The adage that "you get what you pay for" doesn't always apply, particularly when it comes to much-needed, highly demanded security products. The bulk of free security products fall into the antivirus bracket, but vendors are releasing other free downloads and services that include rootkits and Trojan scanners, firewalls and other network security tools.
Reasons for a free price tag could range from raising brand awareness to embarking on a global campaign to prevent the spread of malware in areas without heavy security resources. Plus, these products are often accessible, simple to install, and of course, easy on the wallet.
Open-source security products, obviously free as well, are becoming more technologically diverse and sophisticated, on par with some of the most advanced security solutions on the market. In fact, it's not surprising that many commercial products incorporate open-source technology under the hood. Security products are at the top of the "hot" list for impending open-source innovation.
First up are the free security downloads.
Like many free antivirus software products, Avast provides strong protection against viruses and secures emails and chats. It also touts automatic scans and updates, fast speed and a light footprint, while only notifying (read "bugging") the user with occasional alerts. Avast has maintained that it focuses the majority of its resources into R&D and virus research, differentiating it from competitors-which is also likely why it has managed to so often slip under the radar of public awareness.
However, by 2010, this little known Czech Republic-based company had about 130 million registered users, and more than 100 professionals at its headquarters in Prague, as well as a team of distribution partners in all markets.
Avast offers a portfolio of security software for small and midsize businesses to the enterprise in more than 30 languages.
The growing antivirus company says that it detects between 1.1 billion and 1.4 billion pieces of malware per year, a billion of which come from infected Web sites.
Next: AVG Antivirus Free Edition 2011
AVG Antivirus Free Edition 2011
Tried and true, AVG has one of the most widely used free products in the marketplace, offering protection against viruses and spyware.
In fact, AVG, which now claims more than 110 million users, has done the lion's share of its marketing via its free antivirus product in order to develop brand awareness and foster a loyal user base. The latest version of its free antivirus product has additional features such as AVG Social Networking Protection, AVG Protective Cloud Technology and AVG Smart Scanning.
The product is compatible with just about any Windows platform, including Windows 7, and is fast and easy to install. Plus subscribers have access to the company's free technical support and the latest updates.
No doubt, Trojans are a huge threat. Once downloaded, Trojans can wreak havoc on a user's computer by gaining access to personal data and then transmitting credit card and Social Security numbers, as well as other critical information to a server controlled by hackers. Many can evade or disable antivirus and other security software and often times those Trojans are delivered unobtrusively via a socially engineered email.
Subsequently, GFI MailSecurity contains a module that includes a Trojan and Executable scanner, designed to scour emails to determine whether the message contains infected attachments that could possibly download Trojan horses and viruses.
Among other things, the scanner checks for executables that could access FTP protocols, make use of the ICQ UN database or Remote Access Services, or otherwise try to hide itself from the Windows Task Manager.
Kaspersky File Scanner
Kaspersky's File Scanner has the answers for those users who think they've downloaded a suspicious file or malware from a malicious web application.
Users just have to indicate the file they want scanned, and the program is automatically uploaded from their computer to a dedicated server. The file in question is then checked using Kaspersky Anti-Virus. However, only one file of up to 1 MB can be checked at any one time. If there are several potentially suspicious files, users can check them in succession, or create an archive file no larger than 1 MB and check that.
The product is updated every three hours to make sure that the latest viruses get caught.
Kasperksy also is developing a new and improved version of the free Kaspersky Online Scanner, which protects users from myriad online threats.
Microsoft Security Essentials
Microsoft Security Essentials created quite a stir in the security community when it was released in 2008. However, the Microsoft brand that propelled its wide adoption has arguably been integral in underscoring the need for good computer security and fortifying computers around the globe for users who might otherwise go without.
The free Microsoft Security Essentials download, also known as MSE, provides realtime protection for PCs that guard against an array of threats including viruses, spyware and other malicious software.
The software giant bills the product as simple to install, easy to use, and always up to date with the latest antivirus technology. Users can easily tell if they're virus free by the "green" alert, while "red" would indicate the presence of viruses or malware.
Nsauditor Free Port Scanner
Yes, there are even free network security tools, the Nsauditor Free Port Scanner being one of them.
Specifically, the free product is a small and fast port scanner with an easy-to-use interface designed for the Win32 platform. The scanning tool allows users to scan ports on machines in a few seconds and scan on predefined port ranges.
The tool relies on TCP packets to determine available hosts and open ports, as well as the service associated with ports and other ways hackers can use the network as a vector to launch an attack.
Panda Cloud Antivirus
Acknowledged as the first free "in the cloud" security service, Panda Cloud Antivirus delivers instantaneous protection against real-world threats with next to no impact on computer performance. This minimal resource usage is a major benefit of Collective Intelligence, Panda's proprietary technology for automatically collecting and processing millions of malware samples in the cloud instead of locally on the user's PC.
The result is efficient, accurate malware protection that consumes only 15 MB of RAM, compared with 60 MB for traditional signature-based antivirus products. Panda's innovative reverse signature analysis approach, which feeds information about goodware and malware characteristics to the Collective Intelligence database, ensures rapid scanning for the newest and most dangerous malware.
NEXT: PC Pitstop
As the name suggests, PC Pitstop isn't just one product, but an aggregated one-stop shop for an array of free scanning and removal tools.
Included in its portfolio is PC Pitstop Exterminate, which includes a free spyware scan that identifies the latest spyware threats, as well as adware, keyloggers, Remote Access Trojans and browser hijackers. The tool features daily signature updates and a step-by-step wizard format that touts ease of use.
In addition, PC Pitstop also features a free privacy scan that displays personal information stored on a user's PC to help determine how to better protect personal data.
It's one thing to detect viruses. It's another entirely to dig down and weed out the nasty rootkits and Trojans. In fact, often rootkits can remain undetected by antivirus software, especially if they become embedded in the user's system before an antivirus agent can be installed.
U.K.-based Sophos has a free tool that adds an extra layer of protection by helping users scan, detect and remove rootkits hidden in their computers.
The product is equipped to quietly rid a computer of rootkits, even ones previously embedded in a user's computer, without compromising system performance or bogging it down.
Altogether, Sophos Anti-Rootkit supports just about any Windows platform, including Vista and Windows 7, as well as Windows Server 2003 and Windows Server 2008.
As one of the most popular free firewalls, Check Point's ZoneAlarm firewall is a safe bet in the free firewall market.
Using evolving threat data from millions of users around the globe, the ZoneAlarm Firewall features inbound and outbound firewall protection, which detects and blocks behavior of unknown viruses and spyware, while intercepting malicious applications that pose as legitimate software.
New features include antiphishing technology and site checks, as well as Identity Guard that provides credit scores and recovery services to secure a user's identity online. In addition, the firewall quietly and automatically runs in the background, rarely assaulting the user with alerts, and is compatible with established antivirus programs such as AVG or Norton.
NEXT: Now on to the open-source products
It could be thought of as a free, one-stop shop for whitehat hackers interested in exploiting servers, performing web application assessments, or social engineering a client. BackTrack is in fact a Linux-based penetration testing arsenal, dedicated to aiding security professionals perform assessments in a purely native environment dedicated to (whitehat) hacking. The open-source product is dedicated to the penetration tester, but customised for every package, kernel configuration, script and patch.
BackTrack is intended for all audiences ranging from seasoned security professionals to newcomers. Funded by Offensive Security, the tool promotes a quick and easy way to find and update the largest database of security tools.
BackTrack originally started with earlier versions of live Linux distributions, initially conceived to be an all-in-one live CD used on security audits, crafted to leave no traces of itself on the laptop. It has since expanded to being one of the most widely adopted penetration testing frameworks in existence used globally by the security community.
The poster child for antivirus software, Clam AV is an open-source (GPL) antivirus toolkit for Unix, designed to scan email gateways for viruses. It also provides a number of high-end functions including a flexible and scalable multithreaded daemon, a command line scanner and advanced tool for automatic database updates.
At its core is an antivirus engine available in a form of shared library. Among its list of features are on-access scanning, an advanced database updater with support for scripted updates that issues updates multiple times per day. It also features built-in support for various archive formats and almost all mail file formats, as well as built-in support for a range of executables and popular document formats, including Microsoft Office, MacOffice, HTML, RTE and PDF.
Firestarter, a free Linux firewall, can be used as a personal and server-side client. The open-source firewall comes equipped with an easy-to-use interface that can be applied to desktops, servers and gateways. It enables internet connection sharing and allows users to define inbound and outbound access policies, with the option of whitelisting or blacklisting traffic. Capabilities include monitoring traffic and firewall events in realtime, which allows users to view active network connections, including any traffic routed through the firewall.
No doubt, the wireless network serves as the entry point for some of the most common security threats and malicious exploits.
As such, wireless network detector Kismet aims to keep unwanted visitors out. The wireless scanner serves as a sniffer and intrusion detection system, identifying networks by passively collecting packets that detect standard named networks, hidden networks, and the presence of nonbeaconing networks via data traffic.
The open-source product can integrate with any wireless card that supports raw monitoring mode, enabling it to sniff out any malicious traffic. It also supports plugins that enable other media sniffing technologies such as DECT.
Altogether, the detector features a client/server architecture and includes PCAP file logging, multicard and channel hopping support, runtime WEP decoding, hidden SSID decloaking and XML logging, as well as support for Linux, OS X, Widows and BSD.
This open-source vulnerability scanner comes with a slew of high-end features, including high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of the security posture. The scanners can be distributed throughout an entire enterprise, even physically separate networks.
It also touts a Nessus iPhone application, available for free download at the App Store, featuring remote starting, stopping and pausing of network scans as well as the ability to analyse scan results from both the iPhone and iPod Touch. The mobility component aims at improving incident response times by allowing security
professionals to respond to an incident quickly by logging onto a Nessus scanner from their mobile device to find a vulnerability.
Essentially, PuTTY is free implementation of Telnet and SSH client for Windows and Unix platforms, designed to run secure, remote sessions.
Originally, the open-source client was written for Windows but now runs across various other operating systems, including some Unix-like platforms, as well as Mac OS X, in addition to mobile clients Symbian and Windows Mobile.
The latest version of PuTTy, version .60, was recently released, updating myriad bugs. Still in beta, PuTTY was written and is maintained primarily by Simon Tatham. The origins of the name "PuTTY""are not clear, although "tty" is an abbreviation for a terminal in the Unix tradition, short for teletype.
Users might recognize this open-source intrusion detection and prevention product by its signature mascot of a pudgy pink pig. But in actuality, Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger for network traffic debugging, or as a full-blown network intrusion prevention system.
At its core, Snort is an open-source network intrusion prevention and detection system (IDS/IPS), developed by Sourcefire, that combines signature, protocol and anomaly-based inspection. With millions of downloads and approximately 300,000 registered users, Snort is also one of the most widely deployed IDS/IPS technologies worldwide.
Its capabilities include performing protocol analysis and content searching/matching. It can also be used to detect a variety of attacks, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts, among other things.
OK, it sounds like a highly processed liquefied lunch food. But this OS-independent open-source product provides a complete client-side spam filter that can integrate into popular email clients such as Microsoft Outlook, or as an extension for other open-source email clients such as Mozilla Mail and Thunderbird. It can also work as a stand-alone proxy component. Written in Java, the open-source spam filter relies on numerous popular filtration algorithms, including Bayesian and Razor, and works across a multitude of platforms. It can display the amount of blocked spam by geographic regions to give IT administrators added visibility into their network environment.
TrueCrypt is a free open-source software system for establishing and maintaining what its authors call "on-the-fly" encryption, which automatically encrypts or decrypts information right before it is loaded or saved, without any user intervention.
The product can encrypt every file system, such as file names, folder names and file contents, enabling users to only access the encrypted data with a correct password or encryption key. Files can be copied to and from a mounted TrueCrypt volume like any normal disk or drag-and-drop operation. Files can conversely be decrypted on the fly while they are being read or copied from an encrypted TrueCrypt volume.
As an open-source project first developed in 1998, this network protocol analyser is considered by many to be the standard across many industries and educational institutions.
Like its commercial counterparts, Wireshark has the ability to inspect hundreds of protocols and capture live data as well as conduct offline analysis running on Windows, Linux, OS X, Solaris, FreeBSD and NetBSD among others. It also touts a powerful display filter and can read data from just about anywhere, including Ethernet, ATM, Bluetooth, USB, Token Ring and others. Network data can be browsed via a GUI, or via the TTY-mode TShark utility.
Additional capabilities include VoIP inspection, decryption support for a variety of protocols, and the ability to implement coloring rules for the packet list for easy analysis.
In addition, the product can create a virtual encrypted disk within a file, encrypt an entire storage device, such a USB flash drive or hard drive, and encrypt a drive with Windows installed. Encryption is conducted automatically and in realtime, and can be hardware-accelerated on modern processors. Parallelization and pipelining functions allow data to be read and written fast.