Kicksecure - Secure by Default Operating System
A secure by default operating system with the latest security research in place.
Pre-release - Try it for FREE
Kicksecure is still in development and contributions are welcome.
Fully Featured with Advanced Security Components
![Protection from Targeted Malicious Updates](/w/images/thumb/1/16/Malware-updates-promo.jpg/450px-Malware-updates-promo.jpg)
Protection from Targeted Malicious Updates
Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor.
![Kernel Self Protection](/w/images/thumb/8/8d/Tux-halo-promo.jpg/300px-Tux-halo-promo.jpg)
Kernel Self Protection Settings
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
![Time Attack Defense](/w/images/thumb/6/6d/Stopwatch.jpg/300px-Stopwatch.jpg)
Time Attack Protection
Kicksecure defeats time attacks on its users through Boot Clock Randomization and secure network time synchronization using sdwdate.
![No Open Ports](/w/images/thumb/2/29/Closed-ports-promo.jpg/300px-Closed-ports-promo.jpg)
No Open Ports by Default
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike in some other Linux distributions.
![TCP ISN Leak Protection](/w/images/thumb/a/a9/Data-leak.jpg/300px-Data-leak.jpg)
CPU Information Leak Protection (TCP ISN)
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. tirdad prevents that.
![Available for many virtualizers](/w/images/thumb/8/8e/Virtualizer-compatible.jpg/300px-Virtualizer-compatible.jpg)
Available for many virtualizers
With support for multiple virtualization options, trying out Kicksecure is easy. VMs also help contain and prevent the spread of malware.
Freedom Values
![12 Years of Success](/w/images/thumb/f/ff/Success-symbol.png/300px-Success-symbol.png)
12 Years of Success
For over 12 years as the creators of Whonix we have successfully protected our users from everyday trackers and even from high level attacks. And we're just getting started!
![Open Source](/w/images/thumb/0/09/Osi_standard_logo_0.png/300px-Osi_standard_logo_0.png)
Open Source
We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
![Freedom Software](/w/images/thumb/a/a3/Heckert_gnu.big.png/300px-Heckert_gnu.big.png)
Freedom Software
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
![Research and Implementation Project](/w/images/thumb/7/7f/Cornues.png/300px-Cornues.png)
Research and Implementation Project
Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
![Fully Auditable](/w/images/thumb/4/44/Bho78-4ycp0.jpg/300px-Bho78-4ycp0.jpg)
Fully Auditable
Kicksecure is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.
![Complete respect for privacy and users freedom](/w/images/thumb/e/ef/Respect-freedom-symbol.jpg/300px-Respect-freedom-symbol.jpg)
Complete respect for privacy and user freedom
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data.
![Protected Updates](/w/images/thumb/1/16/Malware-updates-promo.jpg/600px-Malware-updates-promo.jpg)
Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor by default.
![Kernel Hardening](/w/images/thumb/8/8d/Tux-halo-promo.jpg/600px-Tux-halo-promo.jpg)
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
![Time Attacks Defense](/w/images/thumb/6/6d/Stopwatch.jpg/600px-Stopwatch.jpg)
Time attacks on Kicksecure users are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).
![Closed Ports](/w/images/thumb/2/29/Closed-ports-promo.jpg/600px-Closed-ports-promo.jpg)
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike other Linux distributions. All unsolicited incoming connections are rejected.
![Prevent TCP ISN Leaks](/w/images/thumb/a/a9/Data-leak.jpg/600px-Data-leak.jpg)
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. TCP ISN randomization prevents that.
![Many virtualizers](https://www.kicksecure.com/w/images/thumb/8/8e/Virtualizer-compatible.jpg/600px-Virtualizer-compatible.jpg)
You can easily try Kicksecure by using various virtualizers , which enables security compartmentalization by running a Kicksecure VM on top of a Kicksecure host to isolate malware and testing inside the VM.
![Brute Force defense](/w/images/thumb/d/d7/Franck-v-_E1PQXKUkMw-unsplash.jpg/600px-Franck-v-_E1PQXKUkMw-unsplash.jpg)
Kicksecure protects Linux user accounts against brute force attacks by using pam tally2.
![Better encryption](/w/images/thumb/e/ec/Entropy-promo.jpg/600px-Entropy-promo.jpg)
Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.
![Live mode option](/w/images/thumb/7/7e/Live-mode-promo.jpg/600px-Live-mode-promo.jpg)
Booting into VM Live Mode is as simple as choosing Live Mode in the boot menu. Alternatively Debian and perhaps other Debian-based hosts can boot their existing host operating system into Host Live Mode.
![Based on Linux](/w/images/thumb/6/62/Linux-based-kicksecure-promo.jpg/600px-Linux-based-kicksecure-promo.jpg)
Linux is highly reliable and secure. Its open source and freedom paradigm sets it apart from other OS. That's why Kicksecure is based on Linux.
![Onion website](/w/images/thumb/3/33/Onion-website-promo.jpg/600px-Onion-website-promo.jpg)
Our website offers an alternative onion version which offers a higher connection security between the user and the server. This is because connections over onions are providing an alternative end-to-end encryption which is independent from flawed TLS certificate authorities and the mainstream Domain Name System (DNS).
![Advanced Firewall](/w/images/thumb/8/82/Firewall-symbol.png/600px-Firewall-symbol.png)
Our Firewall is configured specifically for securely using the Internet.
![Apparmor](/w/images/thumb/e/ec/AppArmor-logo-promo.png/600px-AppArmor-logo-promo.png)
AppArmor profiles restrict the capabilities of commonly used, high-risk applications such as Tor Browser.
![Strong account separation](/w/images/thumb/8/87/Account-separation-promo.png/600px-Account-separation-promo.png)
Learn more about our Linux User Account Separation security-misc .
![Extensive documentation](/w/images/thumb/5/55/Advanceddocumentation213123.jpg/600px-Advanceddocumentation213123.jpg)
The more you know, the safer you can be: Extensive Kicksecure Documentation
![Virus Protection](/w/images/thumb/c/cf/Shield.png/600px-Shield.png)
Kicksecure provides additional security hardening measures and user education to provide better protection from viruses.
![Console lockdown](/w/images/thumb/7/74/Console-lockdown.jpg/600px-Console-lockdown.jpg)
Console Lockdown disables legacy login methods and thereby improves security hardening.
![Vibrant community](/w/images/thumb/a/af/Discourse_logo.png/600px-Discourse_logo.png)
Our vibrant community features Forums, Contributors and RSS
![Based on Debian](/w/images/thumb/3/30/Debian.png/600px-Debian.png)
In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. About Whonix
![Warrant caranry](/w/images/thumb/4/49/Canary-promo.jpg/600px-Canary-promo.jpg)
A canary confirms that no warrants have ever been served on the Kicksecure project.
![Swap file creator](/w/images/thumb/7/7b/File-swap-promo.jpg/600px-File-swap-promo.jpg)
Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.
![12 years of success](/w/images/thumb/f/ff/Success-symbol.png/600px-Success-symbol.png)
Kicksecure is created by the developers of Whonix, the great privacy tool with over 12 years of success. We have successfully protected our users from everyday trackers and even from high level attacks . Kicksecure is the rock solid foundation that Whonix is based on.
![Open Source](/w/images/thumb/0/09/Osi_standard_logo_0.png/600px-Osi_standard_logo_0.png)
All the Kicksecure source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
![Freedom Software](/w/images/thumb/a/a3/Heckert_gnu.big.png/600px-Heckert_gnu.big.png)
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
![Research Implementation Project](/w/images/thumb/7/7f/Cornues.png/600px-Cornues.png)
Research and Implementation Project: Kicksecure makes modest claims and is wary of overconfidence. Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
![Independently verifiable](/w/images/thumb/4/44/Bho78-4ycp0.jpg/600px-Bho78-4ycp0.jpg)
Kicksecure is independently verifiable by security experts and software developers around the world; you don’t have to trust developer claims. This improves security and privacy for everyone.
![Respect for privacy principles](/w/images/thumb/e/ef/Respect-freedom-symbol.jpg/600px-Respect-freedom-symbol.jpg)
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. There are no artificial restrictions imposed on possible system configurations .
![SUI Disabler and Permission Hardener](/w/images/thumb/e/ed/Disablesuidbinary.jpg/600px-Disablesuidbinary.jpg)
The purpose of SUID Disabler and Permission Hardener is to enhance system security. It does this by strengthening the isolation of Linux user accounts, implementing stricter file permission settings, and decreasing potential security vulnerabilities by turning off SUID-enabled binaries.
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.
![](/w/images/thumb/e/e8/Flyin-donate-promo.jpg/300px-Flyin-donate-promo.jpg)
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!