Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA's global surveillance that brought the world's attention towards data protection and encryption as never before.
Moreover, just days after Windows 10's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy, making a large number of geeks, as well as regular users, migrate to Linux.
However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance.
However, this gaping hole can be filled with a Debian-based Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear.
Subgraph OS is a feather weighted Linux flavor that aims to combat hacking attacks easier, even on fairly low-powered computers and laptops.
Subgraph OS comes with all the privacy and security options auto-configured, eliminating the user's manual configuration.
Security-focused operating systems do exist, but they are often very resource intensive and can be run only on specific hardware. They are also a real technical challenge for users who don't know the advanced techniques required to get a secure operating system running.
Why Should You Install Subgraph Linux OS?
Subgraph OS offers more than just kernel security. The Linux-based operating system comes with a slew of security and privacy features that its developers believe will be more accessible to non-technical users.
The OS also includes several applications and components that reduce the user's attack surface. Let's have a close look on important features Subgraph OS provides.
1. Automated Enhanced Protection with Application Sandboxing using Containers
A security feature called Oz is possibly the most interesting feature of Subgraph OS. Oz is a system for isolating programs so that if an attacker exploits an application security vulnerability, the rest of your machine and your network will remain largely unaffected.
'Oz' makes this possible by delimiting the permission applications have to other parts of the computer, so that when an attacker compromises the security hole in any application it does not allow any malicious activities to take place.
2. Mandatory Full Disk Encryption (FDE)
Subgraph OS offers Full Disk Encryption by default; thus making it a mandatory step for its users to cling on to the security.
Full disk encryption enables a shadow of encryption to protect your hard disks, preventing your data even if your hard drive got misplaced or fell into the wrong hands.
Additionally, Subgraph OS also wipe off the memory when the system is shutdown in an effort to defend the Cold Boot Attacks.
Cold Boot Attacks are a type of side channel attacks that take the advantage of data that resides in the DRAM and SRAM cells for few seconds soon after Power OFF.
3. Online Anonymity — Everything through Tor
Subgraph OS routes all your traffic through the TOR anonymity network by default, making it difficult for attackers to figure out the actual physical location of their targets. This would ensure the endpoint security.
4. Advanced Proxy Setting
Application's transmission to the outside world is carried out via Metaproxy application, which would facilitate to identify the legitimate connections.
Since every application does not come preconfigured to communicate through TOR, Metaproxy relays outgoing connections via TOR without having to configure proxy settings for each application.
5. System and Kernel Security
Subgraph OS is also hardened by Grsecurity – a set of patches that are designed to make Linux kernel's security vulnerabilities like memory corruption flaws far more difficult to exploit.
Support of 'PaX' would be an extra topping of security that aid with least privilege protection for memory pages. This would make security vulnerabilities such as buffer overflow and memory corruption flaws in applications and the operating system kernel difficult to exploit.
6. Secure Mail Services
As everything is concerned, Subgraph OS includes Subgraph Mail that integrates OpenPGP to let users send and receive encrypted/signed messages using PGP/MIME.
Subgraph Mail service is designed in such a way that makes PGP key management and sending/receiving of encrypted email easy for everybody.
Subgraph Mail is also secure – Unlike Data security, authentication and integrity verification are implemented in such a way that even if some parts of the application are compromised, a hacker still would not have access to the rest of your emails or encryption keys.
Additionally, there is no need to execute commands in a terminal window or install plug-ins. Web browser support is deliberately left out of the mail client to eliminate Web exploits from within mail.
7. Package Integrity
Subgraph OS also provides an alternative way to trust the downloaded packages. The packages are to be matched against the binaries present in the operating system's distributed package list, thus becoming a finalizer.
Recently Backdoored Linux Mint hacking incident is an example to this.
Thus, Subgraph OS eliminates the usage of any tampered or malicious downloaded packages.
Comparison Between Subgraph OS and Qubes OS
Subgraph OS has some similarities to Qubes OS – Another Linux-based security-oriented operating system for PCs.
Unlike Subgraph OS that isolates individual applications on a more granular level, Qubes OS typically runs different isolated domains inside different virtual machines – one for your work, one for your personal use and more.
Subgraph OS doesn't isolate networking and USB stacks or other devices and drivers, but Qubes OS does.
Also, Subgraph OS uses Xpra for GUI virtualization, which is less secure than Qubes GUI protocol, but has some usability advantages like seamless working clipboard.
Subgraph makes use of Netfilter hooks to redirect app-generated traffic into TOR network and to allow the user to see and control app-generated traffic, but Qubes OS uses separate service Virtual Machines (Proxy VMs like TorVM) to intercept traffic.
As the list goes on... Subgraph would be a treasure for the privacy lovers.
How to Download Subgraph Os?
Subgraph Os will be available for download via its offical website. Let's wait for the operating system to get unveiled in Logan CIJ Symposium conference in Berlin on March 11-12 to experience the Cyber Isolation!!!