Subgraph (operating system)

Last updated
Subgraph OS
Subgraph OS Logo.png
OS family Linux (Unix-like)
Working stateDiscontinued [1]
Source model Open source
Final preview 2017.09.22 [2] / 22 September 2017;6 years ago (2017-09-22)
Repository github.com/orgs/subgraph/repositories
Kernel type Monolithic (Linux)
Userland GNU
Influenced by Tails, Qubes OS
Default
user interface 		GNOME 3
License GPLv3+
Official website subgraph.com

Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. [3] [4] [5] [6] [7] [8] It has been mentioned by Edward Snowden as showing future potential. [9]

Contents

Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.

The last update of the project's blog was in September 2017, [10] and all of its github repositories haven't seen any recent activity as of 2021. [11]

Features

Some of Subgraph OS's notable features included:

Security

The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses virtualization), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph does not isolate the network stack like Qubes OS. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Linux distribution</span> Operating system based on the Linux kernel

A Linux distribution is an operating system made from a software collection that includes the Linux kernel, and often a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.

<span class="mw-page-title-main">Security-focused operating system</span> Operating systems focused on security

This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">Fedora Linux</span> Linux distribution by Fedora Project

Fedora Linux is a Linux distribution developed by the Fedora Project. It was originally developed in 2003 as a continuation of the Red Hat Linux project. It contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. It is now the upstream source for CentOS Stream and Red Hat Enterprise Linux.

NixOS is a Linux distribution built on top of the Nix package manager. Its declarative configuration allows reliable system upgrades via several official channels. NixOS has tools dedicated to DevOps and deployment tasks.

<span class="mw-page-title-main">Mobile security</span> Security risk and prevention for mobile devices

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Solus (operating system)</span> Linux operating system

Solus is an independently developed operating system for the x86-64 architecture based on the Linux kernel and a choice of Budgie, GNOME, MATE or KDE Plasma as the desktop environment. Its package manager, eopkg, is based on the PiSi package management system from Pardus Linux, and it has a semi-rolling release model, with new package updates landing in the stable repository every Friday. The developers of Solus have stated that Solus was intended exclusively for use on personal computers and will not include software that is only useful in enterprise or server environments.

<span class="mw-page-title-main">Qubes OS</span> Security-focused Linux-based operating system

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

elementary OS Desktop operating system based on Ubuntu

elementary OS is a Linux distribution based on Ubuntu LTS. It promotes itself as a "thoughtful, capable, and ethical" replacement to macOS and Windows and has a pay-what-you-want model. The operating system, the desktop environment, and accompanying applications are developed and maintained by Elementary, Inc.

<span class="mw-page-title-main">Whonix</span> Anonymous Operating System

Whonix is a Kicksecure–based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.

<span class="mw-page-title-main">Void Linux</span> Independent distribution developed entirely by volunteers

Void Linux is an independent Linux distribution that uses the X Binary Package System (XBPS) package manager, which was designed and implemented from scratch, and the runit init system. Excluding binary kernel blobs, a base install is composed entirely of free software.

<span class="mw-page-title-main">Snap (software)</span> Software deployment system for Linux by Canonical

Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.

<span class="mw-page-title-main">Flatpak</span> Linux software deployment utility

Flatpak, formerly known as xdg-app, is a utility for software deployment and package management for Linux. It is advertised as offering a sandbox environment in which users can run application software in isolation from the rest of the system.

<span class="mw-page-title-main">Cub Linux</span> Computer operating system

Cub Linux was a computer operating system designed to mimic the desktop appearance and functionality of ChromeOS. It was based on Ubuntu Linux LTS 14.04 "Trusty Tahr". It used Openbox as the window manager and tools taken from LXDE, Gnome, XFCE as well as a number of other utilities. It was a cloud-centric operating system that was heavily focused on the Chromium Browser. Cub Linux's tagline was "Cub = Chromium + Ubuntu".

<span class="mw-page-title-main">IPFire</span> Linux distribution

IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall; a standalone firewall system with a web-based management console for configuration.

<span class="mw-page-title-main">KaOS</span> KDE-focused Linux distribution

KaOS is a desktop Linux distribution that features the latest version of the KDE desktop environment, the LibreOffice office suite, and other popular software applications that use the Qt toolkit.

<span class="mw-page-title-main">CBL-Mariner</span> Microsoft open source operating system

CBL-Mariner is a free and open-source Linux distribution that Microsoft has developed. It is the base container OS for Microsoft Azure services and the graphical component of WSL 2.

<span class="mw-page-title-main">CachyOS</span> Arch-based Linux Distribution

CachyOS is a Linux distribution based on the Arch Linux operating system, with the end goal of simpler installing and customizing, and improved performance while remaining compatible.

References

  1. "DistroWatch.com: Subgraph OS". DistroWatch.com. 2023-01-30. Retrieved 2023-10-13.
  2. "Subgraph OS September 2017 ISO Availability". subgraph.com. Retrieved 22 September 2017.
  3. "Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare". Linux.com. 2018-01-26. Retrieved 2023-10-13.
  4. "DistroWatch.com: Put the fun back into computing. Use Linux, BSD". DistroWatch.com. 2017-01-30. Retrieved 2023-10-13.
  5. updated, Mayank SharmaContributions from Brian Turner last (May 9, 2022). "Best Linux distro for privacy and security of 2023". TechRadar.
  6. "Subgraph announces security conscious OS" via www.wired.co.uk.
  7. "Secure Your Online Privacy With These Linux Distributions". It's FOSS. February 22, 2017.
  8. "Subgraph OS, a new security-centric desktop distribution [LWN.net]". lwn.net.
  9. Styles, Kirsty (16 March 2016). "Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet". The Next Web. Retrieved 7 July 2016.
  10. "Subgraph - Blog". subgraph.com. Retrieved 2023-08-03.
  11. "Subgraph". GitHub. Retrieved 2023-08-03.
  12. "Hardening". subgraph.com. Retrieved 2023-08-03.
  13. "subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications". GitHub. Retrieved 2023-10-13.
  14. "GitHub - OZ: a sandboxing system targeting everyday workstation applications". Subgraph. Retrieved 6 October 2016.
  15. "Breaking the Security Model of Subgraph OS | Micah Lee's Blog". micahflee.com. Retrieved 2017-04-25.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.