Tails was compromised, and everyone is wondering what is going to happen next. But a team of researchers in Canada hopes they have the answer: Subgraph, an operating system resistant to zero-day exploits.
In Subgraph OS, any application a computer interacts with running the operating system is isolated in containers to prevent exploits from having a meaningful impact at the OS level. It uses the Grsecurity kernel, a patch applied to the Linux kernel that enhances security by limiting what processes can do. For example, with most operating systems, receiving an infected PDF making use of a zero-day vulnerability means before you realize it, there’s malicious code running on your computer. ... he new OS is also, obviously, designed for complete anonymity. All the connections in the OS are intercepted by a metaproxy that then routes them through Tor. The metaproxy has some nifty tricks, too: it opens different Tor circuits for different apps, to avoid an attacker correlating traffic to the same origin.Subgraph is based on Debian, PGP, and other open source technologies and products.