Security-Focused Operating System

Reasonably Secure Stable by Design Hardened Debian Linux

Download Now Kicksecure Overview Preview Kicksecure Overview

Learn What Is Kicksecure?

FREE Download

Hardware

Virtual Machine

Other

Wiki
FAQ
Features
Forum
News
Donate

Pre-installed applications are reviewed and configured for security

Encrypted Email Symbol Thunderbird KeePassXC Symbol KeePassXC VLC Symbol VLC Terminal Symbol Terminal Electrum Symbol Electrum Bitcoin Symbol Bitcoin Monero Symbol Monero

Fully Featured with Advanced Security Components

TCP ISN Leak Protection

CPU Information Leak Protection (TCP ISN Randomization)

Without TCP ISN randomization, sensitive information about a system’s CPU activity can leak through outgoing traffic, exposing the system to side-channel attacks. Tirdad protects against this vulnerability.

Without TCP ISN randomization, patterns in outgoing traffic can reveal unique characteristics of a system’s CPU, compromising user security. TCP ISN randomization helps preserve security by masking these signals.

Available for many virtualizers

Available for many virtualizers

With support for multiple virtualization options, trying out Kicksecure is easy. VMs also help contain and prevent the spread of malware.

You can easily try Kicksecure by using various virtualizers , which enables security compartmentalization by running a Kicksecure VM on top of a Kicksecure host to isolate malware and testing inside the VM.

15 more amazing features →

Entropy Enhancements

Entropy Enhancements

Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.

Strong entropy is required for computer security to ensure the unpredictability and randomness of cryptographic keys and other security-related processes. Kicksecure makes encryption more secure thanks to preinstalled random number generators.

Live Mode

Live Mode

Booting into Live Mode is as simple as choosing Live Mode in the boot menu. After the session, all data will be gone.

Booting a VM into Live Mode is as simple as choosing Live Mode in the boot menu. After the session, all data will be gone.

Based on Linux

Based on Linux

Linux is highly reliable, secure, free and Open Source. That's why Kicksecure is based on Linux.

Linux is highly reliable and secure. It is Open Source and freedom paradigm sets it apart from other OS. That's why Kicksecure is based on Linux.

Onion Website

Onion Website for Enhanced Connection Security

Our website offers an alternative onion service version. This offers a higher connection security between the user and the server.

Our website offers an alternative onion version which offers a higher connection security between the user and the server. This is because connections over onions are providing an alternative end-to-end encryption which is independent from flawed TLS certificate authorities and the mainstream Domain Name System (DNS).

Risk Minimization

Risk Minimization

AppArmor profiles restrict the capabilities of commonly used, high-risk applications.

AppArmor profiles restrict the capabilities of commonly used, high-risk applications such as Tor Browser.

Safer System Maintenance through User-Sysmaint-Split

Safer System Maintenance through User-Sysmaint-Split

Kicksecure boosts security by separating everyday use from system admin tasks. Two accounts are used by default—one for daily work, one for maintenance—limiting what harm malware could do.

Kicksecure increases safety by using separate accounts for daily use and admin tasks. This is called user-sysmaint-split. It prevents routine software—like a hacked browser—from gaining full system access or installing rootkits.

Hardening with Securing Debian Manual

Hardening with Securing Debian Manual

Kicksecure applies key system hardening techniques from the Securing Debian Manual by default, and adds original research to boost the baseline security.

Kicksecure integrates many of the system hardening practices from the Securing Debian Manual to improve its security posture. Although Debian's manual is older, Kicksecure supplements it with its own research and publishes updated security guidance in its wiki, ensuring users benefit from both foundational and current best practices.

Virus Protection

Virus Protection

Kicksecure provides additional security hardening measures and user education for better protection from virus attacks.

Kicksecure provides additional security hardening measures and user education to provide better protection from viruses / malware.

Home Folder Permission Lockdown

Home Folder Permission Lockdown

Kicksecure locks down user home folders by default, preventing one user from viewing another's files. This adds an extra layer of privacy and security.

Kicksecure enforces strict file permission settings in /home, automatically removing read, write, and execute access for others during setup or account creation. This prevents users from accessing each other's files and corrects unsafe permissions that may exist from earlier configurations. The approach aligns with hardening principles from the Securing Debian Manual.

Umask Hardening for Safer File Defaults

Umask Hardening for Safer File Permissions

Kicksecure improves file security by setting a stricter default umask for non-root accounts, so new files aren’t readable by others unless explicitly allowed.

To reduce the risk of unintended file exposure, Kicksecure sets a stricter default umask for non-root accounts so that new files are inaccessible to other accounts by default. This enhances security beyond the /home folder, especially in shared areas like folder /var.

Based on Debian

Based on Debian

Kicksecure is based on Debian, one of the most reliable Linux distributions.

In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Kicksecure. About Kicksecure

Warrant Canary

Warrant Canary

A canary confirms that no warrants have ever been served on the Kicksecure project.

A canary confirms that no warrants have ever been served on the Kicksecure project.

Permission Hardener

SUID Disabler and Permission Hardener

SUID Disabler and Permission Hardener enhances system security by strengthening the isolation of Linux user accounts and more.

The purpose of SUID Disabler and Permission Hardener is to enhance system security. It does this by strengthening the isolation of Linux user accounts, implementing stricter file permission settings, and decreasing potential security vulnerabilities by turning off SUID-enabled binaries.

Digital Signature Policy

Digital Signature Policy

Signed git commits, tags, and images are required. Unsigned code is strictly prohibited in builds and deployments. Documentation encourages digital signature verification.

Checking digital signatures helps protect users from harmful software (malware or viruses). It proves the software is real, hasn't been tampered with, and keeps users safer. The Kicksecure Digital Signature Policy requires signed git commits, tags, and images. Unsigned code is strictly prohibited in builds and deployments. Documentation encourages digital signature verification.

Freedom Values

Open Source

Open Source

We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.

All the Kicksecure source code is licensed under OSI Approved Licenses. We respect user rights to review, scrutinize, modify, and redistribute Kicksecure. This improves security and privacy for everyone.

Research and Implementation Project

Research and Implementation Project

Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.

Research and Implementation Project: Kicksecure makes modest claims and is wary of overconfidence. Kicksecure is an actively maintained research project making constant improvements; no shortcomings are ever hidden from users.

Upcoming Security Enhancements

8 more Enhancements →

Post-quantum cryptography resistant signing

Post-quantum cryptography resistant signing of releases

Post-quantum cryptography resistant signing of releases

TODO modal text

Join the team!

Help Welcome Your help is very welcome! As a patron, as a multiplier or even as a contributor!