Desktop Linux Security Review – Manjaro

This post documents my testing results for the Desktop Linux distro Manjaro. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Manjaro collected 12 out of 18 possible points – A pretty good result for a distro that is focused on user experience.

Distro Name: Manjaro (

Tested Version: 21.2.1 (XFCE), downloaded on 2022-01-12

ISO MD5: e9c5a96be65a618489d70ec9d23abecb

Total Score: 12 / 18

Summary of Installer – Security Features:

Manjaro’s graphical installer makes it easy to fully encrypt the disk. The installer also has no password strength indicator – Neither for the disk encryption password nor for the main user’s password.

Score: 1 / 2

Summary of Firewall:

Manjaro installs UFW per default. However, UFW is not enabled by default.

Score: 1 / 4

Summary of Automatic Updates:

Manjaro does not download updates during installation. The package manager is configured to notify the user about available updates by default. Signature checking for packages is enabled by default as well.

Score: 2 / 3

Vulnerability Scanning Results:

Arch-Audit scans identified 0 critical and 0 high vulnerabilities right after installation. Manjaro clearly benefits from being an Arch based distro here.

Score: 4 / 4

Summary of User Privileges:

Manjaro is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

Summary of Default Browser:

Manjaro is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

Manjaro installs AppArmor by default and enables it. However, only a few AppArmor profiles are installed – Based on the choice of AppArmor profiles, I would say it is more a by-product of the ISO production than a fully planned AppArmor environment. (On the Gnome version of Manjaro there are no AppArmor profiles installed…)

Score: 1 / 1

Contact via Mastodon: