• United States



by Joseph Guarino, CISSP, LPIC

5 ‘Great’ Open-source Desktop Security Applications

Mar 26, 20104 mins
Application SecurityMobile SecurityNetwork Security

Security practitioner Joseph Guarino lists five security desktop tools that will make your security program much more effective.

Contributions from free and open software makers can be found throughout the tech world. From your datacenter to the desktop and everywhere in between; there’s an open solution to your computing needs. This is no less true in information security. My focus in this article is the several outstanding information security desktop tools that personify the innovation and ingenuity of the FOSS (Free and Open Source Software) world. Please keep in mind that all of these applications (except one) are cross-platform so you can find appropriate versions on whatever you run (BSD, Mac OSX, Linux or Windows). The examples herein, however, will be catered to the largest install base (statistically): Microsoft Windows.

GnuPG & Gpg4win

GNU Privacy is a free software encryption application that is a product of the Free Software Foundation’s GNU Software project. GnuPG provides a complete free software implementation of the OpenPGP standard RFC4880, making it interoperable with other OpenPGP complaint systems. Out of the box GnuPG provides a command line interface (CLI) with numerous optional graphical add-ons available for nearly all platforms. On Windows, there is Gpg4win, which is a unified set of graphical tools on top of GnuPG (command-line based). Featured packed, it offers all the options of GnuPG plus integration into Explorer for file encryption, a certificate manager application, a plug-in for Microsoft Outlook, and even a full-blown version of Clawsmail with the plug-in for GnuPG installed.

ClamAV & ClamWin

ClamWin is a lightweight and simple open source software anti-virus program for Windows. It features automatic updates, a schedule scanner, integration into context menu of Windows Explorer and even a Microsoft Outlook add-on. ClamWin is based on the ClamAV engine, which is an open source anti-virus package catered to e-mail gateways on Unix/Linux. This scanner is very light on systems resources and can be run in conjunction with other malware detection suites, as I often do. No anti-malware suite is perfect but this light and stable protection helps in a world of ever present and evolving malware.


KeePass is an open source, secure password management utility. It replaces those uber-secure sticky notes littered with passwords that you have around your monitor (let’s hope you don’t) with a simple yet sound application to securely store them. Unlike those sticky notes, passwords are AES or Two-fish encrypted in a database file. Keepass is feature rich with the ability to import and export, auto type, drag and drop support, a password generator and numerous add-ons to further extend its functionality.


PeaZip is a sleek open source file and archive manager that supports a wide array of compression and encryption standards. It provides many helpful security features such as two-factor authentication, secure deletion, checksum and hash verification and WinZip’s, PKZip’s and 7’s AES256 encryption, to name a few. PeaZip is a simple, sleek feature packed archive manager I recommend for any desktop.


As we all know the delete key is hardly effective or secure. Data retention is a very real concern for the security minded. Eraser is a Windows only secure data removal tool that supports a myriad of secure removal methods such as Guttman, US DoD 5220.22.M and Schneirer. With Eraser, you can erase individual files or folders, unused disk space, or the contents of the recycling bin with a simple point-and-click interface. Integration into the context menu of Windows Explorer allows for easy access to this powerful tool with a quick right click. It’s highly configurable scheduler helps keep you secure by automating this process for you. The one weakness of this application is that it’s only available for Windows, but hopefully ports to Linux, Mac OS X, Unix and BSD will be forthcoming.

I hope you will take time to try these applications for yourself. Don’t take my word for it, try them yourself. At $0.00 what are you going to lose? If you do find them useful, please consider paying it forward with a donation or other contribution to the projects.

Joseph Guarino is the owner and senior consultant at EvolutionaryIT and is based in Boston.