Kicksecure - Secure by Default Operating System
Donate
A secure by default operating system with the latest security research in place.
Rock Solid Security
Kicksecure is a secure by default OS always based on the latest security research.
Download Now
Learn What Is Kicksecure?
FREE Download
Copy or share this direct link!
https://www.kicksecure.com/#download
Click below ↴ = Copy to Clipboard
[[#download|download]]
Copy as Wikitext
[download](https://www.kicksecure.com/#download)
for Discourse, reddit, GitHub
[download](https://www.kicksecure.com/#download)
Copy as Markdown
[url=https://www.kicksecure.com/#download]download[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Fully Featured with Advanced Security Components
Copy or share this direct link!
https://www.kicksecure.com/#security
Click below ↴ = Copy to Clipboard
[[#security|security]]
Copy as Wikitext
[security](https://www.kicksecure.com/#security)
for Discourse, reddit, GitHub
[security](https://www.kicksecure.com/#security)
Copy as Markdown
[url=https://www.kicksecure.com/#security]security[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Protection from Targeted Malicious Updates
Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor.
Kernel Self Protection Settings
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
Time Attack Protection
Kicksecure defeats time attacks on its users through Boot Clock Randomization and secure network time synchronization using sdwdate.
No Open Ports by Default
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike in some other Linux distributions.
CPU Information Leak Protection (TCP ISN)
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. tirdad prevents that.
Available for many virtualizers
With support for multiple virtualization options, trying out Kicksecure is easy. VMs also help contain and prevent the spread of malware.
Freedom Values
Copy or share this direct link!
https://www.kicksecure.com/#values
Click below ↴ = Copy to Clipboard
[[#values|values]]
Copy as Wikitext
[values](https://www.kicksecure.com/#values)
for Discourse, reddit, GitHub
[values](https://www.kicksecure.com/#values)
Copy as Markdown
[url=https://www.kicksecure.com/#values]values[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
12 Years of Success
For over 12 years as the creators of Whonix we have successfully protected our users from everyday trackers and even from high level attacks. And we're just getting started!
Open Source
We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
Freedom Software
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
Research and Implementation Project
Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
Fully Auditable
Kicksecure is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.
Complete respect for privacy and user freedom
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data.
Upcoming Security Enhancements
Copy or share this direct link!
https://www.kicksecure.com/#upcoming
Click below ↴ = Copy to Clipboard
[[#upcoming|upcoming]]
Copy as Wikitext
[upcoming](https://www.kicksecure.com/#upcoming)
for Discourse, reddit, GitHub
[upcoming](https://www.kicksecure.com/#upcoming)
Copy as Markdown
[url=https://www.kicksecure.com/#upcoming]upcoming[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Join the team!
Copy or share this direct link!
https://www.kicksecure.com/#contribute
Click below ↴ = Copy to Clipboard
[[#contribute|contribute]]
Copy as Wikitext
[contribute](https://www.kicksecure.com/#contribute)
for Discourse, reddit, GitHub
[contribute](https://www.kicksecure.com/#contribute)
Copy as Markdown
[url=https://www.kicksecure.com/#contribute]contribute[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor by default.
Click = Copy
Copied to clipboard!
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
Click = Copy
Copied to clipboard!
Time attacks on Kicksecure users are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).
Click = Copy
Copied to clipboard!
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike other Linux distributions. All unsolicited incoming connections are rejected.
Click = Copy
Copied to clipboard!
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. TCP ISN randomization prevents that.
Click = Copy
Copied to clipboard!
You can easily try Kicksecure by using various virtualizers , which enables security compartmentalization by running a Kicksecure VM on top of a Kicksecure host to isolate malware and testing inside the VM.
Click = Copy
Copied to clipboard!
Kicksecure protects Linux user accounts against brute force attacks by using pam faillock.
Click = Copy
Copied to clipboard!
Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.
Click = Copy
Copied to clipboard!
Booting a VM into Live Mode is as simple as choosing Live Mode in the boot menu. After the session, all data will be gone.
Click = Copy
Copied to clipboard!
Linux is highly reliable and secure. Its open source and freedom paradigm sets it apart from other OS. That's why Kicksecure is based on Linux.
Click = Copy
Copied to clipboard!
Our website offers an alternative onion version which offers a higher connection security between the user and the server. This is because connections over onions are providing an alternative end-to-end encryption which is independent from flawed TLS certificate authorities and the mainstream Domain Name System (DNS).
Click = Copy
Copied to clipboard!
Our Firewall is configured specifically for securely using the Internet.
Click = Copy
Copied to clipboard!
AppArmor profiles restrict the capabilities of commonly used, high-risk applications such as Tor Browser.
Click = Copy
Copied to clipboard!
The more you know, the safer you can be: Extensive Kicksecure Documentation
Click = Copy
Copied to clipboard!
Kicksecure provides additional security hardening measures and user education to provide better protection from viruses / malware.
Click = Copy
Copied to clipboard!
Console Lockdown disables legacy login methods and thereby improves security hardening.
Click = Copy
Copied to clipboard!
In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. About Whonix
Click = Copy
Copied to clipboard!
A canary confirms that no warrants have ever been served on the Kicksecure project.
Click = Copy
Copied to clipboard!
Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.
Click = Copy
Copied to clipboard!
Kicksecure is created by the developers of Whonix, the great privacy tool with over 12 years of success. We have successfully protected our users from everyday trackers and even from high level attacks . Kicksecure is the rock solid foundation that Whonix is based on.
Click = Copy
Copied to clipboard!
All the Kicksecure source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
Click = Copy
Copied to clipboard!
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
Click = Copy
Copied to clipboard!
Research and Implementation Project: Kicksecure makes modest claims and is wary of overconfidence. Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
Click = Copy
Copied to clipboard!
Kicksecure is independently verifiable by security experts and software developers around the world; you don’t have to trust developer claims. This improves security and privacy for everyone.
Click = Copy
Copied to clipboard!
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. There are no artificial restrictions imposed on possible system configurations .
Click = Copy
Copied to clipboard!
The purpose of SUID Disabler and Permission Hardener is to enhance system security. It does this by strengthening the isolation of Linux user accounts, implementing stricter file permission settings, and decreasing potential security vulnerabilities by turning off SUID-enabled binaries.
Click = Copy
Copied to clipboard!
A secure by default operating system with the latest security research in place.
Copy or share this direct link!
https://www.kicksecure.com/
Click below ↴ = Copy to Clipboard
[[|Kicksecure - Secure by Default Operating System]]
Copy as Wikitext [Kicksecure - Secure by Default Operating System](https://www.kicksecure.com/)
for Discourse, reddit, GitHub [Kicksecure - Secure by Default Operating System](https://www.kicksecure.com/)
Copy as Markdown [url=https://www.kicksecure.com/]Kicksecure - Secure by Default Operating System[/url]
Copy as phpBB
We don't use embedded scripts
This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also
Social Share Button.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!