| Subgraph OS | |
|---|---|
![]() | |
| OS family | Linux (Unix-like) |
| Working state | Discontinued[1] |
| Source model | Open source |
| Final preview | 2017.09.22[2] / 22 September 2017; 8 years ago (2017-09-22) |
| Repository | github |
| Kernel type | Monolithic (Linux) |
| Userland | GNU |
| Influenced by | Tails,Qubes OS |
| Default user interface | GNOME 3 |
| License | GPLv3+ |
| Official website | subgraph |
Subgraph OS was aDebian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.[3][4][5][6][7][8] It has been mentioned byEdward Snowden as showing future potential.[9]
Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages throughdeterministic compilation.
The last update of the project's blog was in September 2017,[10] and all of itsGitHub repositories haven't seen activity since 2020.[11]
Some of Subgraph OS's notable features included:
Subgraph OS'ssandbox containers have been critiqued as inferior toQubes OS'svirtualization. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the defaultNautilus file manager or in the terminal. It is also possible to run malicious code containing.desktop files (which are used to launch applications). Malware can also bypass Subgraph OS'sapplication firewall. Also, by design, Subgraph does not isolate thenetwork stack like Qubes OS.[15]
{{cite web}}:|last= has generic name (help)