The security of a very early [[Software release life cycle#Alpha|alpha version]] of Subgraph OS (which uses [[Sandbox (computer security)|sandbox containers]]) has been questioned in comparison to [[Qubes OS|Qubes]] (which uses [[Virtual machine|virtualization]]), another security focused Linux distro. An attacker can trick a Subgraph user to run a malicious unsanboxed script via the OS's default [[GNOME Files|Nautilus]] file manager or in the terminal. It is also possible to run malicious code containing [[Shortcut (computing)#Unix|.desktop]] files (which are used to launch applications). Malware can also bypass Subgraph OS's [[application firewall]]. Also by design, Subgraph also can not isolate the [[Protocol stack|network stack]] like Qubes OS or prevent [[Firmware#Security risks|bad USB]] exploits.<ref>{{Cite web|url=https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/|title=Breaking the Security Model of Subgraph OS {{!}} Micah Lee's Blog|website=micahflee.com|language=en-US|access-date=2017-04-25}}</ref>
