaded on 2022-01-29

ISO MD5: e3c4eb652264ab97dba92e497183a8a6

Total Score: 10 / 18

Summary of Installer – Security Features:

Garuda’s graphical installer makes it very easy to fully encrypt the disk. The installer does not come with a password strength indicator.

Score: 1 / 2

Summary of Firewall:

Garuda installs UFW per default. However, UFW is not enabled by default.

Score: 1 / 4

Summary of Automatic Updates:

Garuda does not download updates during installation – However, it is Arch based and the ISO isn’t too old. Garuda also asks to update the system right after the user logs in for the first time. The Update Manager is configured to notify the user about available updates by default. Signature checking for packages is enabled by default as well.

Score: 2 / 3

Vulnerability Scanning Results:

Arch-Audit identified 0 critical and 1 high vulnerability right after installation. After a round of updates have been applied, there were no vulnerabilities present anymore.

Score: 3 / 4

Summary of User Privileges:

Garuda is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

Summary of Default Browser:

Garuda is installing FireDragon (a fork of LibreWolf) as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

Garuda does not install Firejail, AppArmor, nor SELinux by default.

Score: 0 / 1

Contact via Mastodon: