Kicksecure

A secure by default operating system with the latest security research in place. Learn More

ISO: Unavailable. In development. Check back later.

Installation: Check other installation methods.

Download for Windows 10

Windows
Linux

Linux

Pre-release version.

Development is ongoing and contributions are welcomed.

Pre-installed applications are reviewed and configured for security.

Fully Featured and Advanced Security Features

Live Mode

Live Mode

Booting into Live Mode is a simple as choosing Live Mode in the boot menu.

time

Time Attack Defenses

Time attacks are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).

tirdad

TCP ISN CPU Information Leak Protection

Prevents TCP ISN based kernel side-channel attacks through Tirdad kernel module for random ISN generation.

entropy

Entropy Enhancements

Better encryption thanks to preinstalled random number generators.

AppArmor

AppArmor

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

security-misc

Kernel Self Protection Settings

Kicksecure uses Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).

Protect Linux user accounts against brute force attacks

By using pam tally2.

security-misc

Strong Linux User Account Separation

security-misc

Documentation

Extensive Documentation

The more you know, the safer you can be.

anbox

Android Support

Run Android applications using Anbox (outdated) or Kicksecure-Custom-Workstation using Android x86.

Virus Protection

Virus Protection

Additional security hardening measures and user education through Kicksecure provide better protection from viruses.

Console Lockdown

Console Lockdown

Console Lockdown disables legacy login methods for improved security hardening.

Advanced Firewall

Advanced Firewall

No open ports by default.

YouTube

swap-file-creator

Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.

Forums and more

Vibrant Community

Forums
Contributors

History

History

By the same developers as Whonix, which has an nine year history of protecting our users against Real World Attacks.

Fully Auditable

Fully auditable

You don’t have to trust our word that it respects and protects you. It is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.

privacy

Complete respect for privacy

Your data always belongs to you, and only you. We don’t make advertising deals or collect sensitive personal data. We’re funded directly by our users paying what they want. And that’s how it should be.

Canary

Warrant Canary

A canary confirms that no warrants have been served on the Kicksecure project.

Debian

Based on Debian

In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Kicksecure. About Kicksecure

Freedom

Complete user freedom

There are no artificial restrictions on how users can reconfigure the system.

signed

Digitally signed releases

Downloads are signed so you can verify they are genuine Kicksecure releases.

GNU

Freedom Software

Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

OpenSource

Open Source

All of Kicksecure source code is licensed under OSI Approved Licenses. We respect the rights of our users. All of Kicksecure is available for review, scrutiny, modification, and redistribution by anyone. This improves security and privacy for everyone.

research

Research and Implementation Project

Be wary of those confidently calling themselves all-knowing, all-perfect. Kicksecure is an actively maintained research project making constant improvements -- no shortcomings are ever hidden from users.

Upcoming Security Enhancements

LKRG

Linux Kernel Runtime Guard (LKRG)

Better encryption thanks to preinstalled random number generators.

Hardened Malloc

Hardened Malloc is a hardened memory allocator which can be used with many applications to increase security. A fork by Kicksecure will be enabled by default.

Sandboxed Application Launcher

Sandbox-app-launcher

An application launcher that starts each app inside its own restrictive sandbox as its own user and confined by AppArmor.

Full system Mandatory Access Control

"AppArmor for everything"

Untrusted Root User

Enforce kernel module software signature verification.

Deactivate malware after reboot from non-root compromise.

Hardened Linux Kernel

Post-quantum cryptography resistant signing of releases

Mount Options Hardening

Disable SUID Binaries

Multiple boot modes for better security (user, live, secureadmin, superadmin).

Help welcomed!

Investors

Investors

Interested in becoming an investor? See Project Metrics.