Basically, the isolation provided by Qubes OS (when used properly) beats on Subgraph OS like they are a red headed step-child. Further, Qubes is only affected by around 10% of all Xen exploits found on the XSA list.
Right now, Subgraph OS can be pwned easily via Nautilus and malicious .desktop files, or if you run applications that don’t run in one of the many app (Oz) sandboxes. Malicious malware can easily bypass Subgraph’s application firewall too.
Subgraph’s only main advantage is grsecurity by default. But consider this:
- grsec templates are coming to Qubes (with Debian templates already available and working);
- Whonix is already integrated into Qubes;
- Disposable VMs are available in Qubes for dangerous links/docs/files;
- Disposable Whonix-Workstation VMs are available in Qubes (with multiple disposable VMs available in Qubes 4);
- Qubes is not in alpha status;
- Subgraph can’t isolate the network stack like Qubes OS or deal with bad USB exploits; and
- Subgraph templates are theoretically possible in Qubes.
There simply is no comparison for the discerning paranoid user - assume future compromise and isolate everything in a fine grained manner with Qubes.
Have a Win 10 Creators Update Data Slurpee
In the Creators Update, aka Windows 10 version 1703, all this information will be collected in Basic mode. A lot of it is to help Microsofties pinpoint the cause of crashes and potential new malware infections, although it includes things like logs of you giving applications administrator privileges via the UAC, battery life readings, firmware version details, details of your hardware down to the color and serial number of the machine, which cell network you’re using, and so on.
Then there’s the information collected in Full mode, which includes everything in Basic plus your user settings and preferences, your browser choice, lists of your peripherals, the apps you use to edit and view images and videos, how long you use the mouse and keyboard, all the applications you’ve ever installed, URLs to videos you’ve watched that triggered an error, URLs to music that triggered an error, time spent reading ebooks, text typed in a Microsoft web browser’s address and search bar, URLs visited, visited webpage titles, the words you’ve spoken to Cortana or had translated to text by the system, your ink strokes, and more.
Why are there only 25,000 people using Qubes world-wide, while billions of people are paying to use Windows XP/Vista/7/8/10 to be profiled up the wazoo? It boggles the mind.
Insofar as the “But I need Windows for X, Y and Z” argument - that’s fine, run it in a Windows VM in Qubes. Better yet, set the NetVM to “none” post-update so that it can’t phone home everything you are doing.