Subgraph OS is a Debian-based Linux distribution and offers security services anonymous web browsing with hardening features.
Subgraph OS uses a hardened Linux kernel, and a firewall application that helps you specifically block executables from network access. Distribution causes all Internet traffic you use to pass through the Tor network.
The file manager of the distribution has tools to remove the metadata that leaves the files and is integrated with the OnionShare file sharing application. The e-mail client icedove works automatically with Enigmail to encrypt your emails.
Most of the Subgraph OS code was written in Golang, which is a memory-safe language. The Golang libraries are also written in pure Golang, unlike other popular languages like Python. While the Python runtime may be memory-safe, C languages commonly used by libraries expose tools written in Python to old memory corruption vulnerabilities.
One of the best security features of the distribution is that it uses Sandboxed applications in addition to the above.
So the vulnerable or exposed to the internet applications they work in sandbox environments. The sandbox framework, called Oz, is designed to isolate applications from the rest of the system. Access to system resources is granted only to applications that need them. For example, PDF viewer and image viewer do not have access to any network interface from the sandbox.
Sandboxed applications are:
Let's say that distribution offers several interesting features, but it's new. New distribution means we do not know what kind of support it offers, or whether it will continue to exist after 1 with 2 years.
Subgraph OS System Requirements
Anything that can comfortably run GNOME 3:
- 64-bit machine (Core2Duo or over)
- 2GB of RAM (4GB recommended - 4GB minimum for live mode)
- At least 20GB of hard drive space
Intel Integrated graphics cards or NVidia cards supported by the Nouveau drivers are recommended.
Subgraph OS Download
- subgraph-os-alpha_2016-12-30_1.iso (sha256sum) (signature) (releasenotes)
- Also available via our Tor hidden service: subgraph-os-alpha_2016-12-30_1.iso (sha256sum) (signature) (releasenotes)
- You can also download it via bittorrent
If you are interested in the project you can read more of the official website.