Kicksecure - Secure by Default Operating System

A secure by default operating system with the latest security research in place.

FREE Download Copy or share this direct link! https://www.kicksecure.com/#download Click below ↴ = Copy to Clipboard [[#download|download]]
Copy as Wikitext [download](https://www.kicksecure.com/#download)
for Discourse, reddit, GitHub [download](https://www.kicksecure.com/#download)
Copy as Markdown [url=https://www.kicksecure.com/#download]download[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Pre-installed applications are reviewed and configured for security

Thunderbird

KeePassXC

VLC

Terminal

Electrum

Bitcoin

Monero

Fully Featured with Advanced Security Components Copy or share this direct link! https://www.kicksecure.com/#security Click below ↴ = Copy to Clipboard [[#security|security]]
Copy as Wikitext [security](https://www.kicksecure.com/#security)
for Discourse, reddit, GitHub [security](https://www.kicksecure.com/#security)
Copy as Markdown [url=https://www.kicksecure.com/#security]security[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Protection from Targeted Malicious Updates

Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor.

Kernel Self Protection Settings

Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).

Time Attack Protection

Kicksecure protects its users from time attacks by implementing Boot Clock Randomization and secure network time synchronization using sdwdate.

No Open Ports by Default

Kicksecure provides a much lower attack surface since there are no open server ports by default unlike in some other Linux distributions.

CPU Information Leak Protection (TCP ISN Randomization)

Without TCP ISN randomization, sensitive information about a system’s CPU activity can leak through outgoing traffic, exposing the system to side-channel attacks. Tirdad protects against this vulnerability.

Available for many virtualizers

With support for multiple virtualization options, trying out Kicksecure is easy. VMs also help contain and prevent the spread of malware.

Based on Debian

Kicksecure is based on Debian, one of the most reliable Linux distributions.

Digitally signed releases

Downloads are signed so genuine Kicksecure releases can be verified.

Warrant Canary

A canary confirms that no warrants have ever been served on the Kicksecure project.

Swap File Creator

Running low on RAM isn't a security problem with swap-file-creator. It will create an encrypted swap file.

SUID Disabler and Permission Hardener

SUID Disabler and Permission Hardener enhances system security by strengthening the isolation of Linux user accounts and more.

Digital Signature Policy

Signed git commits, tags, and images are required. Unsigned code is strictly prohibited in builds and deployments. Documentation encourages digital signature verification.

Brute Force Defense

Kicksecure protects Linux user accounts against brute force attacks by using pam faillock.

Entropy Enhancements

Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.

Live Mode

Booting into Live Mode is as simple as choosing Live Mode in the boot menu. After the session, all data will be gone.

Based on Linux

Linux is highly reliable, secure, free and Open Source. That's why Kicksecure is based on Linux.

Onion Website for Enhanced Connection Security

Our website offers an alternative onion service version. This offers a higher connection security between the user and the server.

Risk Minimization

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

Strong Linux User Account Separation

Linux User Account Separation is not always a given on Linux systems. In Kicksecure it is.

Safer System Maintenance through User-Sysmaint-Split

Kicksecure boosts security by separating everyday use from system admin tasks. Two accounts are used by default—one for daily work, one for maintenance—limiting what harm malware could do.

Safer Temporary Files with libpam-tmpdir

Kicksecure includes libpam-tmpdir to improve system security by isolating temporary files per user and tightening file permissions, reducing the risk of /tmp-based and symlink attacks.

Hardening with Securing Debian Manual

Kicksecure applies key system hardening techniques from the Securing Debian Manual by default, and adds original research to boost the baseline security.

Comprehensive Security Documentation

Knowledge is a defense: Kicksecure offers extensive documentation to empower users with critical security information and best practices.

Virus Protection

Kicksecure provides additional security hardening measures and user education for better protection from virus attacks.

Console Lockdown

Legacy login methods can be a security risk. Console Lockdown disables them for improved security hardening.

Home Folder Permission Lockdown

Kicksecure locks down user home folders by default, preventing one user from viewing another's files. This adds an extra layer of privacy and security.

Umask Hardening for Safer File Permissions

Kicksecure improves file security by setting a stricter default umask for non-root accounts, so new files aren’t readable by others unless explicitly allowed.

Based on Debian

Kicksecure is based on Debian, one of the most reliable Linux distributions.

Digitally signed releases

Downloads are signed so genuine Kicksecure releases can be verified.

Warrant Canary

A canary confirms that no warrants have ever been served on the Kicksecure project.

Swap File Creator

Running low on RAM isn't a security problem with swap-file-creator. It will create an encrypted swap file.

SUID Disabler and Permission Hardener

SUID Disabler and Permission Hardener enhances system security by strengthening the isolation of Linux user accounts and more.

Digital Signature Policy

Signed git commits, tags, and images are required. Unsigned code is strictly prohibited in builds and deployments. Documentation encourages digital signature verification.

Brute Force Defense

Kicksecure protects Linux user accounts against brute force attacks by using pam faillock.

Entropy Enhancements

Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.

Live Mode

Booting into Live Mode is as simple as choosing Live Mode in the boot menu. After the session, all data will be gone.

Based on Linux

Linux is highly reliable, secure, free and Open Source. That's why Kicksecure is based on Linux.

Onion Website for Enhanced Connection Security

Our website offers an alternative onion service version. This offers a higher connection security between the user and the server.

Risk Minimization

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

Freedom Values Copy or share this direct link! https://www.kicksecure.com/#values Click below ↴ = Copy to Clipboard [[#values|values]]
Copy as Wikitext [values](https://www.kicksecure.com/#values)
for Discourse, reddit, GitHub [values](https://www.kicksecure.com/#values)
Copy as Markdown [url=https://www.kicksecure.com/#values]values[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Open Source

We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.

Freedom Software

Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

Research and Implementation Project

Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.

Fully Auditable

Kicksecure is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.

Complete respect for privacy and users freedom

Complete respect for privacy and user freedom

Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data.

Upcoming Security Enhancements Copy or share this direct link! https://www.kicksecure.com/#upcoming Click below ↴ = Copy to Clipboard [[#upcoming|upcoming]]
Copy as Wikitext [upcoming](https://www.kicksecure.com/#upcoming)
for Discourse, reddit, GitHub [upcoming](https://www.kicksecure.com/#upcoming)
Copy as Markdown [url=https://www.kicksecure.com/#upcoming]upcoming[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Ram Wipe

ram-wipe is a software project designed to protect against RAM extraction attacks by erasing the contents of a computer's random access memory (RAM) when the system is shut down or restarted.

Ram Wipe

USBGuard attempts to mitigate a limited subset of USB hardware attacks by rejecting most USB devices that are plugged in after bootup.

Sandbox App Launcher

sandbox-app-launcher is an application launcher that can start each application inside its own restrictive sandbox. Each application runs as its own user, in a bubblewrap sandbox and confined by AppArmor.

Hardened Linux Kernel

Limit Kernel Information Leaks

Hide Other Users' Processes

Hide Other Users' Processes for Better Isolation

Enhanced Security via Mount Options (noexec)

Limit Compiler and Interpreter Access

Post-quantum cryptography resistant signing of releases

Apparmor.d

apparmor.d - Full system Mandatory Access Control (MAC) policy - "AppArmor for everything"

Deactivate malware after reboot

Deactivate malware after reboot from non-root compromise

Hardened Linux Kernel

Limit Kernel Information Leaks

Hide Other Users' Processes

Hide Other Users' Processes for Better Isolation

Enhanced Security via Mount Options (noexec)

Limit Compiler and Interpreter Access

Post-quantum cryptography resistant signing of releases

Apparmor.d

apparmor.d - Full system Mandatory Access Control (MAC) policy - "AppArmor for everything"

Deactivate malware after reboot

Deactivate malware after reboot from non-root compromise

Hardened Linux Kernel

Limit Kernel Information Leaks

Hide Other Users' Processes

Hide Other Users' Processes for Better Isolation

Enhanced Security via Mount Options (noexec)

Join the team! Copy or share this direct link! https://www.kicksecure.com/#contribute Click below ↴ = Copy to Clipboard [[#contribute|contribute]]
Copy as Wikitext [contribute](https://www.kicksecure.com/#contribute)
for Discourse, reddit, GitHub [contribute](https://www.kicksecure.com/#contribute)
Copy as Markdown [url=https://www.kicksecure.com/#contribute]contribute[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Your help is very welcome! As a patron, as a multiplier or even as a contributor!

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!