







Whonix ™ [archive] is based on Kicksecure ™. Kicksecure ™ is a derivative of Debian and was formerly called Hardened Debian.

About Kicksecure.

Hardening by Default [ edit ]

Coming Soon [ edit ]

Usability by Default [ edit ]

Vision [ edit ]

The Problem with Security Guides and How We Can Fix It [archive]

ISO [ edit ]

sudo apt-get install kicksecure-cli will be possible on bare metal Debian hosts -- in other words, Debian installations can be easily converted into Kicksecure ™ by installing the kicksecure-cli or another Kicksecure ™ Debian package. This is also called distro-morphing [archive] .

will be possible on bare metal Debian hosts -- in other words, Debian installations can be easily converted into Kicksecure ™ by installing the kicksecure-cli or another Kicksecure ™ Debian package. This is also called distro-morphing . a possible future ISO for installation on hardware depending on community interest and support

Kicksecure ™ Development Goals [ edit ]

(The wiki source for the following text can be found here.)



This section details potential future security enhancements for Kicksecure ™.

Most iPhone / Android devices [6] "Libre Android" [7] Linux Desktop Distributions Kicksecure ™ Development Goals Upgrades do not require vendor No Yes Yes Yes User freedom to replace operating system No Yes Yes Yes Administrator capabilities (root) not refused No Yes Yes Yes Custom operating system (bootloader unlock) not refused No Yes Yes Yes Software changes (rooting or bootloader unlock) might cause trouble with or void device warranty No [8] No [9] Yes Yes No user freedom restrictions No Yes Yes Yes No spyware included in operating system No Yes Yes Yes No culture of freemium applications that spy on users in appstores No Yes Yes Yes Culture of Freedom Software in appstores No Yes Yes Yes Freedom Software No [10] Yes Yes Yes Compromised application cannot access data of other applications Yes [4] Yes [4] No Yes Malware on a compromised system cannot easily gain root Yes Yes No Yes Reasonable resistance against system wide rootkit Yes [11] Yes [11] No Yes Verified Boot Yes Yes No Yes Hardened Kernel [archive] Yes Yes some Yes Full System MAC Policy [archive] Yes Yes No Yes Internal storage can reasonably easily be removed and mounted elsewhere for the purpose of data recovery or hunting malware / rootkits. No [12] No [9] Yes [13] Yes [14] Internal storage can reasonably easily be decrypted once transferred to a different device if password is known. No [15] No [16] Yes Yes [17] Can reasonably easily boot from external hard drive, ignoring internal harddrive for purpose of data recovery or hunting malware / rootkits. No No [9] Yes Yes [14] Can reasonably easily create full data backup. No [18] Yes Yes Yes [14]

Can reasonably easily create full data backup of any app when device is rooted with Titanium Backup or similar No [19] Yes Yes Yes [14] Applications cannot refuse data backup (for purpose of malware, spyware analysis or backup and restore). No [20] Yes Yes [21] Yes [14] No culture of users can ask device (code) for permission and device (code) will decide. No Yes Yes [21] Yes [14] No culture of applications refusing to run if device is rooted No [22] Yes Yes Yes [14] Prevention of targeted malicious upgrades. [23] No [24] ? [25] ? [26] Yes [27]

Quote More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research [archive]. The operating system of these devices:

Do not receive security upgrades from the vendor.

Third parties (such as users or the modding community) cannot provide (security) upgrades either due to locked bootloaders, which cannot be unlocked due to vendor decision and due to unavailability of a security bug which could unlock the bootloader.

Even if bootloaders can be unlocked there might not be an adequate operating system upgrades available from third parties, such as the modding community. Either due to unpopularity of the devices among modding developers and/or due to technical challenges.

Ability to upgrade (security fixes) devices; replace operating system; bootloader freedom vs bootloader non-freedom:

iPhones and some Android devices have locked boot loaders that cannot be unlocked. This restricts user freedom and makes replacing the operating system impossible without a verified boot bypass exploit. In case the vendor deprecated security support for the device, the only choices users realistically have is to keep using an insecure device, or to buy a device which still has security support. Similarly, locked bootloaders also prevent gaining administrator (root) access.

Some Android devices do allow unlocking the bootloader but not with custom verified boot keys, causing a decrease in security.

Some Android devices (such as the Nexus or Pixel devices) support full verified boot with custom keys that can be used with alternative operating systems.

Kicksecure ™ will not implement these kinds of user freedom restrictions since it is not required nor desirable. The capability to replace the operating system or gain administrator access will remain fully supported. Many popular device operating systems utilize security technologies which restrict user freedoms. In contrast, Kicksecure ™ aims to utilize the same security concepts for the goal of empowering the user and increasing protection from malware.

It is theoretically possible to provide some of the same iPhone / Android security concepts on the Linux Desktop too. Steps have already been made to apply mobile device security concepts to desktop Linux such as security-misc [archive] and apparmor-profile-everything [archive]. Security technologies like hardened kernels or verified boot used by popular mobile operating systems could also be ported to Linux desktops. Community contributions are gladly welcomed! Here is a list of potential security enhancements for Kicksecure ™:

User Population / Promotion [ edit ]

The security-minded community is larger than the anonymity-minded community. Through Kicksecure ™ we can work on our shared interest in computer security.

Apply as many security settings by default without breaking usability too much.

Kicksecure ™ is already the base for Whonix - Anonymous Operating System.

This project might migrate to its own domain name kicksecure.com depending on community interest and available resources.

https://www.wilderssecurity.com/threads/hardened-debian-in-development-feedback-wanted.408245/ [archive]

Help Wanted [ edit ]

Does anyone want to help create an installer ISO?

Kicksecure ™ will hopefully soon become available as a TemplateVM for Qubes OS [archive] .

. looking for new webmaster [archive]



Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow:

Donate:

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.