5 'Great' Open-source Desktop Security Applications

At $0.00 what are you going to lose?

Contributions from free and open software makers can be found throughout the tech world. From your datacenter to the desktop and everywhere in between; there's an open solution to your computing needs. This is no less true in information security. My focus in this article is the several outstanding information security desktop tools that personify the innovation and ingenuity of the FOSS (Free and Open Source Software) world. Please keep in mind that all of these applications (except one) are cross-platform so you can find appropriate versions on whatever you run (BSD, Mac OSX, Linux or Windows). The examples herein, however, will be catered to the largest install base (statistically): Microsoft Windows.

GnuPG & Gpg4win

GNU Privacy is a free software encryption application that is a product of the Free Software Foundation's GNU Software project. GnuPG provides a complete free software implementation of the OpenPGP standard RFC4880, making it interoperable with other OpenPGP complaint systems. Out of the box GnuPG provides a command line interface (CLI) with numerous optional graphical add-ons available for nearly all platforms. On Windows, there is Gpg4win, which is a unified set of graphical tools on top of GnuPG (command-line based). Featured packed, it offers all the options of GnuPG plus integration into Explorer for file encryption, a certificate manager application, a plug-in for Microsoft Outlook, and even a full-blown version of Clawsmail with the plug-in for GnuPG installed.

ClamAV & ClamWin

ClamWin is a lightweight and simple open source software anti-virus program for Windows. It features automatic updates, a schedule scanner, integration into context menu of Windows Explorer and even a Microsoft Outlook add-on. ClamWin is based on the ClamAV engine, which is an open source anti-virus package catered to e-mail gateways on Unix/Linux. This scanner is very light on systems resources and can be run in conjunction with other malware detection suites, as I often do. No anti-malware suite is perfect but this light and stable protection helps in a world of ever present and evolving malware.


KeePass is an open source, secure password management utility. It replaces those uber-secure sticky notes littered with passwords that you have around your monitor (let's hope you don't) with a simple yet sound application to securely store them. Unlike those sticky notes, passwords are AES or Two-fish encrypted in a database file. Keepass is feature rich with the ability to import and export, auto type, drag and drop support, a password generator and numerous add-ons to further extend its functionality.


PeaZip is a sleek open source file and archive manager that supports a wide array of compression and encryption standards. It provides many helpful security features such as two-factor authentication, secure deletion, checksum and hash verification and WinZip's, PKZip's and 7's AES256 encryption, to name a few. PeaZip is a simple, sleek feature packed archive manager I recommend for any desktop.


As we all know the delete key is hardly effective or secure. Data retention is a very real concern for the security minded. Eraser is a Windows only secure data removal tool that supports a myriad of secure removal methods such as Guttman, US DoD 5220.22.M and Schneirer. With Eraser, you can erase individual files or folders, unused disk space, or the contents of the recycling bin with a simple point-and-click interface. Integration into the context menu of Windows Explorer allows for easy access to this powerful tool with a quick right click. It's highly configurable scheduler helps keep you secure by automating this process for you. The one weakness of this application is that it's only available for Windows, but hopefully ports to Linux, Mac OS X, Unix and BSD will be forthcoming.

I hope you will take time to try these applications for yourself. Don't take my word for it, try them yourself. At $0.00 what are you going to lose? If you do find them useful, please consider paying it forward with a donation or other contribution to the projects.

Joseph Guarino is the owner and senior consultant at EvolutionaryIT and is based in Boston.

Join the CSO newsletter!

Error: Please check your email address.

Tags open sourcesecurity

More about AES EnvironmentalClamWinFree Software FoundationLinuxMicrosoftNUPGPWinZip

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joseph Guarino

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts