Kicksecure ™ - Secure by Default Operating System

Pre-release - Try it for FREE

Kicksecure ™ is still in development and contributions are welcome.

Windows

MacOS

Linux

Debian

VirtualBox

Qubes

Kicksecure on USB

KVM

chroot

ISO (coming soon)

Pre-installed applications are reviewed and configured for security

Thunderbird

KeePassXC

HexChat

VLC

Terminal

Electrum

Bitcoin

Monero

Fully Featured with Advanced Security Components

Protection from Targeted Malicious Updates

Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor by default.

Kernel Self Protection Settings

Kicksecure uses Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).

Time Attack Defenses

Time attacks are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).

TCP ISN CPU Information Leak Protection

Prevents TCP ISN based kernel side-channel attacks through Tirdad kernel module for random ISN generation.

Brute force attack protection

Protect user accounts against brute force attacks by using pam tally2 .

Entropy Enhancements

Better encryption thanks to preinstalled random number generators.

Live Mode

Booting into Host Live Mode is as simple as choosing Live Mode in the boot menu.

12 more amazing features →

Advanced Firewall

No open ports by default.

AppArmor

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

Strong Linux User Account Separation

Learn more about our Linux User Account Separation security-misc .

Extensive Documentation

The more you know, the safer you can be: Extensive Kicksecure Documentation

Virus Protection

Additional security hardening measures and user education to provide better protection from viruses.

war

Console Lockdown

Console Lockdown disables legacy login methods for improved security hardening.

Vibrant Community

Our vibrant Kicksecure community features Forums and Contributors

Based on Debian

Anything possible in "vanilla" Debian GNU/Linux can be replicated in Kicksecure. About Kicksecure

Digitally signed releases

Downloads are signed so genuine Kicksecure releases can be verified.

Warrant Canary

A canary confirms that no warrants have ever been served on the Kicksecure project.

swap-file-creator

Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.

Android Support

Run Android applications using Anbox (outdated).

Freedom Values

10 Years of Success

Created by the same developers of Whonix, who have successfully protected users against Real World Attacks for more than 10 years.

Open Source

All the Kicksecure source code is licensed under OSI Approved Licenses . We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.

Freedom Software

Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

Research and Implementation Project

Be wary of those confidently calling themselves all-knowing, all-perfect. Kicksecure is an actively maintained research project making constant improvements -- no shortcomings are ever hidden from users.

Fully auditable

You don’t have to trust our word that it respects and protects you. It is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.

Complete respect for privacy and user freedom

Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. There are no artificial restrictions imposed on possible system configurations.

Upcoming Security Enhancements

Linux Kernel Runtime Guard (LKRG) performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.

Hardened Malloc Light is a hardened memory allocator which can be used with many applications to increase security which is already installed by default and will be enabled by default.

sandbox-app-launcher is an application launcher that can start each application inside its own restrictive sandbox. Each application runs as its own user, in a bubblewrap sandbox and confined by AppArmor.

Full system Mandatory Access Control (MAC) policy - "AppArmor for everything"

Untrusted Root User

Enforce kernel module software signature verification

6 more Enhancements →

Deactivate malware after reboot from non-root compromise

Hardened Linux Kernel

Post-quantum cryptography resistant signing of releases

Mount Options Hardening

SUID Disabler and Permission Hardener

Multiple boot modes for better security (user, live, secureadmin and superadmin)

Investors

Interested in becoming an investor? See Project Metrics and contact details.

Join the team!

Your help is very welcome! As a patron, as a multiplier or even as a contributor!

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure ™ A secure by default operating system with the latest security research in place.

Donate

FREE · PLUS · PREMIUM Support

At Kicksecure we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Kicksecure ™ is supported by Evolution Host DDoS Protected VPS.

Kicksecure ™ is a secure by default operating system with the latest security research in place.

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Kicksecure

ENCRYPTED SUPPORT LP, 2022

Kicksecure ™ is Hardened by Kicksecure ™

A secure by default operating system with the latest security research in place.

Learn What Is Kicksecure?

Pre-release - Try it for FREE

Pre-installed applications are reviewed and configured for security

Fully Featured with Advanced Security Components

Protection from Targeted Malicious Updates

Kernel Self Protection Settings

Time Attack Defenses

TCP ISN CPU Information Leak Protection

Brute force attack protection

Entropy Enhancements

Live Mode

12 more amazing features →

Advanced Firewall

AppArmor

Strong Linux User Account Separation

Extensive Documentation

Virus Protection

Console Lockdown

Vibrant Community

Based on Debian

Digitally signed releases

Warrant Canary

swap-file-creator

Android Support

Freedom Values

10 Years of Success

Open Source

Freedom Software

Research and Implementation Project

Fully auditable

Complete respect for privacy and user freedom

Upcoming Security Enhancements

6 more Enhancements →

Investors

Join the team!