![]() | |
OS family | Linux (Unix-like) |
---|---|
Working state | Discontinued [1] |
Source model | Open source |
Final preview | 2017.09.22 [2] / 22 September 2017 |
Repository | github |
Kernel type | Monolithic (Linux) |
Userland | GNU |
Influenced by | Tails, Qubes OS |
Default user interface | GNOME 3 |
License | GPLv3+ |
Official website | subgraph |
Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. [3] [4] [5] [6] [7] [8] It has been mentioned by Edward Snowden as showing future potential. [9]
Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.
The last update of the project's blog was in September 2017, [10] and all of its GitHub repositories haven't seen activity as of 2021. [11]
Some of Subgraph OS's notable features included:
The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses virtualization), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph does not isolate the network stack like Qubes OS. [15]
A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.
Arch Linux is an independently developed x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is intentionally minimal so that users can add only the packages they require.
seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit
, sigreturn
, read
and write
to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
Fedora Linux is a Linux distribution developed by the Fedora Project. It was originally developed in 2003 as a continuation of the Red Hat Linux project. It contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. It is now the upstream source for CentOS Stream and Red Hat Enterprise Linux.
Sandboxie is an open-source OS-level virtualization solution for Microsoft Windows. It is a sandboxing solution that creates an isolated operating environment in which applications can run without permanently modifying the local system. This virtual environment allows for controlled testing of untrusted programs and web surfing.
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
NixOS is a free and open source Linux distribution based on the Nix package manager. NixOS uses an immutable design and an atomic update model. Its use of a declarative configuration system allows reproducibility and portability.
The Trinity Desktop Environment (TDE) is a complete software desktop environment designed for Linux and Unix-like operating systems, intended for computer users preferring a traditional desktop model, and is free/libre software. Born as a fork of KDE 3.5 in 2010, it was originally created by Timothy Pearson, who had coordinated Kubuntu remixes featuring KDE 3.5 after Kubuntu switched to KDE Plasma 4.
Solus is an independently developed operating system for the x86-64 architecture based on the Linux kernel and a choice of Budgie, GNOME, MATE or KDE Plasma as the desktop environment. Its package manager, eopkg, is based on the PiSi package management system from Pardus Linux, and it has a semi-rolling release model, with new package updates landing in the stable repository every Friday. The developers of Solus have stated that Solus was intended exclusively for use on personal computers and will not include software that is only useful in enterprise or server environments.
Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.
elementary OS is a Linux distribution based on Ubuntu LTS. It promotes itself as a "thoughtful, capable, and ethical" replacement to macOS and Windows and has a pay-what-you-want model. The operating system, the desktop environment, and accompanying applications are developed and maintained by elementary, Inc.
Whonix is a Linux distribution, based on Kicksecure OS, claimed to be security hardened by its developers. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a workstation and a Tor gateway running Debian. All communications are forced through Tor.
Void Linux is an independent Linux distribution that uses the X Binary Package System (XBPS) package manager, which was designed and implemented from scratch, and the runit init system. Excluding binary kernel blobs, a base install is composed entirely of free software.
Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.
Flatpak is a utility for software deployment and package management for Linux. It is advertised as offering a sandbox environment in which users can run application software in isolation from the rest of the system. Flatpak, in 2016, was known as xdg-app.
Cub Linux was a computer operating system designed to mimic the desktop appearance and functionality of ChromeOS. It was based on Ubuntu Linux LTS 14.04 "Trusty Tahr". It used Openbox as the window manager and tools taken from LXDE, Gnome, XFCE as well as a number of other utilities. It was a cloud-centric operating system that was heavily focused on the Chromium Browser. Cub Linux's tagline was "Cub = Chromium + Ubuntu".
IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall; a standalone firewall system with a web-based management console for configuration.
KaOS is a desktop Linux distribution that features the latest version of the KDE desktop environment, the LibreOffice office suite, and other popular software applications that use the Qt toolkit.
GrapheneOS is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel devices, including smartphones, tablets and foldables that is recommended by Edward Snowden.
Azure Linux, previously known as CBL-Mariner, is a free and open-source Linux distribution that Microsoft has developed. It is the base container OS for Microsoft Azure services and the graphical component of WSL 2.