Don't buy that security software!
- 01 August, 2012 20:47
Open source doesn't have to mean free of cost, but thanks to the generosity of open source developers many thousands of great applications are free. Why spend money when you don't have to? Though if you like and depend on an app, nothing says thanks like clicking the "Donate" button.
Open source applications have advantages other than free or low cost. The best security products are open source, for example OpenSSH, OpenSSL, GPG, and the iptables firewall. Most commercial products are for Windows only, or sometimes Windows and Mac, while their open source cousins serve Mac, Linux, Unix, and other platforms. In this roundup we look at some good open source apps for securing and rescuing our data on PCs, and for protecting our mobile devices.
Secure delete, data recovery, clone, encrypt
The real gold on any of our computers is our personal data. These fine free open source programs scrub hard disks, undelete, recover data from failing and damaged storage media, and securely encrypt our files.
Darik's Boot and Nuke
Don't let your used computers out the door without first securely erasing all their hard disks. Unless you like being the victim of identity and data theft.
Darik's Boot and Nuke, DBAN for short, is operating system-independent and works on IDE, SCSI, and SATA hard drives on x86 and PowerPC systems.
DBAN is easy to use: download and copy it to the bootable media of your choice -- 3.5" diskette, CD/DVD, USB stick, or PXE boot over a network-- fire it up, and let 'er rip. You can wipe all hard disks on a system, or just selected ones. (Replaces BCWipe Total WipeOut, Secure Erase, HDShredder.)
TestDisk and PhotoRec repair and recover
Oh no, you hit the delete button and now you want your file back! What do you do? The first thing you do is stop and don't do anything. When you delete a file it's still there on your hard disk, with the space it uses marked as available for new files to be written on, so as long as it's not overwritten you can recover it. (If you ran DBAN, sorry, it's gone for good.) PhotoRec (for "recovery", not "wreck") recovers individual files of any kind and not just photos. TestDisk is a marvelous companion program for repairing damaged partition and boot tables. Both work on all major operating systems and filesystems, and have excellent documentation that tells you exactly what to do.
You can install these on just about any operating system (Mac, Linux, Windows, the BSDs and other Unixes), but the best way to run them is from bootable media. TestDisk and PhotoRec are included on a large number of Linux-based system rescue distributions like GParted LiveCD and Knoppix. My favorite is System Rescue on a USB stick, because it is fast even on older, less-powerful computers. My preferred method is to copy any restored files to a USB stick, USB hard drive, or to a different partition on the original drive, in order to disturb the bits I'm trying to recover as little as possible. (Replaces Recover Lost Partition, Active@ Partition Recovery, Disk Doctors.)
Rescue failing drives with ddrescue
When you need to perform recovery operations on any damaged or failing digital storage media, like a hard drive, USB stick, CD/DVD, or SSD, your first task is to copy whatever you can before it dies completely. Then you can operate on the copy without worrying about doing more damage to the original. GNU ddrescue is a superior tool for this.
ddrescue performs block-level copies, so it doesn't matter what filesystem or operating system is on the media. It is fast because it copies only the good blocks and passes over bad blocks, and it's automatic so you don't have to babysit. The device you are copying to, like a USB hard drive or second internal hard drive, should be 50% larger than the original. Again, I recommend using System Rescue, which includes ddrescue. (Replaces Norton Ghost, Acronis True Image, Paragon Backup & Recovery.)
Disk clone with Clonezilla
What if you want to clone your entire operating system and data so you can move it to a larger hard drive, or create a backup for a bare-metal restore? Check out the wonderful Clonezilla, which has the coolest name and mighty cloning superpowers. There are two editions: Clonezilla Live and Clonezilla SE. Clonezilla Live is for bare metal backup and recovery of individual machines, and it runs from a bootable USB stick or CD/DVD. Clonezilla SE clones multiple PCs simultaneously, and very quickly over your network.
Clonezilla operates at the block level on x86 and x86-64 platforms, so it copies any operating system and filesystem. (Replaces Norton Ghost and Symantec Ghost Corporate Edition.)
TrueCrypt is one of the most popular cross-platform encryption applications, and for good reason-- it's easy to use and very strong. TrueCrypt runs on Mac, Linux, and Windows. It encrypts partitions, entire storage devices, and creates hidden volumes. First you create an encrypted volume, and then files are automatically encrypted and decrypted on the fly as you use them. You only need to enter your password when you first mount a volume.
You can share encrypted volumes over a network, and TrueCrypt also has a portable mode where you can run it from removable media, without installing it on the host system.
TrueCrypt is not magical, so use a little common sense -- no file encryptor is proof against keystroke loggers or other malware present before it is installed, or physical possession of your machine when an encrypted volume is mounted and open.
If you would rather encrypt individual files without having to create encrypted volumes, try AES Crypt. It has a nice GUI for Mac and Windows, command-line only for Linux.
Don't forget your i-Thingy or Android gadget, because there are some great open source security applications for your mobile devices as well. These excellent open source apps manage passwords and protect your privacy.
Master Password (iOS)
Master Password for iOS is a stateless password manager. It does not save passwords on your iPhone/Pad/Pod, nor does it save them in some nebulous cloudy place somewhere. It employs a different strategy: it creates a new, strong password every time you need to log into a site. You only need to remember a single password. ($5.99, replaces Password Safe.)
Protect your online chat and instant messaging sessions from eavesdroppers with Secure Chat. ChatSecure encrypts AIM, Jabber, Google Talk, and all chat/IM apps that use the XMPP chat protocol.
Rights Alert (Android)
Apps that snoop on your activities and sneak data back to the mother ship have a bad habit of creeping into mobile app stores, so how are you supposed to protect yourself? Try Rights Alert. Rights Alert shows you a list of installed applications that are requiring excessive permissions, which could be a sign that they may be up to no good, poking and prying into parts of your system where they don't belong. Even if it's not snoopy, any app that requires excessive permissions creates a potential security hole.
The Guardian Project (Android)
The Guardian Project is a suite of open source privacy-protection apps that was created with the idea of protecting activists who are in danger simply for reporting events and sharing photos, and of course these apps work for anyone who is concerned for their online privacy.
Orbot brings Tor to Android. Tor is a network of proxy servers that anonymize your travels over the Internet. Orweb is a Web browser that operates in concert with Orbot to circumvent Web filters and blocks, protects your online privacy, and keeps your Android machine free of any trackable Internet history.
Gibberbot provides secure chat and instant messaging, with the bonus of Tor support.
ObscuraCam is a slick little app for anonymizing photos by obscuring the faces of people in the photos. It's still in alpha, but you can try it out and help test it.
Droidwall is a nice graphical front-end for the powerful and proven iptables firewall that has been an integral part of the Linux kernel for many years. It gives fine-grained control of which applications and services can have access to your networks, and controls what comes into your Droid over the network.
Droidwall requires a rooted Android. I think it is ridiculous to not have root access to your own computers, but that's the world we live in. See The 5 best reasons to root your Android phone to learn how.