Subgraph (operating system): Difference between revisions
Soften Snowden "Endorement" |
Marshmallych (talk | contribs) refs |
||
Line 28: | Line 28: | ||
}} |
}} |
||
'''Subgraph OS''' is a [[Linux distribution]] designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. It is based upon [[Debian]] Linux. The operating system has been mentioned by [[Edward Snowden]] as showing future potential.<ref>{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden’s OS of choice – but it’s not quite ready for humans yet|url=http://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}</ref> |
'''Subgraph OS''' is a [[Linux distribution]] designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.<ref>[https://www.linux.com/learn/intro-to-linux/2018/1/subgraph-security-focused-distro-malwares-worst-nightmare Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare | Linux.com | The source of Linux information]</ref><ref>[https://distrowatch.com/weekly.php?issue=20170130#subgraph DistroWatch Weekly, Issue 697, 30 January 2017]</ref> It is based upon [[Debian]] Linux. The operating system has been mentioned by [[Edward Snowden]] as showing future potential.<ref>{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden’s OS of choice – but it’s not quite ready for humans yet|url=http://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}</ref> |
||
Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]]. |
Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]]. |
||
Line 49: | Line 49: | ||
==References== |
==References== |
||
{{Reflist}} |
{{Reflist|30em}} |
||
==External links== |
==External links== |
Revision as of 08:22, 18 June 2018
OS family | Unix-like |
---|---|
Working state | Current |
Source model | Open source |
Latest release | 2017.09.22[1] / 22 September 2017 |
Marketing target | Personal computers |
Kernel type | Monolithic (Linux) |
Userland | GNU |
Default user interface | GNOME 3 |
License | GPLv3+ |
Official website | subgraph |
Subgraph OS is a Linux distribution designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.[2][3] It is based upon Debian Linux. The operating system has been mentioned by Edward Snowden as showing future potential.[4]
Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through deterministic compilation.
Features
Some of Subgraph OS's notable features include:
- Linux kernel hardened with the grsecurity and PaX patchset.[citation needed]
- Linux namespaces and xpra for application containment.
- Mandatory file system encryption during installation, using LUKS.
- Resistance to cold boot attacks.
- Configurable firewall rules to automatically ensure that network connections for installed applications are made using the Tor anonymity network. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
- GNOME Shell integration for the OZ application-level sandbox, targeting ease-of-use by everyday users.[5]
Security
The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses virtualization), another security focused Linux distro. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph cannot isolate the network stack like Qubes OS or prevent bad USB exploits.[6]
See also
References
- ^ "Subgraph OS September 2017 ISO Availability". subgraph.com. Retrieved 22 September 2017.
- ^ Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare | Linux.com | The source of Linux information
- ^ DistroWatch Weekly, Issue 697, 30 January 2017
- ^ Styles, Kirsty. "Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet". The Next Web. Retrieved 7 July 2016.
- ^ "GitHub - OZ: a sandboxing system targeting everyday workstation applications". Subgraph. Retrieved 6 October 2016.
- ^ "Breaking the Security Model of Subgraph OS | Micah Lee's Blog". micahflee.com. Retrieved 2017-04-25.