Monday, June 24, 2024

75 Open Source Apps To Replace Popular Security Software

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Hackers seem to be successfully attacking almost everyone these days. Already this year, the news has included high-profile cyberattacks targeting Facebook, Microsoft, Apple, Chase, Evernote, The Federal Reserve, Twitter, The Wall Street Journal, Bloomberg, Reuters, The New York Times and other companies.

While no security software can provide complete protection from every cyberattack, the open source community has developed a variety of tools that home users, small businesses and enterprises can use to improve their security profile. Many of these open source projects are of a very high quality—in fact, many have won awards and some have been incorporated into commercial applications.

Below and on the following pages, we’ve collected some of the best of these open source security applications and listed them with similar commercial software to provide a general idea of their capabilities. We update this list about once a year. For 2013, we extended it significantly, as well as updating information on tools we’ve already covered and eliminating some of the tools that are no longer regularly patched.

As always, if you know of additional open source security tools that you think should be on our list, please note them in the comments section below.


1. ClamAV

Replaces VirusScan Enterprise for Linux

Known as “the de facto standard for mail gateway scanning,” ClamAV is one of the most popular open source security applications available. The core open source product has been packaged into numerous other products, including Immunet a cloud-based version for Windows PCs. Note that the standard version of ClamAV offers on-demand scanning only and does not scan your system or incoming content in real-time. Operating System: Linux, but front-ends and additional versions are available for other OSes.

2. ClamTk

Replaces VirusScan Enterprise for Linux

One of the many front-ends for ClamAV, ClamTk offers an easy-to-use graphic interface. It’s won several awards and is available in numerous languages. Operating System: Linux.

3. ClamWin Free Antivirus

Replaces Kaspersky Anti-Virus, McAfee AntiVirus Plus, Norton Anti-Virus

More than 600,000 Windows users run this anti-virus software on their systems. It offers an easy installer, and it integrates with Windows Explorer and Outlook. As you might guess from the name, it is also based on ClamAV. Operating System: Windows.


4. Amanda

Replaces Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

It’s website proclaims that Amanda is “the most popular open source backup and recovery software in the world.” It can back up multiple networked systems to a single tape- or disk-based storage system, and it’s very easy to set up. It comes in a free community version, a paid enterprise version or as a paid appliance. Operating System: Windows, Linux, OS X.

5. Areca Backup

Replaces NovaBackup

If you only need to back up a single system, Areca offers an easy-to-use interface that balances simplicity with flexibility. Noteworthy features include compression, AES128 and AES256 encryption, filters and support for incremental, differential, delta and full backups. Operating System: Windows, Linux.

6. Bacula

Replaces Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

This popular network backup solution was designed for enterprise users. Those who need commercial support and services can get it through Bacula Systems. Operating System: Windows, Linux, OS X.

7. Clonezilla

Replaces Norton Ghost

This disk imaging and cloning tool comes in two separate editions. Clonezilla Live does backup and bare metal recovery for a single system. Clonezilla SE allows administrators to clone or multi-cast disk images for forty systems or more at the same time. Operating System: Windows, Linux, OS X.

8. FOG

Replaces Norton Ghost

Another cloning tool, FOG boasts easy use, centralized administration, powerful capabilities and scalability that can support networks with 2 to 20,000 systems. In addition to disk imaging, it also offers virus scanning, memory testing, disk wiping, testdisk, and file recovery features. Operating System: Windows, Linux.

9. Partimage

Replaces Norton Ghost, NovaBackup, McAfee Online Backup,

This backup solution creates an image of a partition or your entire system, copying only the used portions to save time and space. It can be used for backup or to copy an image onto many systems. Operating System: Linux.

10. Redo

Replaces Norton Ghost, NovaBackup, McAfee Online Backup,

Downloaded more than 750,000 times, Redo claims to be “easiest, most complete disaster recovery solution available.” It runs from a live CD, so no installation is necessary. It’s so fast and easy to use that even if you erase your entire hard drive, it can get you back up and running in just ten minutes. Operating System: Linux.


11. Chromium

Replaces Microsoft Internet Explorer

The open source version of Google’s Chrome browser boasts a number of built-in security features, like automatic updates, sandboxing, SafeBrowsing, blocking out-of-date plug-ins and more. The Chromium team includes well-known security experts, and they respond to vulnerability notifications very quickly–sometimes putting out patches within 24 hours. Operating System: Windows, Linux, OS X.

12. Firefox

Replaces Microsoft Internet Explorer

Developed by the Mozilla Foundation, Firefox also claims to offer a more secure browsing experience. Security features include instant website ID, private browsing, do-not-track capabilities, anti-virus and anti-phishing features, automatic updates and more. Operating System: Windows, Linux, OS X.

13. Tor Browser

Replaces Microsoft Internet Explorer

The Tor browser aims to keep you safe and anonymous while browsing the Internet. It transmits communications across multiple relays to prevent outsiders (like government entities) from spying on you or tracking your activities. Operating System: Windows, Linux, OS X.

Browser Add-Ons

14. Web of Trust (WOT)

Replaces McAfee SiteAdvisor Plus

According to the counter on its home page, WOT has been downloaded more than 68 million times. It displays a green, yellow or red “traffic light” for websites to let you know whether the site has a trusted reputation or not. It works with all major browsers, including Firefox, IE, Chrome, Safari and Opera. Operating System: Windows, Linux, OS X.

15. PasswordMaker

Replaces Kaspersky Password Manager, Roboform

Don’t keep using the same password over and over! PasswordMaker creates unique passwords for each service you use. All you have to remember is one master password and this add-on does the rest for you. Operating System: Windows, Linux, OS X.

Data Destruction

16. BleachBit 

Replaces Easy System Cleaner

BleachBit combines multiple security and privacy functions into a single utility. It cleans out “junk,” like cookies and temporary files, and it protects your privacy by erasing your history and deleting log files. It also includes a file “shredder” to help you completely eliminate all traces of unwanted files. Operating System: Windows, Linux.

17. Eraser

Replaces BCWipe Enterprise

Like other data “shredding” tools, Eraser completely eliminates all traces of a file from your drive by overwriting it several times with random data. The Eraser website suggests you might like to use it to make sure no one can recover your “passwords, personal information, classified documents from work, financial records, [or] self-written poems.” Operating System: Windows.

18. Wipe

Replaces BCWipe Enterprise

If you’re on Linux, you won’t be able to use Eraser, but you will be able to run Wipe, which offers much the same functionality. The site also offers a little more technical detail about how secure deletion works. Operating System: Linux.

19.Darik’s Boot and Nuke

Replaces Kill Disk, BCWipe Total WipeOut

If you need to delete an entire drive, DBAN does the job. It’s a great tool to use if you plan to donate or dispose of an old system and don’t want people to be able to access your records from the hard drive. Operating System: OS Independent.

Data Loss Prevention

20. OpenDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

This centrally managed DLP solution can scan thousands of Windows or Unix systems at once to discover any sensitive data at rest. It then returns results securely to an easy-to-use Web GUI, so that compliance officers and security personnel can determine what types of information might be residing on their systems. Operating System: Windows.

21. MyDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

A much more robust DLP solution, MyDLP can actually prevent sensitive data from leaving your system as well as identifying its location. In addition to the free community edition, it’s also available in a paid enterprise edition that comes with support. Operating System: Windows, Linux, VMware.

Email Security/Filtering

22. Scrollout F1

Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

Extremely popular, Scrollout F1 incorporates anti-spam, anti-virus and data loss protection capabilities into a free gateway security solution. It works with all mail servers, including Microsoft Exchange, Lotus Domino, Postfix, Exim, Qmail and others. Operating System: Windows, Linux.

23. ASSP

Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

This anti-spam proxy filter claims “When it comes to killing SPAM nothing is as deadly as an ASSP!” Key features include easy browser-based setup, support for most SMTP servers, automatic whitelisting for people you e-mail, early sender validation, virus filtering (based on ClamAV) and more. Operating System: OS Independent.

24. MailScanner

Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

This spam blocker boasts that it has been downloaded more than 1.4 million times (approximately 30,000 times per month) and is currently used in more than 225 countries. It includes both anti-virus and anti-spam capabilities, and it is included in many Linux distributions. Operating System: OS Independent.

25. SpamAssassin

Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

An Apache project, this self-proclaimed “powerful #1 open-source spam filter” has received numerous awards. It utilizes many different local and network tests to identify spam signatures, and it’s easy to add additional rules if you choose. Operating System: primarily Linux and OS X, although Windows versions are available.

26. SpamBayes

Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

This spam filter uses mathematical algorithms and your previous behavior to determine the probability that messages are spam or “ham,” and then it sorts them into the appropriate folders. It comes in multiple versions, including an Outlook plug-in. Operating System: OS Independent.

27. P3Scan

Replaces VirusScan Enterprise for Linux

This transparent proxy filter scans e-mail and attachments for spam, viruses, worm, Trojans and other malicious code. You can use it alone or alongside other anti-malware or anti-spam applications. Operating System: Linux.


28. AxCrypt

Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge

More than 2.7 million users have downloaded and registered this open source encryption solution. It integrates into the Windows Explorer (right-click to encrypt, double-click to decrypt) and also supports cloud storage services like DropBox, Live Mesh, SkyDrive and Operating System: Windows.

29. Gnu Privacy Guard

Replaces Symantec Email Gateway Solution (PGP)

Gnu’s email encryption solution supports multiple encryption algorithms and offers good key management features. It’s a command-line tool for Linux only, but other projects have created front ends and ported it to other operating systems. Operating System: Linux.

30. GPGTools

Replaces Symantec Email Gateway Solution (PGP)

If you’re on a Mac, you might want to try this version of GPG. But note that the Mountain Lion version is still in preview stage. Operating System: OS X.

31. gpg4win

Replaces Symantec Email Gateway Solution (PGP)

As the name suggests, this project brings Gnu Privacy Guard to Windows. It encrypts both files and mail messages, and it features an easy-to-use interface. Operating System: Windows.

32. PeaZip

Replaces WinZip

This compression and archiving tool also offers encryption and secure deletion capabilities. It supports more than 150 file formats and multiple encryption capabilities, plus it comes in 64-bit and portable versions. Operating System: Windows, Linux.

33. Crypt

Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge

Speed is Crypt’s claim to fame. This command-line encryption utility takes up only 44MB of space, and it can encrypt 30 files (3MB total) in just 0.7 seconds. Operating System: Windows.

34. NeoCrypt

Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge

NeoCrypt boasts an intuitive interface and “fast, reliable and unbreakable encryption.” Features include support for ten encryption algorithms, Windows Explorer integration, batch operations and more. Operating System: Windows.

35. LUKS/cryptsetup

Replaces Symantec Drive Encryption

Linux Unified Key Setup, or LUKS, claims to be “the standard for Linux hard disk encryption.” It encrypts an entire drive or partition at once and supports multiple passwords for multiple users. Operating System: Linux.

36. FreeOTFE

Replaces Symantec Drive Encryption

Short for “Free On The Fly Encryption,” FreeOTFE creates an encrypted virtual disk on your system. It supports multiple hash techniques and encryption algorithms, and it can run from a USB thumb drive. Operating System: Windows.


Replaces Symantec Drive Encryption

This very popular disk encryption utility has been downloaded more than 26 million times. It offers fast performance, thanks to parallelization and pipelining, and it supports hardware acceleration on modern processors. Operating System: Windows.


38. The Sleuth Kit/Autopsy Browser

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

These apps allow users to perform digital analysis on Windows, Linux, OS X or Unix systems. The Sleuth Kit is a command-line tool, and the Autopsy Browser provides a graphical front-end to make it easier to use. The site also offers quite a bit of information about digital forensics in general. Operating System: Windows, Linux, OS X.

Gateway/Unified Threat Management Appliances

39. Endian Firewall Community

Replaces Check Point Security Gateways, SonicWall, Symantec Web Gateway

With the community version of Endian, you can turn any PC into a Linux-based security appliance complete with firewall, anti-malware, Web filtering, VPN, spam-filtering and more. The company also offers paid hardware, software or virtual appliances based on the same open source code. Operating System: Linux.

40. Untangle Lite

Replaces Check Point Security Gateways, SonicWall, Symantec Web Gateway

Much like Endian, Untangle Lite can also turn standard Intel/AMD PC hardware into a security appliance. Interested customers can purchase individual security apps, complete security packages or hardware appliances from Untangle. Operating System: Linux.

41. ClearOS

Replaces Check Point Security Gateways, SonicWall, Symantec Web Gateway

This small business server also include gateway security functionality. Commercially supported products and services based on the same technology are available through ClearCenter. Operating System: Linux.

42. Sophos UTM Home Edition

Replaces Check Point Security Gateways, SonicWall, Symantec Web Gateway

Formerly known as Astaro Security Gateway, this free version of the Sophos software includes anti-malware, anti-spam, Web filtering, VPN and other capabilities. Sophos also offers a free, open-source essential firewall version for businesses, as well as paid versions of the software. Operating System: Linux.

Intrusion Detection

43. Open Source Tripwire

Replaces Tripwire

Tripwire is one of the leading commercial intrusion detection solutions. Over a decade ago, the company briefly released its flagship product under an open source license, and development has continued on that project independent from commercial Tripwire. Both products help to identify when hackers have broken into networks by monitoring for changes in your file system. Operating System: Windows, Linux.


Replaces Tripwire

Another File Integrity Checker, or AFICK for short, works very similarly to Tripwire. It’s very fast and runs from the command line or the included graphical interface. Operating System: Windows, Linux.

Network Firewalls

45. IPCop

Replaces Barricuda NG Firewall, Check Point Appliances

Most of the open source network firewall projects, including IPCop, make it possible to create your own Linux-based firewall appliance from standard PC hardware. This project has a fairly intuitive Web-based interface and is a good option for small business owners or others with small networks. Operating System: Linux.

46. Devil-Linux

Replaces Barricuda NG Firewall, Check Point Appliances

More full-featured than many open source network firewalls, Devil-Linux can function as an application server as well as a firewall/router. It can also run from a CD or a USB thumb drive. Operating System: Linux.

47. IPFire

Replaces Barricuda NG Firewall, Check Point Appliances

Designed to meet the needs of everyone from home users all the way up to large enterprises, IPFire boasts excellent flexibility and regular security updates. A number of add-ons and commercial support are avaialable. Operating System: Linux.

48. Turtle Firewall

Replaces Barricuda NG Firewall, Check Point Appliances

Turtle boasts simple, fast configuration of an iptables-based firewall. It’s a good option for fairly technical users, but might be overwhelming for those with less networking knowledge. Operating System: Linux.

49. Shorewall

Replaces Barricuda NG Firewall, Check Point Appliances

Also known as “Shoreline Firewall,” Shorewall aims to be “the most flexible and powerful” of the Linux-based firewall options. You can set it to act as a simple network firewall, as a multi-function gateway/server/router or to protect an individual system. Operating System: Linux.

50. Vuurmuur

Replaces Barricuda NG Firewall, Check Point Appliances

This iptables-based firewall boasts “powerful monitoring features” that allow real-time tracking of logs, connections and bandwidth. Other features include traffic shaping, an easy-to-use GUI, IPv6 support, anti-spoofing capabilities and more. Operating System: Linux.

51. m0n0wall

Replaces Barricuda NG Firewall, Check Point Appliances

Unlike most of the other projects on our list, m0n0wall is based on FreeBSD, not Linux. It can be used with embedded systems from PC Engines or Soekris Engineering, as well as with standard x86 PCs. Operating System: FreeBSD.

52. pfSense

Replaces Barricuda NG Firewall, Check Point Appliances

Another BSD-based option, pfSense is a very popular fork of m0n0wall that has been downloaded millions of times. It claims to offer “most all the features in expensive commercial firewalls, and more in many cases.” Commercial support is available. Operating System: FreeBSD.

53. Vyatta Network OS

Replaces Cisco products

Vyatta offers software-based networking capabilities, including enterprise-class routing, firewall and VPN features. In addition to the free open source version, it also offers paid enterprise versions of the software, which add more capabilities. Operating System: Linux.

Network Monitoring

54. Wireshark

Replaces OmniPeek, CommView

Wireshark boldly proclaims itself the “world’s foremost network protocol analyzer,” and it’s a very mature product with loads of documentation and help available. It performs deep inspection of hundreds of protocols, live capture, offline analysis and many other features. Commercial support and services are available through Riverbed Technology. Operating System: Windows, Linux, OS X.

55. tcpdump/libpcap

Replaces OmniPeek, CommView

Together, these two command-line tools offer a complete network analysis and monitoring solution: tcpdump does packet analysis, while libpcap does traffic capture. Many of the developers behind Wireshark are also involved with these projects. Operating System: Linux.

56. WinDump/WinPcap

Replaces OmniPeek, CommView

These two projects port tcpdump and libpcap to Windows. And, like Wireshark, they are also associated with Riverbed Technology. Operating System: Windows.

Operating Systems

57. BackTrack Linux

Replaces Windows

Built for penetration testing, BackTrack helps simplify the process of testing and hardening your networks, whether you’re a relative newcomer to the field or a seasoned professional. It includes a huge library of penetration testing and security tools, and it can be installed on a system or run from a Live DVD or USB thumb drive.

58. EnGarde Secure Linux

Replaces Windows

Engarde claims to be “the first truly secure, open source Internet operating platform.” It includes SELinux capabilities, plus intrusion detection, content filtering and other security features.

59. Liberté Linux

Replaces Windows

Based on Gentoo Linux, Liberté runs from a USB thumb drive, securing your system and encrypting your messages. The project website says, “Whether you are a privacy advocate, a dissident, or a sleeper agent, you are equally likely to find Liberté Linux useful as a mission-critical communication aid.”

60. LPS

Replaces Windows

Created by the U.S. Air Force, the Lightweight Portable Security, or LPS, Linux distribution can turn any PC or Mac into a secure communication node. It runs from a CD or USB thumb drive and removes all traces of your activity when you shut it down.

61. NetSecl

Replaces Windows

A variation of OpenSuse, NetSecl, like BackTrack, was built for use in penetration testing situations.

62. SELinux

Replaces Windows

It’s not a full operating system, but the SELinux projects has added access control capabilities to the Linux kernel. These features are incorporated into many other Linux distributions, including many of the most popular, like Red Hat and Fedora.

63. Tails

Replaces Windows

Another privacy-focused Linux distribution, Tails is short for “The Amnesic Incognito Live System.” Like Whonix, it leverages Tor and Debian, and it uses encryption tools to protect your files and communications. It runs from a live DVD or USB drive so that you can protect yourself no matter what system you’re on.

64. Whonix

Replaces Windows

Based on Virtual Box, Debian GNU/Linux and Tor, Whonix is designed to be a fully anonymous operating system that offers exceptional security and privacy protection. It claims to make IP and DNS leaks impossible.

Password Crackers

65. Ophcrack

Replaces Access Data Password Recovery Toolkit, Passware

Every network admin needs a password cracker in his or her arsenal for those times when passwords aren’t recoverable any other way. Developed by the people who invented rainbow tables, Ophcrack can use that method or brute force to find unknown passwords. Operating System: Windows, Linux.

66. John the Ripper

Replaces Access Data Password Recovery Toolkit, Passware

John the Ripper is a fast password cracker that relies lists of common passwords in various languages. In addition to the official community version, it also comes in a community-enhanced version, which supports many more ciphers and hashing techniques, or a pro version, which is customized for various OSes and is easier to install and use. Operating System: Windows, Linux, OS X.

67. PDFCrack

Replaces Access Data Password Recovery Toolkit, Passware

As you might guess from the name, this cracker specifically focuses on retrieving passwords and content from PDF files. It runs from the command line and uses both brute force and list-based cracking techniques. Operating System: Linux, Unix.

Password Management

68. KeePass Password Safe

Replaces Kaspersky Password Manager, RoboForm

Using the same password over and over is asking for trouble. Instead, try KeePass. It generates strong passwords for you and stores all your passwords in an encrypted database, so all you have to remember is one master password. Operating System: Windows.

69. KeePassX

Replaces Kaspersky Password Manager, RoboForm

Originally developed as a Linux fork of KeePass, this password safe is very similar to the KeePass. It now supports OS X and some versions of Windows, as well as Linux. Operating System: Windows, Linux, OS X.

70. Password Safe

Replaces Kaspersky Password Manager, RoboForm

This app boasts over a million downloads and very fast installation. Like KeePass, it remembers your passwords for you and keeps them secure in an encrypted database. Operating System: Windows.

Secure File Transfer

71. WinSCP

Replaces CuteFTP, FTP Commander

This award-winning utility supports SFTP, FTPS and SCP protocols for secure file transfer, as well as regular FTP when security isn’t required. It includes two different styles of graphic interface, or it can run from the command line. Operating System: Windows.

72. FileZilla

Replaces CuteFTP, FTP Commander

Like WinSCP, FileZilla supports all the standard file transfer protocols. In addition to the multi-platform client version, it also comes in a Windows-only server version. Operating System: Windows, Linux, OS X.

Spyware Blocker

73. Nixory

Replaces SpyBot Search and Destroy, AdAware

Whether you use Firefox, Chrome or Internet Explorer, Nixory erases malicious tracking cookies from your browser. Note that you’ll need to use it alongside other security software because it only erases tracking cookies and doesn’t block viruses or other types of malware. Operating System: OS Independent.

User Authentication

74. WiKID

Replaces Entrust IdentityGuard, Vasco Digipass, RSA’s SecurID

WiKID offers simple, software-based two-factor authentication solutions for enterprises. In addition to the free community version, it also comes in a paid enterprise version that includes some proprietary code. Operating System: OS Independent.

Web Filtering

75. DansGuardian

Replaces McAfee Family Protection NetNanny

This network content filtering tool uses phrase matching, PICS filtering and URL filtering to help block objectionable content. Recently, a new maintainer took over this project, so it is once again getting patches and updates. Operating System: Linux, OS X.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles