Desktop Linux Security Review – MX Linux

This post documents my testing results for the Desktop Linux distro MX Linux. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

MX Linux collected 10 out of 18 possible points – A good balance between UX and Security.

Distro Name: MX Linux (

Tested Version: MX-21_x64 (XFCE), downloaded on 2022-01-08

ISO MD5: e773deac72f85dddb9f354d731afe678

Total Score: 10 / 18

MX Linux Installer (FDE)

Summary of Installer – Security Features:

MX’s graphical installer is very mature and makes it super easy to fully encrypt the disk. The installer also has a password strength indicator that is being used for the disk encryption password as well as the user and root password choices.

Score: 2 / 2

MX Linux (ufw)

Summary of Firewall:

MX comes with UFW installed by default. However, the firewall is not enabled automatically and therefore there is no blocking of ingress and no filtering of egress traffic.

Score: 1 / 4

MX Linux (sw update notify)

Summary of Automatic Updates:

MX is not downloading updates during installation. The package manager does notify the user about new updates, so it is likely that user will eventually install updates. The tested MX version was using Debian and one MX repository. All the repositories are using cryptographic keys to validate the packages.

Score: 2 / 3

MX Linux (vuln scan)

Vulnerability Scanning Results:

Nessus scans identified 3 critical and 2 high vulnerabilities right after installation. After applying all available updates the vulnerabilities were remediated.

Score: 2 / 4

MX Linux (sudo)

Summary of User Privileges:

MX is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

MX Linux (firefox)

Summary of Default Browser:

MX is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

MX does not install AppArmor, nor does it install SELinux.

Score: 0 / 1

Contact via Mastodon: