Open Source Security

I am a firm believer, especially after listening to many episodes of Steve Gibson’s Security Now podcast, that open-source security, as against closed proprietary security, is the way to go.  I know that there are many who would contest this argument, citing that a naked source code would lead to more hacker exploits, but it is precisely this level of transparency that enables us to be assured that there are no backdoors in the code. I still believe that people are fundamentally good, or at least that there are more “good” people than “evil” people, and thus any vulnerability will be more likely fixed rather than exploited.

Having said that, my problem is that I can’t seem to find enough open-source security tools.  There is ClamWin, an open-source anti-virus software, which I have recently migrated to.  Then there is Truecrypt, which I recently installed and am now using to encrypt any data that I store in USB flash drives or in CDs.  The reason why I use Truecrypt is because I tend to be very forgetful and I tend to misplace USB flash drives.  Truecrypt is so elegantly designed that I forget that it is even working. 

But I still can’t find any trustworthy open-source firewall or spyware blocker…

For more technology news and gadget reviews, follow us on Facebook, Twitter and Instagram
  • This is probably because you are using MS Windows. In the case of firewall software, Linux has netfilter built-in, BSD has ipfw built-in in so there is no real reason to create a separate tool. Consequently, there is no reason to come up with a MS Windows version. Same thing goes with spyware.

    Btw, you are better off with GPG for your PKI needs. At least, this is PGP complianct which is a widely accepted security standard. Truecrypt only provide symmetric key encryption. This means if your password/key leaks then you are in trouble. But, truecrypt is pretty well polished.

    Anyway, here is a site of Open Source Windows software. There is a large list of open source firewall and security products here. However, most of them are not very polished.

  • reactor

    I don’t believe that Linux/Unix is superior to Windows or Windows is to Linux/Unix. I used to run both, Windows and Linux servers, they’re all subjects of attacks. I rest the stability/security/functionality of an Operating System to it’s system administrator, get a bad one and the problem is multiplied. I like Linux on the server through, since with proper configuration of it’s firewall and continuous updating of its software, it should stand most attacks.

  • About the number of software available: it’s probably because security software developers doing it “for the love” would rather do it in an easier OS to develop for. Writing low level C code is much easier in Linux and other Unix heritage systems, than in Windows.

  • if you can’t block it try “Hi-jack this” to remove it.

  • “Hijack this” isn’t open-source…