Desktop Linux Security Review – Pop!_OS

This post documents my testing results for the Desktop Linux distro Pop!_OS. I performed the same testing on the following distros:

The results are based on the methodology described here:

Linux Desktop Security Review

Pop!_OS collected 9 out of 18 possible points – An OK balance between user experience and security.

Distro Name: Pop!_OS (

Tested Version: 21.10 (AMD64), downloaded on 2022-01-18

ISO MD5: 3b5855209aabce15c5f099f544818b38

Total Score: 9 / 18

Summary of Installer – Security Features:

Pop!_OS’ graphical installer makes it very easy to fully encrypt the disk. The installer also comes with a password strength indicator, which is being used for the disk encryption password and the password of the main user.

Score: 2 / 2

Summary of Firewall:

Pop!_OS installs UFW per default. However, UFW is not enabled by default.

Score: 1 / 4

Summary of Automatic Updates:

Pop!_OS does not download updates during installation. The Update Manager is configured to notify the user about available updates by default. Signature checking for packages is enabled by default as well.

Score: 2 / 3

Vulnerability Scanning Results:

Nessus scans identified 1 critical and 2 high vulnerabilities right after installation. After a round of updates have been applied, there was still one critical and one high vulnerability present.

Here are the vulnerabilities that need to be remediated:

Score: 0 / 4

Summary of User Privileges:

Pop!_OS is using sudo for admin task elevation and protects the use of sudo with a password.

Score: 2 / 2

Summary of Default Browser:

Pop!_OS is installing Firefox as the default browser. It is regularly updated. However, it does not warn about the execution of downloaded files.

Score: 1 / 2

Summary of Application Sand-boxing:

Pop!_OS installs AppArmor by default and enables it. It also installs a great set of AppArmor profiles. Profiles for CUPS and LibreOffice are also included. Another good example of application sand-boxing usage to improve overall security.

Score: 1 / 1

Contact via Mastodon: