Desktop Linux Security Review – Linux Mint

This post documents my testing results for the Desktop Linux distro Linux Mint. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Linux Mint collected 13 out of 18 possible points – A very good result that shows the high level of maturity of this nicely polished distribution.

Distro Name: Linux Mint (

Tested Version: 20.3 (Cinnamon), downloaded on 2022-01-18

ISO MD5: 9f1e1cdefc445dfe8aec7e70283f0455

Total Score: 13 / 18

Summary of Installer – Security Features:

Linux Mint’s graphical installer hides the option to fully encrypt the disk behind an advanced features button but still makes it easy to encrypt the full disk. The installer also comes with a password strength indicator, which is being used for the disk encryption password and the password of the main user.

Score: 2 / 2

Summary of Firewall:

Linux Mint installs UFW and GUFW per default. However, UFW is not enabled by default. Linux Mint does ask the user to enable the firewall in the graphical Welcome Wizard though.

Score: 1 / 4

Summary of Automatic Updates:

Linux Mint does not download updates during installation. The Update Manager is configured to notify the user about available updates by default. Signature checking for packages is enabled by default as well.

Score: 2 / 3

Vulnerability Scanning Results:

Nessus scans identified 0 critical and 0 high vulnerabilities right after installation.

Score: 4 / 4

Summary of User Privileges:

Linux Mint is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

Summary of Default Browser:

Linux Mint is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

Linux Mint installs AppArmor by default and enables it. It also installs a great set of AppArmor profiles. Profiles for CUPS and LibreOffice PDF-Import are also included. Best use of application sand-boxing I have seen so far.

Score: 1 / 1

Contact via Mastodon: