Subgraph OS - Secure Linux Operating System for Non-Technical Users

Anonymous Coward

in security on 2016-10-13 00:02 (#1XX2X)

Friday, March 04, 2016 Swati Khandelwal

Article in Full w/ Screenshots:

https://thehackernews.com/2016/03/subgraph-secure-operating-system.html
https://archive.is/ZNTFH

"Subgraph OS[1] is a feather weighted Linux flavor that aims to combat hacking attacks easier, even on fairly low-powered computers and laptops.

Subgraph OS comes with all the privacy and security options auto-configured, eliminating the user's manual configuration."

"Subgraph OS offers more than just kernel security. The Linux-based operating system comes with a slew of security and privacy features that its developers believe will be more accessible to non-technical users.

The OS also includes several applications and components that reduce the user's attack surface. Let's have a close look on important features Subgraph OS provides."

1. Automated Enhanced Protection with Application Sandboxing using Containers
2. Mandatory Full Disk Encryption (FDE)
3. Online Anonymity - Everything through Tor
4. Advanced Proxy Setting
5. System and Kernel Security
6. Secure Mail Services
7. Package Integrity

"Subgraph OS also provides an alternative way to trust the downloaded packages. The packages are to be matched against the binaries present in the operating system's distributed package list, thus becoming a finalizer.

Recently Backdoored Linux Mint hacking incident is an example to this.

Thus, Subgraph OS eliminates the usage of any tampered or malicious downloaded packages."

"How to Download Subgraph Os?

Subgraph Os will be available for download via its offical website. Let's wait for the operating system to get unveiled in Logan CIJ Symposium conference in Berlin on March 11-12 to experience the Cyber Isolation!!!"

[1] https://subgraph.com/sgos/

5 comments

Secure vs. security (Score: 2, Informative)

by fishybell@pipedot.org on 2016-10-13 23:45 (#1Y0XG)

The feature list listed here seems aimed at providing the user security, rather than offering a secure OS.

I don't doubt that they have added things to help with being secure - like the listed sandboxing - but none of the rest of the list really strikes me as being geared towards a secure, locked down, OS. When you throw in things like "advanced proxy settings" and "everything through TOR" and "mandatory full disk encryption" this all seems to be targeted at the paranoid rather than those who genuinely require security (web servers, mail servers, etc.).

As far as the paranoid go, sure, use it; it probably can't beat Tails though.

Re: Secure vs. security (Score: 0)

by Anonymous Coward on 2016-10-15 11:50 (#1Y5X6)

Time for a Tails vs Subgraph breakdown?

Very secure (Score: 0)

by Anonymous Coward on 2016-10-15 12:06 (#1Y5YC)

Gets to about 800kb of downloading the 1.3GB ISO then halts. Extremely secure.
What? No torrent links? What year is this again

Re: Very secure (Score: 1)

by wootery@pipedot.org on 2016-10-15 14:09 (#1Y67B)

That's more a liveness issue than a security issue, but certainly not reassuring.

Subgraph Alpha Review (Score: 0)

by Anonymous Coward on 2016-10-21 06:19 (#1YTEX)

SubGraph

Initial impressions
Interface is clean. The LiveCD came up quickly. Live CD boot options included Live, Install and Graphical Install. This was a great improvement over Lime for which I never got past the initial green screen with the dots.

Installer
The graphical installer looked like a good option. It reminds me of Windows 95, in a good way.
Install screens were clean and quick. Nice colours. Choices were clearly marked.
Interesting that it asked for the password for a new user account without showing the account name. My new account name is "User".
Disk partitioning was fairly straight forward.
System install took awhile.
No root password.

In the Activities menu the names are cut off if using a low res. Possibly when running in lower res the text should be shrunk. The whole menu could do with some shrinking.
Local disk install is 4.5G or so.
Changing the display to a higher resolution was easy. The interface seems to be designed for 1280x1200 minimum. In 1024x768 the Activities - Applications is squashed.

After local install the apt update failed. The error message referred to a public key not being available.
System update throws open an editor session halfway through which could be confusing for newbies.

The default for alt-tab is annoying as it switches programs but not between instances of the same program. No doubt there is a config change to fix this.

I didn't tried to remove Systemd. Given that this is based on Debian it could be be removed. http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation. Given that this is based on stretch I didn't give it a try this time.

May need to increase the screensaver timeout as the 5 minimum default is annoying.

Never actually got TOR to work. This may be due to a network issue.
Strangely, when running Tor-Browser from the Live CD from Applications it downloads the browser first. In the Live CD. Expected to have a version already installed and waiting to use when booting in the Live CD mode.

As usual with Debian based systems an apt-get update was needed to get the ball rolling. Wondering when apt repositories will be available via BT instead of static downloads.

There was a slight problem with the Live CD mode where it locked the screen. The FAQ was helpful.

Overall it looks pretty, is stable, can install and run Debian packages, and for a quick run over looks to be a viable Debian based OS. Some issues with getting web apps running, but given that this is alpha it is expected that there will be issues.