Frequently asked questions

Answers to popular questions about KasperskyOS and KasperskyOS Community Edition
What is KasperskyOS? Is this just another flavor of Linux?

The KasperskyOS kernel was internally developed by Kaspersky and is not based on any already existing project (Linux or otherwise).

Why do I need KasperskyOS?

KasperskyOS is a specialized operating system created from scratch by Kaspersky. Thanks to the principles embedded in its architecture, our OS can serve as the foundation for products that possess Cyber Immunity: built-in security against the majority of cyberattack types. This is critical for digital infrastructures that require a high level of security assurance.

What is new about KasperskyOS?

KasperskyOS is the first-ever operating system that can be used to make IT products Cyber Immune. These products are nearly impossible to hack, and only a fraction of attack types launched against a Cyber Immune system can affect its critical functions. Solutions powered by KasperskyOS require no added protection: everything you need is already inside the system.

How does your OS work?

KasperskyOS provides flexibility in setting security policies: rules that the system will follow throughout its life cycle and that will prevent it from performing potentially dangerous operations.

The components of our OS are separated into isolated security domains and cannot affect one another. All of their interactions go through the microkernel, while Kaspersky Security System passes a security verdict on each. If an interaction fails to match defined policies, it is blocked even before the execution.

Thanks to this, when developing for KasperskyOS, you can use untrusted components that do not have Cyber Immunity. If one of them proves to be vulnerable, and attackers take advantage of this, the OS simply will not allow the component to perform operations that are not authorized by the security policy and that affect the functioning of the product.

What makes KasperskyOS secure?

The inherent security of KasperskyOS is embedded into its architecture and philosophy.

Thus, nothing can run or function unless explicitly allowed by system administrators and application developers. Security policies that describe each permitted action are defined as early as the design stage of an IT product based on KasperskyOS.

The KasperskyOS microkernel contains only a few hundred thousand lines of code, so the attack surface is minimal. The strict isolation of system components ensures operability in every situation: even if one of them fails, the OS will continue to perform its critical functions.

The KasperskyOS design conforms to the MILS and FLASK architectures, while adding Kaspersky’s own security technology.

Is it possible to hack your OS?

The Cyber Immune approach at the heart of KasperskyOS prevents an attacker from affecting system operation even if some of the non-Cyber Immune components get hacked. Our microkernel and flexible security system technologies rule out unauthorized functions.

Does that mean any product powered by KasperskyOS is immune?

To make a product based on KasperskyOS Cyber Immune, you must strictly follow the special Kaspersky methodology.

Only IT systems that are intrinsically secure (secure by design) can be considered Cyber Immune. To summarize, creating Cyber Immune applications requires that the following be ensured from the moment development starts:

  • Description of security objectives and assumptions
  • Security domain isolation tools and independent control of all of their interactions
  • Guarantees that the security objectives will be achieved in every possible system use case, including the declared assumptions – except when the trusted computing base of the product has been compromised
  • Guarantees of reliability of the product’s entire trusted computing base that meet the standards of the intended security class
Does KasperskyOS collect any data?

KasperskyOS does not collect or share data. All drivers, system services, applications, etc. are moved out of the kernel and isolated, and their behavior is strictly limited by security policies.

No component of the system can store or send data unless allowed by applicable policies.

Products and trends
Is it possible to purchase Cyber Immune products from you today?

Yes, it is. First, there is Kaspersky IoT Infrastructure Security whose key element is secure gateways for the internet of things, indispensable devices for modern businesses that use IoT sensors and controllers. Kaspersky IoT Secure Gateway (KISG) 1000 is currently available, and sales of KISG 100, the first-ever industrial Cyber Immune IoT gateway, have begun. By the way, it was named one of the best designs in the world in 2020 at the 7th World Internet Conference in Wuzhen, China.

Second, there is Kaspersky Secure Remote Workspace, which includes software for thin clients: computer-like user terminals for connecting to corporate virtual desktop infrastructure.

Also available for prototyping is the Kaspersky Automotive Adaptive Platform SDK for developing car electronic components.

Where can KasperskyOS be used?

First of all, on the internet of things and in process control, in industries with high cybersecurity standards. Examples include manufacturing, energy, government agencies, transport infrastructure.

Devices already running KasperskyOS include thin clients, a key part of Kaspersky Secure Remote Workspace, and IoT gateways, which help build secure IoT networks and implement digital transformation in the manufacturing industry. In 2020, Kaspersky Automotive Adaptive Platform was integrated into an automotive ECU.

Our OS is evolving, and the range of supported devices is growing. For example, Kaspersky is investigating the possibility of adapting the OS for mobile platforms.

Will KasperskyOS be available for the B2C market?

KasperskyOS is a specialized operating system. At the moment, it can only serve as the basis for designs intended for embedded IT systems with features required by specific clients.

That said, we are confident that Cyber Immunity is an important trend that will grow fast in the segment of personal digital devices, among others. Thanks to Cyber Immunity users won’t have to worry about the security of their devices, as these will be protected from most cyberattacks by default. This is a future worth striving for.

In which regions will KasperskyOS be sold?

Kaspersky IoT Secure Gateways 100 and 1000 are already available for purchase in Russia and Belarus. They are being sold in Europe by Spanish distributor V-Valley. This year, the company plans to enter the META and APAC markets. We are also working on pilot projects in Latin America.

Are there operating systems with similar functionality?

Of course, there are operating systems on the market that help to create functional products with a very high level of security. However, no modern operating system can give products Cyber Immunity: inherent protection against cyberattacks. That requires Kaspersky’s special methodology.

Is antivirus required if your OS is installed?

KasperskyOS is designed for devices on which an antivirus cannot be installed. Examples include secure gateways, electronic control units inside cars, thin clients.

That is why we designed our OS not to need any additional protection. Its architecture prevents attackers from affecting the functioning of the system even if a component has been compromised.

Couldn't find an answer to your question?
Ask a Question
Security and Cyber Immunity
How is the security of KasperskyOS guaranteed?

The native code of KasperskyOS is continually subjected to various kinds of testing, including fuzzing. Some of the more critical components undergo formal verification and validation of security models. Code is subjected to static and dynamic analysis. Penetration tests are regularly conducted. A Bug Bounty program is planned.

How do hardware vulnerabilities (such as Meltdown and Spectre) impact the security of a KasperskyOS-based solution?

When designing products based on KasperskyOS, we consider only hardware that is trusted. When using our particular system, the potential harm that could be caused by Meltdown, Spectre and similar vulnerabilities is minimal.

Meltdown enables non-privileged code to read data from the privileged space of the kernel. KasperskyOS is a microkernel operating system, and its kernel does not contain much data that could be used by a cybercriminal. Most system services, including those related to encryption, are implemented in the user space.

Successful exploitation of Spectre relies on the existence of memory areas shared between processes. This is what enables the creation of a parasitic communication channel based on timing access to cache lines for indirect memory access. By default, KasperskyOS does not provide for the use of shared memory. The exclusive nature of such cases means that there is a very low likelihood that this hardware vulnerability could be maliciously exploited.

Driver management
How do drivers interact with the kernel?

A typical driver manages a device via read/write operations through I/O ports (MMIO/PIO). It also interacts with a device via DMA. The device notifies the driver about completed requests and events by sending interrupts. This means that the kernel must provide the driver with a service that would allow it to obtain access to I/O ports, allocate DMA buffers, and handle interrupts. All of these capabilities are provided by the IO service of the kernel. A driver waits for interrupts by using something similar to an IPC Call: the interrupt handler thread from the driver makes a Call to the kernel and goes to sleep waiting for an interrupt. When the corresponding interrupt is received by the kernel, the kernel wakes the relevant thread that went to sleep after the Call, thereby allowing the interrupt to be handled. The thread then goes back to sleep. Access to kernel services is privileged and must be granted only to drivers and other critical components of the architecture. IPC-based implementation of access to kernel services enables use of all available technologies of the Kaspersky Security Module to deny/restrict program access to kernel services.

Are there guides for integrating drivers and applications originally designed for Linux into KasperskyOS?

There are no guides for porting drivers and applications from Linux to KasperskyOS. Drivers are ported based on ready-to-use drivers and the accepted driver model.

KasperskyOS Community Edition
What is KasperskyOS Community Edition?

KasperskyOS Community Edition is a software development kit (SDK) designed to help you build a custom KasperskyOS image for a specific set of hardware platforms. The distribution kit includes the KasperskyOS kernel, solution development tools, numerous libraries (with usage examples), and documentation. The SDK is distributed as a DEB package for Debian GNU/Linux 10 “Buster” and can be downloaded for free at the provided link. The image does not include command-line interface tools such as a console or GUI. After installation, the SDK is deployed in the directory /opt/KasperskyOS-Community-Edition-<version>.

What is the purpose of KasperskyOS Community Edition?

KasperskyOS Community Edition was designed to serve as a free tool for learning the principles of building a KasperskyOS-based solution, understanding the specifics of implementing security policies, and writing and debugging custom pilot projects. The license will also let you modify the components that are provided as source code. KasperskyOS Community Edition currently lets you develop software for embedded systems managed over an Ethernet network (via web interface or other protocols).

Can we use KasperskyOS CE for commercial development?

The KasperskyOS Community Edition (CE) version is not intended for commercial use. This distribution package lets you develop a fully functional product and demonstrate it to potential customers. To directly distribute commercial products based on KasperskyOS, you must purchase a commercial license.

The terms and conditions of a commercial license depend on many parameters, including the number of devices that will be produced and the specific business model (for example, fixed payments, royalties, or shared revenue). The cost may also be affected by any work performed by Kaspersky experts if necessary for a specific project. This potential work may include support for the specific hardware platform, other technical support, and updates.

If you already have tentative details or project parameters, please share them with us so that our colleagues can propose a suitable business model for you and calculate the appropriate cost.

Even if you have not yet decided on any specific parameters, Kaspersky is committed to supporting successful KasperskyOS-based products and will never set any cost-prohibitive terms for licenses.

What can KasperskyOS Community Edition NOT be used for?

KasperskyOS Community Edition is not intended for commercial use. In other words, it cannot be resold, even as a part of other software/hardware systems. A separate license would be required for such purposes. To find out the conditions for such use, please contact

KasperskyOS Community Edition is not intended to directly run applications that were written for other operating systems. Applications must be properly ported before they can be run.

Third Party Libraries
Which libraries are currently available in the KasperskyOS Community Edition distribution package?

PCRE (regular expressions), CivetWeb, Boost, mbedTLS, and Mosquitto.

How are these libraries supported?

These libraries are currently supported entirely by the KasperskyOS development team. At some point, we would like to hand off support for these libraries to original developers or to the open source community.

Are there any useful libraries that are not included in the SDK?

Fully compatible with KasperskyOS Community Edition fork of nginx is already available on GitHub. Ported libraries for nginx, php, Node.JS, and Samba will soon be published at Ported php, Node.JS and Samba are being prepared for deployment.

How can a developer use the libraries of other developers?

You can use static and dynamic libraries. To utilize libraries when building a solution, you need to specify the relevant library in the dependencies of the corresponding artifact. Dynamic libraries are provided in the SDK, and can also be created by a KasperskyOS-based solution developer. Normal operation of third-party dynamic libraries cannot be guaranteed.

Open source, licensing, and certification
How are ported Linux drivers licensed?

The licenses are inherited.

Which languages and compilers are used for KasperskyOS development?

Currently, KasperskyOS solutions can be developed in C and C++ using GCC cross compilers.

Which IDEs are currently available for preparing application code?

The currently recommended development environment is VSCode with C/C++ syntax highlighting.

Couldn't find an answer to your question?
Ask a Question

Couldn't find an answer to your question?

We answer questions about our solutions, technology, plans and more

Contact the team

Learn more about technology or commercial partnerships

More details