59 Open Source Tools That Can Replace Popular Security Software

Published on: March 15, 2011
Last Updated: March 15, 2011

59 Open Source Tools That Can Replace Popular Security Software

Published on: March 15, 2011
Last Updated: March 15, 2011

It’s been about a year since we last updated our list of open source tools that can replace popular security software. This year’s list includes many old favorites, but we also found some that we had previously overlooked.
In addition, we added a new category — data loss prevention apps. With all the attention generated by the WikiLeaks scandal, more companies are investing in this type of software, and we found a couple of good open source options.

Thanks to Datamation readers for their past suggestions of great open source security apps. Feel free to suggest more in the comments section below.

Resource Contents show


1.) ASSP

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
ASSP (short for “Anti-Spam SMTP Proxy”) humbly calls itself “the absolute best SPAM fighting weapon that the world has ever known!

It works with most SMTP servers to stop spam and scan for viruses (using ClamAV). Operating System: OS Independent.

2.) MailScanner

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

Used by more than 100,000 sites, MailScanner leverages Apache’s SpamAssassin project and ClamAV to provide anti-spam and anti-virus capabilities.

It’s designed to sit on corporate mail gateways or ISP servers to protect end users from threats. Operating System: OS Independent.

3.) SpamAssassin

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

This Apache project declares itself “the powerful #1 open-source spam filter.” It uses a variety of different techniques, including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases, to filter out bulk e-mail at the mail server level. Operating System: primarily Linux and OS X, although Windows versions are available.

4.) SpamBayes

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

This group of tools uses Bayesian filters to identify spam based on keywords contained in the messages.

It includes an Outlook plug-in for Windows users as well as a number of different versions that work for other e-mail clients and operating systems. Operating System: OS Independent.


5.) ClamAV

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

Undoubtedly the most widely used open-source anti-virus solution, ClamAV quickly and effectively blocks Trojans, viruses, and other kinds malware.

The site now also offers paid Windows software called “Immunet,” which is powered by the same engine. Operating System: Linux.

6.) ClamWin Free Antivirus

Replaces Kaspersky Anti-Virus, McAfee AntiVirus Plus, Norton Anti-Virus

If you’re looking for a free version of Clam for Windows, this is the way to go. It’s used by more than 600,000 people on a daily basis and integrates with Outlook and Windows Explorer.

Note however, that it doesn’t have an automatic real-time scanner—you have to click on individual files in order to scan them. Operating System: Windows.


7.) Nixory

Replaces Webroot Spy Sweeper, SpyBot Search and Destroy, AdAware

Nixory removes malicious cookies that you might have picked up while browsing the Web with Internet Explorer, Firefox or Chrome.

The latest release includes a lightweight real-time scanner that deletes cookies while you surf. Operating System: OS Independent.

Application Firewall

8.) AppArmor

Replaces: Barracuda Web Application Firewall, Citrix NetScaler Application Firewall,

Included in both openSUSE and SUSE Linux Enterprise, Novell’s application firewall aims to secure Linux-based applications while lowering IT costs.

Key features include reports, alerts, sub-process confinement, and more. Operating System: Linux.

9.) ModSecurity

Replaces: Barracuda Web Application Firewall, Citrix NetScaler Application Firewall,

The “most widely deployed WAF (Web Application Firewall) in existence,” ModSecurity protects applications running on the Apache Web server.

It also monitors, logs, and provides real-time analysis of Web traffic. Operating System: Windows, Linux.


10.) Areca Backup

Replaces: NovaBackup

Designed to be both simple and versatile, Areca lets you choose which files to back up, set up a schedule and determine what type of backup to perform (incremental, differential, full or delta). Notable features include compression, encryption, as-of-date recovery and more. Operating System: Windows, Linux.

11.) Bacula

Replaces: Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

Enterprise-ready Bacula backs up multiple systems connected to a network.

Users often say that it is easier to set up than similar commercial programs, and it can write to many different types of storage media. Operating System: Windows, Linux, OS X.

12.) Amanda

Replaces: Simpana Backup and Recovery, NetVault, HP StorageWorks EBS

The “most popular open source backup and recovery software in the world,” Amanda backs up the data from more than half a million desktops and servers.

In addition to the free community version, it’s also available in a supported enterprise version, as an appliance or in the cloud through Zmanda. Operating System: Windows, Linux, OS X.

13.) Partimage

Replaces: Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com

Partimage is particularly useful if you need to recover from a complete system crash or if you need to install multiple images across a network.

It’s very fast and can restore to a partition on a different system. Operating System: Linux.

Browser Add-Ons

14.) Web of Trust (WOT)

Replaces: McAfee SiteAdvisor Plus

Web of Trust describes itself as “the world’s leading community-based, free safe surfing tool.”

It’s very similar to SiteAdvisor, providing a traffic light-like symbol that shows you the trustworthiness of a site before you click.

It works with all major browsers, including Firefox, Internet Explorer, Chrome, Safari and Opera. Operating System: Windows, Linux, OS X.

15.) PasswordMaker

Replaces Kaspersky Password Manager, Roboform

If you struggle to create and remember unique passwords for all the sites and services you use, PasswordMaker can help.

With this tool, you only need to remember one master password. And unlike other password management systems, this plug-in doesn’t save your passwords in a database anywhere, so it’s even more difficult for someone to figure out your login credentials. Operating System: Windows, Linux, OS X.

Data Removal

16. BleachBit 

Replaces Easy System Cleaner

BleachBit frees up extra space on your hard drive while protecting your privacy by erasing your cookies, temporary files, history, logs and other junk.

It also includes a “shredder” that completely erases all traces of files you have deleted. Operating System: Windows, Linux.

17. Eraser 

Replaces BCWipe Enterprise

Just because you’ve deleted a file doesn’t mean it’s actually gone from your system.

Eraser thoroughly eliminates data you don’t want by writing over it several times with random information. Operating System: Windows

18. Wipe 

Replaces BCWipe Enterprise

Very similar to Eraser, Wipe provides the same functionality for Linux users. This site also provides a little bit more technical detail about the process in case you’re curious about how it works and want to drill down into the geeky details. Operating System: Linux.

19. Darik’s Boot And Nuke 

Replaces Kill Disk, BCWipe Total WipeOut

Before you recycle or donate old systems, it’s a good idea to delete all the data on your drives. Darik’s Boot and Nuke (DBAN for short) shreds all data on any drives it can detect. Operating System: OS Independent.

Data Loss Prevention

20. OpenDLP 

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

OpenDLP scans your network and identifies sensitive data at rest on your Windows systems.

In includes both a Web app, which lets system administrators or compliance officers deploy the tool and view reports, and a client, which runs inconspicuously on end users’ systems. Operating System: Windows.

21. MyDLP 

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

The creators of MyDLP strongly imply that if the U.S. government had installed their software, it could have prevented the WikiLeaks scandal.

It detects and protects sensitive data from being transmitted, and it installs in just 30 minutes. Operating System: Windows, Linux, VMware.


22. AxCrypt 

Replaces McAfee Anti-Theft, CryptoForge

The “leading open source file encryption software for Windows,” AxCrypt has been registered by more than 2.1 million users.

It’s particularly easy to use—simply right-click to encrypt and double-click to de-crypt. Operating System: Windows.

23. Gnu Privacy Guard 

Replaces PGP Universal Gateway Email Encryption, Cypherus

Based on OpenPGP, “GPG” allows users to encrypt and sign digital communication.

This is a command-line version, but several other projects offer graphical implementations of the same engine (see below). Operating System: Linux.

24. GPGTools 

Replaces , Cypherus This is a nice version of GPG for Mac users. Operating System: OS X.

25. gpg4win 

Replaces , Cypherus

And, as you probably guessed, this is a version of GPG for Windows. This one comes with excellent documentation. Operating System: Windows.

26. PeaZip 

Replaces WinZip

Technically, PeaZip isn’t an encryption tool; instead, like WinZip it’s a compression and archiving tool.

However, like WinZip, PeaZip includes encryption capability, and PeaZip reads and writes more formats than its commercial counterpart. Operating System: Windows, Linux.

27. Crypt 

Replaces McAfee Anti-Theft, CryptoForge

Lightweight and ultra-fast, Cyrpt encrypts and decrypts Windows files with minimal fuss. In fact, you don’t even have to install it on your system in order to use it. Operating System: Windows.

28. NeoCrypt 

Replaces McAfee Anti-Theft, CryptoForge

Like AxCrypt, NeoCrypt supports right-click encryption directly from Windows Explorer (however, it does not support Windows 7).

It offers users a choice of 10 different encryption algorithms and includes batch encryption capabilities. Operating System: Windows.

29. LUKS/Cryptsetup 

Replaces PGP Whole Disk Encryption

“Linux Unified Key Setup” or “LUKS” provides a standard format for hard disk encryption that works on all Linux distributions. The cryptsetup project makes LUKS usable on the desktop. Operating System: Linux.

30. FreeOTFE 

Replaces PGP Whole Disk Encryption

This tool creates virtual disks on your system that encrypt all data stored there.

It’s easy to use, and can even be run from a thumb drive. Operating System: Windows.

31. TrueCrypt 

Replaces PGP Whole Disk Encryption

If you want to encrypt your entire drive or a partition of a drive (not just a few files or folders), TrueCrypt does the job for you.

Its popularity continues to grow, and it has now been downloaded more than 17 million times, up from around 14 million downloads a year ago. Operating System: Windows.

Secure File Transfer

32. WinSCP 

Replaces CuteFTP, FTP Commander

Downloaded more than 40 million times as of last November, WinSCP is a very popular SFTP, FTP, and SCH client. Note that it offers a file transfer client only (no server version). Operating System: Windows.

33. FileZilla 

Replaces CuteFTP, FTP Commander

If you’d like to set up your own SFTP, FTP or FTPS file server, FileZilla makes it easy. It also offers a client version of the software .

Note that while the client version works on all operating systems, the server is for Windows only. Operating System: Windows, Linux, OS X.



Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

Although it hasn’t been updated in several years, the Open Digital Evidence Search and Seizure Architecture, aka “ODESSA,” offers several different tools that can be useful in analyzing digital evidence and reporting on findings.

The site also offers several white papers related to the topic. Operating System: Windows, Linux, OS X.

35. The Sleuth Kit/Autopsy Browser 

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

The Sleuth Kit includes a set of digital investigation tools that run from the command line.

For those that prefer a graphical interface, the Autopsy Browser provides a front-end to the tools. Operating System: Windows, Linux, OS X.

Gateway/Unified Threat Management Appliances

36. Endian Firewall Community 

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

With Endian Firewall Community, you can turn any PC into a Unified Threat Management appliance.

It includes firewall, antivirus, anti-spam, content filtering and a VPN. The company also sells pre-configured appliances and supported versions of the software. Operating System: Linux.

37. Untangle Lite 

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Like Endian, Untangle offers free software that you can use to create your own multi-function Unified Threat Management appliance.

Untangle also offers preconfigured appliances, as well as paid versions of the software with support and additional features. Operating System: Linux.

38. ClearOS 

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Designed for smaller organizations, ClearOS combines network server functionality with a gateway appliance.

In addition to anti-spam, anti-virus and the other usual assortment of security software, it includes multi-WAN, groupware, database, Web server software and more.

Support and additional services are available for a fee. Operating System: Linux.

39. NetCop UTM 

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

NetCop describes itself as “an identity-based UTM with stateful inspection firewall, antivirus, web cache, content filter, IPS/IDS, WANLink load balancer, bandwidth limiter, anonymous proxy blocker, WiFi hotspot manager, SSL VPN manager, and much more!

It’s free for up to five concurrent users or available in paid SME or Enterprise versions. Operating System: Linux.

Intrusion Detection

40. Open Source Tripwire 

Replaces Tripwire

Tripwire alerts IT when changes have been made to specific files connected to the network, helping them to detect intrusions.

The standard version of Tripwire is no longer an open source project, but the community-developed version is based on the original project code. Operating System: Windows, Linux.

41. AFICK 

Replaces Tripwire

Another File Integrity Checker, or AFICK, offers very similar functionality to Tripwire. It was designed to be portable and easy-to-install. Operating System: Windows, Linux.

Network Firewalls

42. IPCop 

Replaces Barricuda NG Firewall, Check Point Appliances

Designed for home or home office users, IPCop turns any basic PC into a Linux-based firewall to protect your network.

It can be accessed and maintained via a Web interface and includes some good documentation, so it’s fairly easy to use. Operating System: Linux.

43. Devil-Linux 

Replaces Barricuda NG Firewall, Check Point Appliances

Originally designed as another Linux-based network firewall, Devil-Linux can now also serve as an application server.

It can boot and run from a CD-ROM or a USB thumb drive. Operating System: Linux.

44. Turtle Firewall 

Replaces Barricuda NG Firewall, Check Point Appliances

This IPtables firewall also lets you create your own network firewall from an existing PC. To set it up, you can either edit an XML document directly or use an easy Web-based interface. Operating System: Linux.

45. Shorewall 

Replaces Barricuda NG Firewall, Check Point Appliances

Also known as “Shoreline Firewall,” Shorewall provides a tool for configuring Netfilter. You can use it to create your own network firewall or gateway appliance or to protect a standalone Linux system. Operating System: Linux.

46. Vuurmuur 

Replaces Barricuda NG Firewall

This iptables-based firewall can be used to create simple or very complex firewall configurations.

Key features include remote administration via SSH, traffic shaping and powerful monitoring capabilities. Operating System: Linux.

47. m0n0wall 

Replaces Barricuda NG Firewall

Like most of the other apps in this category, m0n0wall allows you to create your own firewall, but unlike most of the other firewalls here, this one runs on FreeBSD, not Linux. It occupies just 12MB and can be loaded from a compact flash card or a CD. Operating System: FreeBSD.

48. pfSense

Replaces Barricuda NG Firewall

This project is a fork of m0n0wall. While m0n0wall was created to be used on embedded hardware, pfSense was designed to make it easier to use on a full PC.

It’s been downloaded more than 1 million times and protects networks of all sizes from home users to large corporations. Operating System: FreeBSD.

49. Vyatta 

Replaces Cisco products

Vyatta actively markets its products as an alternative to Cisco, and even offers a comparison chart on its site.

The “core” open source software can be used to create your own firewall/networking appliances, or you can purchase supported versions of the software or pre-built hardware appliances. Operating System: Linux.

Network Monitoring

50. Wireshark 

Replaces: OmniPeek, CommView

The self-proclaimed “world’s foremost network protocol analyzer,” Wireshark has won quite a few awards and become a standard in the industry.

It allows users to capture and view the traffic on their networks. Operating System: Windows, Linux, OS X.

These command line tools provide packet capture (libpcap) and analysis (tcpdump) capabilities. It’s a powerful tool, but not particularly user-friendly. Operating System: Linux.

51. tcpdump/libpcap 

Replaces: OmniPeek, CommView,

52. WinDump 

Replaces: OmniPeek, CommView

WinDump ports the tcpdump tools so they can be used on Windows systems. The project is managed by the same company that owns Wireshark. Operating System: Windows.

Password Crackers

53. Ophcrack 

Replaces Access Data Password Recovery Toolkit, Passware

For those occasions when passwords can’t be recovered any other way, Ophcrack can help systems administrators figure out lost passwords.

It uses the rainbow tables method to crack passwords, and it can run directly from a CD. Operating System: Windows.

54. Access Data Password Recovery Toolkit, Passware

John the Ripper excels at cracking weak Unix passwords. To use it, you’ll need a list of commonly used passwords.

You can buy password lists or enhanced versions of the software from the site. Operating System: Windows, Linux, OS X.

Password Management

55. KeePass Password Safe 

Replaces Kaspersky Password Manager

Instead of struggling to remember dozens of different passwords or, even worse, using the same password all the time, you can remember just one master password while KeePass stores the rest in a secure database.

It’s lightweight and easy-to-use, so it won’t slow you down. Operating System: Windows.

56. KeePassX 

Replaces Kaspersky Password Manager

Originally, this project ported KeePass so that it could be used with Linux. Now, it supports multiple operating systems and adds a few features not in the original KeePass. Operating System: Windows, Linux, OS X.

57. Password Safe 

Replaces Kaspersky Password Manager

Password Safe offers the same functionality as KeePass, plus you can create multiple databases for different types of passwords or different people who use the same system.

It’s also available in a thumb-drive version for a fee. Operating System: Windows.

User Authentication

58. WiKID 

Replaces Entrust IdentityGuard, Vasco Digipass, RSA’s SecurID

Designed to be less-expensive than solutions that require hardware tokens, WiKID uses software tokens to provide two-factor authentication.

In addition to the free community version, it’s also available in an enterprise version that’s priced per user. Operating System: OS Independent.

Web Filtering

59. DansGuardian 

Replaces McAfee Family Protection NetNanny, CyberPatrol

DansGuardian runs on a Linux or OS X server to block objectionable content from any PC connected to the network (including Windows PCs).

It uses URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering and POST limiting to block pornography and other content that you don’t want your children or employees accessing. Operating System: Linux, OS X.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Bobby

Bobby Lawson is a seasoned technology writer with over a decade of experience in the industry. He has written extensively on topics such as cybersecurity, cloud computing, and data analytics. His articles have been featured in several prominent publications, and he is known for his ability to distill complex technical concepts into easily digestible content.