Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor.
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
Kicksecure defeats time attacks on its users through Boot Clock Randomization and secure network time synchronization using sdwdate.
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike in some other Linux distributions.
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. tirdad prevents that.
With support for multiple virtualization options, trying out Kicksecure is easy. VMs also help contain and prevent the spread of malware.
For over 12 years as the creators of Whonix we have successfully protected our users from everyday trackers and even from high level attacks. And we're just getting started!
We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
Kicksecure is independently verifiable by security experts and software developers around the world. This improves security and privacy for everyone.
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data.
Kicksecure update servers know neither the identity nor IP address of the user because all upgrades are downloaded over Tor by default.
Kicksecure uses strong Kernel Hardening Settings as recommended by the Kernel Self Protection Project (KSPP).
Time attacks on Kicksecure users are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date).
Kicksecure provides a much lower attack surface since there are no open server ports by default unlike other Linux distributions. All unsolicited incoming connections are rejected.
Without TCP ISN randomization, sensitive information about a system's CPU activity can be leaked through outgoing traffic, leaving it vulnerable to side-channel attacks. TCP ISN randomization prevents that.
You can easily try Kicksecure by using various virtualizers , which enables security compartmentalization by running a Kicksecure VM on top of a Kicksecure host to isolate malware and testing inside the VM.
Kicksecure protects Linux user accounts against brute force attacks by using pam faillock.
Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.
Booting into VM Live Mode is as simple as choosing Live Mode in the boot menu. Alternatively Debian and perhaps other Debian-based hosts can boot their existing host operating system into Host Live Mode.
Linux is highly reliable and secure. Its open source and freedom paradigm sets it apart from other OS. That's why Kicksecure is based on Linux.
Our website offers an alternative onion version which offers a higher connection security between the user and the server. This is because connections over onions are providing an alternative end-to-end encryption which is independent from flawed TLS certificate authorities and the mainstream Domain Name System (DNS).
Our Firewall is configured specifically for securely using the Internet.
AppArmor profiles restrict the capabilities of commonly used, high-risk applications such as Tor Browser.
Learn more about our Linux User Account Separation security-misc .
The more you know, the safer you can be: Extensive Kicksecure Documentation
Kicksecure provides additional security hardening measures and user education to provide better protection from viruses.
Console Lockdown disables legacy login methods and thereby improves security hardening.
Our vibrant community features Forums, Contributors and RSS
In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Whonix. About Whonix
A canary confirms that no warrants have ever been served on the Kicksecure project.
Running low on RAM isn't a security problem. swap-file-creator will create an encrypted swap file.
Kicksecure is created by the developers of Whonix, the great privacy tool with over 12 years of success. We have successfully protected our users from everyday trackers and even from high level attacks . Kicksecure is the rock solid foundation that Whonix is based on.
All the Kicksecure source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.
Kicksecure is Freedom Software and contains software developed by the Free Software Foundation and the GNU Project.
Research and Implementation Project: Kicksecure makes modest claims and is wary of overconfidence. Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.
Kicksecure is independently verifiable by security experts and software developers around the world; you don’t have to trust developer claims. This improves security and privacy for everyone.
Kicksecure respects data privacy principles. We don’t make advertising deals or collect sensitive personal data. There are no artificial restrictions imposed on possible system configurations .
The purpose of SUID Disabler and Permission Hardener is to enhance system security. It does this by strengthening the isolation of Linux user accounts, implementing stricter file permission settings, and decreasing potential security vulnerabilities by turning off SUID-enabled binaries.