Wikipedia

Subgraph (operating system): Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
it's the current state, this is weasel wording implying it's in the past
Security: copyedit for simplicity
 
(44 intermediate revisions by 30 users not shown)
Line 1:
{{Infobox OS
| name = Subgraph OS
| logo = Subgraph OS Logo.png
| logo size = 186px
| logo caption =
| screenshot =
| caption =
| developer =
| caption =
| family = [[Linux]] = ([[Unix-like]])
| developer =
| released =
| family = [[Unix-like]]
| discontinued = yes
| released =
| latest_release_date latest preview date = {{Start date and age|20162017|1209|3022|df=yes}}
| marketing target = [[Personal computer]]s
| repo = {{URL|https://github.com/orgs/subgraph/repositories}}
| userland = [[GNU]]
| marketing target = [[Personal computer]]s
| ui = [[GNOME|GNOME 3]]
| license userland = [[GPLv3|GPLv3+GNU]]
| influenced by = [[Tails (operating system)|Tails]], [[Qubes OS]]
| website = {{URL|https://subgraph.com}}
| source_model ui = [[OpenGNOME|GNOME source3]]
| license = [[GPLv3|GPLv3+]]
| working_state = Current
| website = {{URL|https://subgraph.com}}
| latest_release_version = 2016.12.30<ref>{{cite web|title=Subgraph OS December 2016 ISO Availability|url=https://subgraph.com/blog/subgraph-dec2016-iso-availability/|website=subgraph.com|accessdate=30 January 2017|language=en}}</ref>
| source_model = [[Open-source software|Open source]]
| latest_release_date = {{Start date and age|2016|12|30|df=yes}}
| working_state = Discontinued<ref>{{cite web | title=DistroWatch.com: Subgraph OS | website=DistroWatch.com | date=2023-01-30 | url=https://distrowatch.com/table.php?distribution=Subgraph | access-date=2023-10-13}}</ref>
| latest_test_version =
| latest_release_versionlatest preview version = 20162017.1209.3022<ref>{{cite web|title=Subgraph OS DecemberSeptember 20162017 ISO Availability|url=https://subgraph.com/blog/subgraph-dec2016sep2017-iso-availability/|website=subgraph.com|accessdate=3022 JanuarySeptember 2017|language=en}}</ref>
| latest_test_date =
| latest_test_version =
| kernel_type = [[Monolithic kernel|Monolithic]] ([[Linux kernel|Linux]])
| latest_test_date =
| updatemodel =
| kernel_type = [[Monolithic kernel|Monolithic]] ([[Linux kernel|Linux]])
| preceded_by =
| updatemodel =
| succeeded_by =
| preceded_by =
| package_manager =
| succeeded_by =
| supported_platforms =
| package_manager =
| supported_platforms =
}}
 
'''Subgraph OS''' iswas a [[Linux distributionDebian]]-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.<ref>{{cite Itweb is| basedtitle=Subgraph: uponThis [[Debian]]Security-Focused Distro Is Malware’s Worst Nightmare | website=Linux.com The| operatingdate=2018-01-26 system| url=https://www.linux.com/topic/desktop/subgraph-security-focused-distro-malwares-worst-nightmare/ | access-date=2023-10-13}}</ref><ref>{{cite web | title=DistroWatch.com: Put the fun back into computing. Use Linux, BSD. | website=DistroWatch.com | date=2017-01-30 | url=https://distrowatch.com/weekly.php?issue=20170130#subgraph | access-date=2023-10-13}}</ref><ref>{{Cite web|url=https://www.techradar.com/news/best-linux-distro-privacy-security|title=Best Linux distro for privacy and security of 2023|first=Mayank SharmaContributions from Brian Turner last|last=updated|date=May 9, 2022|website=TechRadar}}</ref><ref>{{Cite web|url=https://www.wired.co.uk/article/subgraph-security-conscious-os|title=Subgraph announces security conscious OS|via=www.wired.co.uk}}</ref><ref>{{Cite web|url=https://itsfoss.com/privacy-focused-linux-distributions/|title=Secure Your Online Privacy With These Linux Distributions|date=February 22, 2017|website=It's FOSS}}</ref><ref>{{Cite web|url=https://lwn.net/Articles/679366/|title=Subgraph OS, a new security-centric desktop distribution [LWN.net]|website=lwn.net}}</ref> It has been endorsedmentioned by [[Edward Snowden]] as showing future potential.<ref>{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden’sSnowden's OS of choice – but it’sit's not quite ready for humans yet|date=16 March 2016|url=httphttps://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}</ref>
 
Subgraph OS iswas designed withto featuresbe whichlocked aimdown, towith reducea thereduced attack surface of the operating system, andto increase the difficulty required to carry out certain classes of attack against it. This iswas accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placesplaced emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]].
 
The last update of the project's blog was in September 2017,<ref>{{Cite web |title=Subgraph - Blog |url=https://subgraph.com/blog/index.en.html |access-date=2023-08-03 |website=subgraph.com}}</ref> and all of its [[GitHub]] repositories haven't seen activity since 2020.<ref>{{Cite web |title=Subgraph |url=https://github.com/subgraph |access-date=2023-08-03 |website=GitHub |language=en}}</ref>
 
==Features==
Some of Subgraph OS's notable features includeincluded:
* [[Linux kernel]] hardened with the [[grsecurity]] and [[PaX]] patchset.<ref>{{citationCite web needed|reasontitle=DoesHardening it|url=https://subgraph.com/sgos/hardening/index.en.html still have grsecurity and PaX now that they aren't publicly available or something else like a fork?|access-date=June2023-08-03 2017|website=subgraph.com}}</ref>
* [[Linux namespaces]] and [[xpra]] for application containment.
* Mandatory file system encryption during installation, using [[LUKS]].
* Resistance to [[cold boot attack|cold boot attacks]].
* Configurable firewall rules to automatically ensure that network connections for installed applications are made using the [[Tor (anonymity network)|Tor anonymity network]]. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
* [[GNOME Shell]] integration for the OZ applicationvirtualization client,<ref>{{cite web | title=subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications | website=GitHub | url=https://github.com/subgraph/oz | access-leveldate=2023-10-13}}</ref> which runs apps inside a secure Linux sandboxcontainer, targeting ease-of-use by everyday users.<ref>{{cite web|title=GitHub - OZ: a sandboxing system targeting everyday workstation applications|url=https://github.com/subgraph/oz|publisher=Subgraph|accessdate=6 October 2016}}</ref>
 
== Security ==
The security of Subgraph OS (which uses's [[Sandbox (computer security)|sandbox containers]]) hashave been questionedcritiqued inas comparisoninferior to [[Qubes OS|Qubes]] (which uses's [[Virtual machine|virtualization]]), another security focused Linux distro. An attacker can trick a Subgraph user to run a malicious unsanboxedunsandboxed script via the OS's default [[GNOME Files|Nautilus]] file manager or in the terminal. It is also possible to run malicious code containing [[Shortcut (computing)#Unix|.desktop]] files (which are used to launch applications). Malware can also bypass Subgraph OS's [[application firewall]]. Also, by design, Subgraph also candoes not isolate the [[Protocol stack|network stack]] like Qubes OS or prevent [[Firmware#Security risks|bad USB]] exploits.<ref>{{Cite web|url=https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/|title=Breaking the Security Model of Subgraph OS {{!}} Micah Lee's Blog|website=micahflee.com|language=en-US|access-date=2017-04-25}}</ref>
 
==References==
<references />
 
==See also==
* [[Tails (operating system)]]
* [[Qubes OS]]
 
[[Category:Linux distributions]]
==References==
{{Reflist|30em}}
 
==External links==
* {{Official website|https://www.subgraph.com}}
* {{DistroWatch|Subgraph}}
 
[[Category:Debian-based distributions]]
[[Category:Operating system security]]
[[Category:Linux distributions]]
Retrieved from "https://en.wikipedia.org/wiki/Subgraph_(operating_system)"