By default, Linux is a much secured operating system. In fact, the history of Linux has seen only a few viruses, bugs and glitches with the addition of the latest Meltdown and Spectre issues. Other than that, there has been no other flaws. That doesn’t mean that Linux is secured 100%. The truth is, no system is secured 100%. You can only reach near that. Several big flaws like Heartbleed and presently, the Meltdown and Spectre reminds us about that.
Linux is gaining more and more popularity because of its features like blazing performance, stability, security, and free-to-use etc. That also makes Linux a good target for hackers. At present, most of the viruses target Windows as it’s the most popular OS. When Linux reaches that point, there’ll be lots of malware all around – evolved and deadly.
If you’re a person who’s concerned about security, your perfect choice will be Subgraph OS. It’s designed to resist any type of network-borne malware attacks and exploits. The development is in the early stage, yet it provides the best possible service.
Subgraph OS is based on Debian. Debian is the most popular base for Linux distros like Ubuntu, Linux Mint etc. That means all the popular software and other apps are easily enjoyable while the security of the system is rock solid.
Features of Subgraph OS
There are tons of Debian-based distros all over the internet. Why choose Subgraph? The reasons are the advanced features. Let’s take a look what Subgraph OS provides.
The kernel
The kernel of Subgraph is tweaked to become stronger and harder. It integrates the well-respected grsecurity/PaX patchset to mitigate system-wide exploit and privilege escalation. While developing the kernel more resilient to attacks, the grsecurity and PaX security features support strong protection to all running processes without rebuilding or relinking the programs.
The advanced kernel also contains the recently released RAP security improvement. It’s designed to prevent any code-reuse attacks, such as ROP exploit. It’s a great defense against the present exploitation methods. This also hardens the shield against modern exploits from escalating privileges once an app on the endpoint is breached.
Subgraph OS kernel (v4.9) contains fewer features. This greatly narrows the kernel attack surface for malware and exploits.
Sandboxed applications
Vulnerable or exposed apps run in sandbox environments. Subgraph OS uses the Oz sandbox framework as a unique feature. Its design ensures to isolate apps from each other and even from rest of the system. Oz also ensures that system access is only available to important ones.
For example, you’re using a PDF reader. When reading PDF, the reader app doesn’t have any necessity to access the internet. So, Subgraph allocates a sandbox for the app without any internet access. Several other apps like web browsers, office apps, image viewers, media players etc. all run in sandbox mode in Subgraph.
Memory safety
Memory management is a really important key for security purpose. Custom written codes for Subgraph OS use Golang, a memory safe language.
Firewall
Subgraph includes an advanced firewall installed. Whenever any app tries to access internet in an unexpected behavior, the firewall notifies the user to take further action.
Other features
- Roflcopter tor control port filter service
- Built-in Tor integration
- AppArmor profiling covers many system utils and apps
Caution
Subgraph OS is currently in development (alpha) stage, so there may be many potential bugs, system instability etc. According to the official website, the devs didn’t check the OS entirely.
That’s why I recommend using Subgraph OS as a secondary OS. In other specs, there’s not much of a difference. While using, you’ll generate valuable info on system and others to help the developers to boost the development process. Get Subgraph OS now!
Interested in finding out other awesome Linux distros? Check out our top 10 Linux distros.
still in alpha tho…
No updates for this in a year. Seems dead. I had such high hopes for it too 🙁
No updates in 2 years and you can’t download the alpha anymore. Definitely dead.