Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

This page outlines the primary user experience objectives for the stable release of Kicksecure.

User Experience Goals[edit]

The goal for the stable version of Kicksecure is to provide a reliable and interruption-free user experience. Users should expect to never encounter issues with:

• System boot process;
• Network connectivity;
• Graphical desktop environment;
• APT package management;
• Necessity for manual interventions or fixes.

Furthermore, each stable version of Kicksecure should support seamless upgrades to the subsequent stable release, typically within a month after the new version becomes available.

Issues such as 2023 December's Microsoft Windows 11 KB5033375 update breaks Wi-Fi connectivity are to be avoided

Security versus Usability[edit]

Where is the line? When does security get too much in the way, until there is no longer a product that is actually useful for users?

The Trade-Off Between Security and Usability[edit]

The idea of maximum security sounds appealing—who wouldn't want better security? But achieving this often comes at a cost, and the cost is typically usability. The balance between security and usability is hard to strike.

Maximum Security: Unrealistic Expectations?[edit]

If we push for maximum security, users are often left with unrealistic time and skill requirements.

Examples:

• If maximum security is the goal, why offer binary downloads at all? Why not require users to build everything from source code?
• Why are we offering binary package repositories? -> Go upgrade from source code.
• Difficult? Uncomfortable? -> Yes, go write your own scripts to simplify.
• Using a binary kernel provided by Debian? -> Why not compile your own kernel tailored for your use case?
• Why are we using a binary distribution (Kicksecure) based on Debian, which is also a binary distribution? -> It would be more secure to learn everything about Linux From Scratch. Learn about all the software packages (bootloader, kernel, init, desktop environment, ...), choose the ones you deem most secure, compile them from source code.

These are all examples of maximum security at the expense of usability and realistic time constraints.

Real-World Examples of Security/Usability Trade-offs[edit]

In other words, if the user wants maximum security, the user cannot use any Linux distribution. A distribution necessarily always makes choices on behalf of the user because users cannot be expected to make all of these choices themselves. These choices cannot be perfect for any single user (except perhaps for 1 single user or 1 developer) and are necessarily always a compromises.

CVE-2024-1086 was a local privilege escalation bug that could be exploited when kernel.unprivileged_userns_clone = 1 was set. Local privilege escalation means malware is already running on the system under a limited Linux user account such as user user.

To counteract this, there are tools like Flatpak and AppImage, which provide sandboxing capabilities. These tools can be used to install newer software. For example, it could be argued that a browser from Flathub may be safer from remote code execution than one installed from packages.debian.org. Such software might be more resistant to remote code execution vulnerabilities, which is more important than local code exploitation resistance.

It could even be considered to install software from Flatpak by default in Kicksecure (for the purpose of the default browser, which is a separate issue -> Dev/Default_Browser).

However, the price for that is enabling kernel.unprivileged_userns_clone = 1.

Also, sandbox-app-launcher, which hopefully one day will be ready for use in production, relies on bubblewrap, which then either requires SUID or kernel.unprivileged_userns_clone = 1. This is also a security compromise. Less security if the system is already compromised from local privilege escalation, but more security in other ways because malware would be trapped inside the sandbox, unable to attempt many local privilege escalation attacks.

Hypothetical Questions to Illustrate the Dilemma[edit]

Kicksecure development goal is to avoid becoming a broken mess where documentation reading is required for common activities.

Hypothetical Questions:

• The desktop doesn't start, sound doesn't work? -> Recompile your kernel + enable module loading.

User Choices[edit]

User options boil down to this:

• If you want maximum security, stop using Linux distributions and use Linux from scratch.
• If you want maximum security, while still having good usability (on the level of Debian or better), use Kicksecure.

Conclusion: Finding the Right Balance[edit]

These scenarios illustrate the challenges users face when security becomes too rigid. There has to be a balance, where we keep users safe without creating unnecessary barriers to entry or regular usage.

In the end, a one-size-fits-all approach to security doesn't work. While maximum security is theoretically possible, it often compromises usability to the point of absurdity. Kicksecure strives to offer a middle ground—strong security features without sacrificing the usability users need.

Usability and Development Practices[edit]

High-Quality Solutions[edit]

Kicksecure's approach to software development and distribution maintenance is characterized by a commitment to high-quality solutions, rather than resorting to workarounds, hacks, temporary fixes, quick and dirty solutions, or finger-pointing.

For example, discussed in MAC randomization breaks root server and VirtualBox DHCP / IPv6PrivacyExtensions might be problematic, MAC randomization won't be enabled by default in Kicksecure if it is already known to break networking inside VirtualBox VMs.

Kicksecure isn't just for my personal computer security hardening. It needs to work for the actual users of Kicksecure.Patrick, Kicksecure lead developer

Streamlined Development Process[edit]

Contributing to other projects such as Debian, Qubes, Tails is comparatively more difficult than contributing to Kicksecure. For example, have a look at the Tails merge policy.

Kicksecure has a different approach and streamlined processes.

• Not insisting that contributors write a clean commit history.
• Contributors are not asked to git squash and rebase primarily for minor aesthetic adjustments.
• No perfect documentation is requested either.
• Patrick, the reviewer, will attempt to take on additional minor, detail-focused commits on top and, if feasible, also make other improvements himself.

As a result, projects such as Kicksecure and Whonix have, in Patrick's opinion, progressed more rapidly than Tails development.

For instance, Tails lacks analogous features to Kicksecure's security-misc and similar tools.

An illustrative example is found in the handling of libpam-tmpdir pull request. This would probably have been reverted by Tails and returned to the contributor as per its "Do not break the build... or get reverted" policy.

Differentiating Linux Distributions[edit]

Quote from Arch Linux wiki:

Sometimes called "newbie distros", the beginner-friendly distributions share a lot of similarities, though Arch is quite different from them.

Quote from Gentoo Linux wiki:

Gentoo will likely require more effort to learn than so-called "beginner-friendly" distributions.

These quotations highlight that not all distributions aim to be, or are, beginner-friendly.

Kicksecure: A User-Friendly Fork of Debian[edit]

In this context, Kicksecure, a fork of Debian, represents an effort to create a more user-friendly experience compared to Debian. Arguably, this has already been accomplished with respect to getting started with Linux inside VirtualBox. The Kicksecure website is significantly more streamlined and easier to use than the Debian website. This is elaborated in chapter usability by default.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!