Kicksecure ™ is a hardened operating system designed to be resistant to viruses and malicious code. Based on hardened Debian in accordance with an advanced multi-layer defense model. Kicksecure ™ provides protection from many types of malware in its default configuration with no customizations required.
Multi-layered hardening enhancements provides security in-depth by default.
- haveged / jitterentropy-rng [archive] installed to provide better entropy [archive] for cryptographic [archive] tools.
- Insecure [archive] Network Time Protocal (NTP [archive]) is replaces with Secure Distributed Web Date (sdwdate) to mitigate threats from time based attacks.
- Inclusion of package security-misc [archive] to strengthen areas commonly targeted for attack.
- Apparmor [archive] is enabled by default. Apparmor protects operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.
- SecBrowser; A Security-hardened Non-anonymouse Browser is installed by default. Developed for use with Kicksecure ™, Secbrowser has numerous enhancements which provides better protection from exploits, thereby reducing the risk of infection from malicious, arbitrary code.
- Open Link Confirmation [archive] enabled by default prevents links from being unintentionally opened in supported browsers such as SecBrowser.
- To mitigate threats from DNS cache poisoning -- commonly referred to as DNS spoofing [archive] -- dnscrypt [archive] is enable by default.
- Hardened Malloc is enabled by default; which mitigates threats from memory attacks. Hardened Malloc can be used with numerous applications to increase security.
- Firejail [archive] enabled by default. This easy to use SUID [archive] sandbox program reduces the risk of security breaches by restricting the running environment of untrusted applications.
Kicksecure ™ provides usability by default. This means Kicksecure ™ can be used as an everyday multipurpose operating system.
- Package shared folder help [archive] simplifies shared folder set up for virtual machines.
- Package usabilty-misc [archive] installed by default which improves usability and provides increased flexibility.
Popular applications come pre-installed and configured with safe defaults to make them ready for use right out of the box.
Sensitive user data is protected by state-of-the-art cryptographic tools.
- Local user data is protected by Linux Unified Key Setup (LUKS [archive]) which uses strong encryption to safe-guard your information.
- Communications (email) can be both end-to-end encrypted [archive] and signed [archive] with OpenPGP.
- For example; kernel hardening, strong linux user account separation and numerous misc security settings
- DNS spoofing results in traffic being diverted to the attacker's computer (or any other computer)
- This is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities.
- Currently only helps using shared folders with VirtualBox. Other virtualizers -- such as KVM shared folder setup -- might be possible in the future
- See when Full Disk Encryption can -- and can not --protect your data.