Subgraph (operating system)

Last updated
Subgraph OS
Subgraph OS Logo.png
OS family Linux (Unix-like)
Working stateDiscontinued [1]
Source model Open source
Final preview 2017.09.22 [2] / 22 September 2017;6 years ago (2017-09-22)
Repository github.com/orgs/subgraph/repositories
Kernel type Monolithic (Linux)
Userland GNU
Influenced by Tails, Qubes OS
Default
user interface 		GNOME 3
License GPLv3+
Official website subgraph.com

Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. [3] [4] [5] [6] [7] [8] It has been mentioned by Edward Snowden as showing future potential. [9]

Contents

Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.

The last update of the project's blog was in September 2017, [10] and all of its GitHub repositories haven't seen activity as of 2021. [11]

Features

Some of Subgraph OS's notable features included:

Security

The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses virtualization), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph does not isolate the network stack like Qubes OS. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Linux distribution</span> Operating system based on the Linux kernel

A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.

<span class="mw-page-title-main">Arch Linux</span> Rolling release distribution of Linux

Arch Linux is an independently developed x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is intentionally minimal so that users can add only the packages they require.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">Fedora Linux</span> Linux distribution by Fedora Project

Fedora Linux is a Linux distribution developed by the Fedora Project. It was originally developed in 2003 as a continuation of the Red Hat Linux project. It contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. It is now the upstream source for CentOS Stream and Red Hat Enterprise Linux.

<span class="mw-page-title-main">Sandboxie</span> Open-source sandboxing computer program

Sandboxie is an open-source OS-level virtualization solution for Microsoft Windows. It is a sandboxing solution that creates an isolated operating environment in which applications can run without permanently modifying the local system. This virtual environment allows for controlled testing of untrusted programs and web surfing.

Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.

NixOS is a free and open source Linux distribution based on the Nix package manager. NixOS uses an immutable design and an atomic update model. Its use of a declarative configuration system allows reproducibility and portability.

<span class="mw-page-title-main">Trinity Desktop Environment</span> Desktop environment for Unix-like operating systems

The Trinity Desktop Environment (TDE) is a complete software desktop environment designed for Linux and Unix-like operating systems, intended for computer users preferring a traditional desktop model, and is free/libre software. Born as a fork of KDE 3.5 in 2010, it was originally created by Timothy Pearson, who had coordinated Kubuntu remixes featuring KDE 3.5 after Kubuntu switched to KDE Plasma 4.

<span class="mw-page-title-main">Solus (operating system)</span> Linux operating system

Solus is an independently developed operating system for the x86-64 architecture based on the Linux kernel and a choice of Budgie, GNOME, MATE or KDE Plasma as the desktop environment. Its package manager, eopkg, is based on the PiSi package management system from Pardus Linux, and it has a semi-rolling release model, with new package updates landing in the stable repository every Friday. The developers of Solus have stated that Solus was intended exclusively for use on personal computers and will not include software that is only useful in enterprise or server environments.

<span class="mw-page-title-main">Qubes OS</span> Security-focused Linux-based operating system

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

elementary OS Desktop operating system based on Ubuntu

elementary OS is a Linux distribution based on Ubuntu LTS. It promotes itself as a "thoughtful, capable, and ethical" replacement to macOS and Windows and has a pay-what-you-want model. The operating system, the desktop environment, and accompanying applications are developed and maintained by elementary, Inc.

<span class="mw-page-title-main">Whonix</span> Anonymous operating system

Whonix is a Linux distribution, based on Kicksecure OS, claimed to be security hardened by its developers. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a workstation and a Tor gateway running Debian. All communications are forced through Tor.

<span class="mw-page-title-main">Void Linux</span> Independent distribution developed entirely by volunteers

Void Linux is an independent Linux distribution that uses the X Binary Package System (XBPS) package manager, which was designed and implemented from scratch, and the runit init system. Excluding binary kernel blobs, a base install is composed entirely of free software.

<span class="mw-page-title-main">Snap (software)</span> Software deployment system for Linux by Canonical

Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.

<span class="mw-page-title-main">Flatpak</span> Linux software deployment utility

Flatpak is a utility for software deployment and package management for Linux. It is advertised as offering a sandbox environment in which users can run application software in isolation from the rest of the system. Flatpak, in 2016, was known as xdg-app.

<span class="mw-page-title-main">Cub Linux</span> Computer operating system

Cub Linux was a computer operating system designed to mimic the desktop appearance and functionality of ChromeOS. It was based on Ubuntu Linux LTS 14.04 "Trusty Tahr". It used Openbox as the window manager and tools taken from LXDE, Gnome, XFCE as well as a number of other utilities. It was a cloud-centric operating system that was heavily focused on the Chromium Browser. Cub Linux's tagline was "Cub = Chromium + Ubuntu".

<span class="mw-page-title-main">IPFire</span> Linux distribution

IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall; a standalone firewall system with a web-based management console for configuration.

<span class="mw-page-title-main">KaOS</span> KDE-focused Linux distribution

KaOS is a desktop Linux distribution that features the latest version of the KDE desktop environment, the LibreOffice office suite, and other popular software applications that use the Qt toolkit.

<span class="mw-page-title-main">GrapheneOS</span> Android-based mobile operating system

GrapheneOS is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel devices, including smartphones, tablets and foldables that is recommended by Edward Snowden.

<span class="mw-page-title-main">Azure Linux</span> Microsoft open source operating system

Azure Linux, previously known as CBL-Mariner, is a free and open-source Linux distribution that Microsoft has developed. It is the base container OS for Microsoft Azure services and the graphical component of WSL 2.

References

  1. "DistroWatch.com: Subgraph OS". DistroWatch.com. 2023-01-30. Retrieved 2023-10-13.
  2. "Subgraph OS September 2017 ISO Availability". subgraph.com. Retrieved 22 September 2017.
  3. "Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare". Linux.com. 2018-01-26. Retrieved 2023-10-13.
  4. "DistroWatch.com: Put the fun back into computing. Use Linux, BSD". DistroWatch.com. 2017-01-30. Retrieved 2023-10-13.
  5. updated, Mayank SharmaContributions from Brian Turner last (May 9, 2022). "Best Linux distro for privacy and security of 2023". TechRadar.
  6. "Subgraph announces security conscious OS" via www.wired.co.uk.
  7. "Secure Your Online Privacy With These Linux Distributions". It's FOSS. February 22, 2017.
  8. "Subgraph OS, a new security-centric desktop distribution [LWN.net]". lwn.net.
  9. Styles, Kirsty (16 March 2016). "Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet". The Next Web. Retrieved 7 July 2016.
  10. "Subgraph - Blog". subgraph.com. Retrieved 2023-08-03.
  11. "Subgraph". GitHub. Retrieved 2023-08-03.
  12. "Hardening". subgraph.com. Retrieved 2023-08-03.
  13. "subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications". GitHub. Retrieved 2023-10-13.
  14. "GitHub - OZ: a sandboxing system targeting everyday workstation applications". Subgraph. Retrieved 6 October 2016.
  15. "Breaking the Security Model of Subgraph OS | Micah Lee's Blog". micahflee.com. Retrieved 2017-04-25.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.