I would like to review this distribution from a perspective that a few do. And that is Security.
Professionally, I work in Information Security and in the last 15 years I have seen things in systems, that would knock your socks of regarding security.
TL;DR; Simply amazing.
Manjaro is mainly aimed at desktop users.
I will use as examples the XFCE and Gnome version which I have used primarily (and Architect) , so if I am missing something from either KDE or any of the Community Editions, I apologize in advance.
Disk Encryption: Out of the box. Just type in a password and you are ready to go.
AppArmor: Enabled and running by default.
Ability to choose only https mirrors:
sudo pacman-mirrors --api --proto https
Firewall: Installed by default, enabled by the user.
System Backups: Just open Timeshift, configure it, ready to go.
Lynis score in default installation: 70 (Ubuntu gets a 50)
Kernel Parameters are configured securely for a desktop user
Vulnerability Patching: We are on a Rolling distribution. Probably faster patching than other distros.
Additional tools and software available in the repos:
Veracrypt: Encrypt folders, External Disk Drives, and create encrypted USB Drives that work on Linux, Windows and macOS without spending money on expensive hardware.
usbguard: Do not allow allow any USB device to be connected unless allowed.
Tor-Browser Launcher: Enhance your privacy.
FirewallD: From a laptop user's point of view, using the option to change zones, is so easy a child can do it. And it is integrated with NetworkManager.
DejaDup: Back up utility with encryption options, by default installed on Gnome Edition.
Wireguard: The faster and more secure version of VPN.
ClamAV + ClamTK: Antivirus scanner.
rkhunter: Rootkit checker.
My additional configurations:
Disable IPv6 at boot: Privacy Nightmare.
Lock root user and allow only sudo.
Kernel Core Dump Disabled.
AppArmor Denied Desktop Notifications.
[EDIT]: Password protection of GRUB edit
If you had the patience to read all of the above, you will notice a few things:
- I have not used the AUR.
- I have not added any PPAs, COPRs, Snaps, or Flatpaks.
- I have not downloaded, installed software from other sources. They came OUT OF THE BOX.
For the reasons above (I wish I could write them all, because there are more), I can tell you that the amount of work that the Manjaro Team has made regarding security and privacy, is amazing. They can certainly go head to head with "Professionals" that setup systems, servers, that just create a bucket of security issues just by not configuring the system properly.
Most of us in this forum have seen videos on YouTube of Arch Installations. Everyone stops when they login to a Desktop Environment. But you need to understand that at that point the system is not considered secure, because it lacks basic security configuration. But again, the Manjaro Team has already done that.
So again, my huge congratulations.