Kicksecure - Secure by Default Operating System

Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor by default.

Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).

Time attacks on Kicksecure users are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).

Kicksecure provides a much lower attack surface since there are no open server ports by default unlike other Linux distributions. All unsolicited incoming connections are rejected.

Prevent de-anonymization of Tor onion services via utilization of the Tirdad kernel module for random ISN generation .

It simple to give Kicksecure a try with the many virtualizer options This als allows security compartmentalization by using a Kicksecure VM on top of a Kicksecure host to contain malware and/or testing inside the VM.

Kicksecure protects Linux user accounts against brute force attacks by using pam tally2.

Better encryption thanks to preinstalled random number generators.

Booting into VM Live Mode is as simple as choosing Live Mode in the boot menu. Alternatively Debian and perhaps other Debian-based hosts can boot their existing host operating system into Host Live Mode.

Linux is highly reliable and secure. Its open source and freedom paradigm sets it apart from other OS. That's why Kicksecure is based on Linux.

Our website offers an alternative onion version which offers a higher connection security between the user and the server. This is because connections over onions are providing an alternative end-to-end encryption which is independent from flawed TLS certificate authorities and the mainstream Domain Name System (DNS).

Our Firewall is configured specifically for securely using the Internet.

AppArmor profiles restrict the capabilities of commonly used, high-risk applications such as Tor Browser.

Learn more about our Linux User Account Separation security-misc .

The more you know, the safer you can be: Extensive Kicksecure Documentation

Kicksecure provides additional security hardening measures and user education to provide better protection from viruses.

Console Lockdown disables legacy login methods and thereby improves security hardening.

Our vibrant community features Forums, Contributors and RSS

In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. About Whonix

Downloads are signed so genuine Whonix releases can be verified.

A canary confirms that no warrants have ever been served on the Kicksecure project.

Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.

Run Android applications using Anbox

Kicksecure is created by the developers of Whonix, the great privacy tool with over 10 years of success. We have successfully protected our users from everyday trackers and even from high level attacks . Kicksecure is the rock solid foundation that Whonix is based on.

All the Kicksecure source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.

Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.

Research and Implementation Project: Kicksecure makes modest claims and is wary of overconfidence. Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.

Kicksecure is independently verifiable by security experts and software developers around the world; you don’t have to trust developer claims. This improves security and privacy for everyone.

Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. There are no artificial restrictions imposed on possible system configurations .