Subgraph (operating system)
{{Infobox OS
| name = Subgraph OS
| logo = Subgraph OS Logo.png
| logo size = 186px
| logo caption =
| screenshot =
| caption =
| developer =
| released =
| discontinued = yes
| latest preview date = {{Start date and age|2017|09|22|df=yes}}
| repo = {{URL|https://github.com/orgs/subgraph/repositories}}
| marketing target =
| userland = GNU
| influenced by = Tails, Qubes OS
| ui = GNOME 3
| license = GPLv3+
| website = {{URL|https://subgraph.com}}
| source_model = Open source
| working_state = Discontinued{{cite web | title=DistroWatch.com: Subgraph OS | website=DistroWatch.com | date=2023-01-30 | url=https://distrowatch.com/table.php?distribution=Subgraph | access-date=2023-10-13}}
| latest preview version = 2017.09.22{{cite web|title=Subgraph OS September 2017 ISO Availability|url=https://subgraph.com/blog/subgraph-sep2017-iso-availability/|website=subgraph.com|accessdate=22 September 2017|language=en}}
| latest_test_version =
| latest_test_date =
| kernel_type = Monolithic (Linux)
| updatemodel =
| preceded_by =
| succeeded_by =
| package_manager =
| supported_platforms =
}}
Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.{{cite web | title=Subgraph: This Security-Focused Distro Is Malware’s Worst Nightmare | website=Linux.com | date=2018-01-26 | url=https://www.linux.com/topic/desktop/subgraph-security-focused-distro-malwares-worst-nightmare/ | access-date=2023-10-13}}{{cite web | title=DistroWatch.com: Put the fun back into computing. Use Linux, BSD. | website=DistroWatch.com | date=2017-01-30 | url=https://distrowatch.com/weekly.php?issue=20170130#subgraph | access-date=2023-10-13}}{{Cite web|url=https://www.techradar.com/news/best-linux-distro-privacy-security|title=Best Linux distro for privacy and security of 2023|first=Mayank SharmaContributions from Brian Turner last|last=updated|date=May 9, 2022|website=TechRadar}}{{Cite web|url=https://www.wired.co.uk/article/subgraph-security-conscious-os|title=Subgraph announces security conscious OS|via=www.wired.co.uk}}{{Cite web|url=https://itsfoss.com/privacy-focused-linux-distributions/|title=Secure Your Online Privacy With These Linux Distributions|date=February 22, 2017|website=It's FOSS}}{{Cite web|url=https://lwn.net/Articles/679366/|title=Subgraph OS, a new security-centric desktop distribution [LWN.net]|website=lwn.net}} It has been mentioned by Edward Snowden as showing future potential.{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet|date=16 March 2016|url=https://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}
Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.
The last update of the project's blog was in September 2017,{{Cite web |title=Subgraph - Blog |url=https://subgraph.com/blog/index.en.html |access-date=2023-08-03 |website=subgraph.com}} and all of its GitHub repositories haven't seen activity since 2020.{{Cite web |title=Subgraph |url=https://github.com/subgraph |access-date=2023-08-03 |website=GitHub |language=en}}
Features
Some of Subgraph OS's notable features included:
- Linux kernel hardened with the grsecurity and PaX patchset.{{Cite web |title=Hardening |url=https://subgraph.com/sgos/hardening/index.en.html |access-date=2023-08-03 |website=subgraph.com}}
- Linux namespaces and xpra for application containment.
- Mandatory file system encryption during installation using LUKS.
- Configurable firewall rules to automatically ensure that network connections for installed applications are made using the Tor anonymity network. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
- GNOME Shell integration for the OZ virtualization client,{{cite web | title=subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications | website=GitHub | url=https://github.com/subgraph/oz | access-date=2023-10-13}} which runs apps inside a secure Linux container, targeting ease-of-use by everyday users.{{cite web|title=GitHub - OZ: a sandboxing system targeting everyday workstation applications|url=https://github.com/subgraph/oz|publisher=Subgraph|accessdate=6 October 2016}}
Security
Subgraph OS's sandbox containers have been critiqued as inferior to Qubes OS's virtualization. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph does not isolate the network stack like Qubes OS.{{Cite web|url=https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/|title=Breaking the Security Model of Subgraph OS {{!}} Micah Lee's Blog|website=micahflee.com|language=en-US|access-date=2017-04-25}}
See also
References
{{Reflist|30em}}
External links
- {{Official website|https://www.subgraph.com}}
- {{DistroWatch|Subgraph}}
Category:Debian-based distributions