Skip to content

Free and Open-Source Security Software Everyone Should Consider Using (Part 1)

Author: John Osborn, OSCP, OSWP

July 2, 2024

In today’s digital age, security and privacy are more important than ever, and as someone who values these principles, I’ve found several free and open-source software (FOSS) tools that have significantly enhanced my online security and privacy with very little effort. In this first part of my series, I will introduce you to a comprehensive list of privacy and security-enhancing tools.

Operating Systems/Firmware

Linux Mint: A User-Friendly and Secure Operating System

Most people who know me also know I am a massive fan of Linux Mint. While Linux Mint is often recommended for beginners, seasoned users like myself still use it because of its rock-solid stability, modern features, and ease of use.

Key Features:

  • The default desktop environment, Cinnamon, is extremely customizable, snappy, and light on resources, idling at about 1 GB of RAM. It is my personal favorite desktop environment and offers too many fantastic features to list here.
  • Mint offers some of the best graphics driver support of any Linux distributions.
  • It offers GUI applications to manage common system maintenance like updates, software installation, or disk partitioning which can be helpful for beginners.
  • Linux Mint offers a built-in firewall and disk encryption.
  • It has a vast repository of open-source applications (based on Ubuntu).
  • It has low system requirements: 2GB RAM and 20GB of disk space.
  • It comes with plenty of useful apps – ranging from document editors, backup tools, printing tools, free TV channels, driver managers, etc.
  • No tracking or telemetry (this is the case for most Linux distributions).

Why I Recommend Linux Mint: Linux Mint offers a seamless transition for those new to Linux while ensuring stability, security, and privacy. It’s a great starting point for anyone looking to move away from proprietary operating systems.

Qubes OS: Security Through Isolation

Qubes OS is a security-focused operating system that uses Xen-based virtualization to compartmentalize different applications and tasks into isolated virtual machines (VMs). This operating system is the opposite of user-friendly, but more than makes up for its steep learning curve with its extreme focus on privacy and security.

Key Features:

  • Isolation of different items into separate VMs (ranging from hardware like USBs, to software like Internet access)
  • Air-gapped secrets management
  • Template-based VM management
  • Integration with various security tools
  • Disposable VMs

Why I Recommend Qubes OS: Qubes OS provides an unparalleled level of security by isolating different activities into separate VMs, minimizing the risk of malware and other security breaches. If you are someone looking for the most secure operating system, this is it.

Firmware

Coreboot: Open-Source Firmware

Coreboot is an open-source firmware platform designed to replace proprietary BIOS/UEFI firmware, providing a faster and more secure boot process for your computer. Note that unless you purchase a computer with coreboot pre-installed, you will likely have to flash the BIOS chip yourself.

Key Features:

  • Fast boot times (many times it boots to the operating system in less than one second)
  • Reduced firmware attack surface via a minimal Trusted Computing Base
  • Customizable and transparent
  • Support for various hardware platforms

Why I Recommend Coreboot: Coreboot’s security, speed, and customizability make it an excellent choice for those who want complete control over their system’s boot process and security.

Browsing and Communication

Tor: Anonymous Browsing

Tor is a free and open-source software that enables anonymous communication by routing your internet traffic through a volunteer overlay network. It helps protect your online identity and privacy.

Key Features:

  • Anonymous web browsing
  • Access to .onion sites
  • Protection against traffic analysis
  • Strong encryption

Why I Recommend Tor: Tor provides a robust solution for maintaining online anonymity and accessing the internet securely, making it a vital tool for privacy-conscious users. This pairs well with something like QubesOS.

Signal: Secure Messaging

Signal is a widely-acclaimed secure messaging app known for its strong encryption and commitment to privacy. It provides end-to-end encrypted messaging, voice calls, and video calls. Several of my friends and family members prefer it over their phone’s default messaging apps because of how easy it is to use.

Key Features:

  • End-to-end and quantum-resistant encryption for messages and calls
  • No ads or tracking
  • Open-source and audited
  • Disappearing messages and screen security features
  • Usernames can be exchanged to keep phone numbers private
  • Excellent phone call and video call quality

Why I Recommend Signal: With its wide array of modern features, users have nothing to lose and everything to gain by using Signal. It combines top-notch security with ease of use, making it an ideal choice for anyone looking to protect their communications.

Element: Secure Group Communication

Element is an open-source messaging app based on the Matrix protocol, providing secure and decentralized communication for individuals and groups.

Key Features:

  • End-to-end encryption
  • Decentralized architecture
  • Rich features including voice and video calls
  • Integration with other services like Microsoft Teams, Slack, Discord

Why I Recommend Element: Element’s focus on security, privacy, and decentralization makes it an excellent choice for secure group communication and collaboration.

Email Solutions

FairEmail: Highly Secure and Customizable Email Solution

FairEmail is an open-source email client that prioritizes privacy and security. It supports multiple accounts and protocols (IMAP, POP3) and offers features such as PGP encryption, phishing protection, and privacy-friendly settings. This email client was actually where I originally learned about tracking images/tracking pixels.

Key Features:

  • Encryption/decryption supported (OpenPGP and S/MIME)
  • Extremely customizable
  • It can reformat messages to prevent phishing
  • FairEmail confirms opening links to prevent tracking and phishing
  • It can attempt to recognize and disable tracking images
  • FairEmail doesn’t have any analytics, tracking, or ads
  • It provides a warning if messages could not be authenticated
  • Lightweight

Why I Recommend FairEmail: FairEmail’s commitment to privacy and its robust security features make it an excellent choice for anyone looking to secure their email communication.

PGP: Secure Email Encryption

Pretty Good Privacy (PGP) is a commonly-used encryption method. It requires a little bit of knowledge on public-key cryptography, but is by far one of the easiest ways to secure communications and files. An added benefit is its ability to provide authenticity of messages which verifies that a message was sent by the claimed sender and not altered in transit.

Key Features:

  • End-to-end encryption
  • Signature validation
  • Widely supported
  • Free and accessible

Why I Recommend PGP: PGP has been around for a while and many paid, commercial products rely on it for encrypted communications. Most of us don’t even know we are using it every day! With a little effort, you can learn to harness its portability to verify messages, encrypt files, emails, and plaintext communications, completely free!

Password Management

KeePassXC: Secure Password Management

KeePassXC is a powerful password manager that helps you store and manage your passwords securely. I have used KeePassXC for several years and love its stability and built-in tools.

Key Features:

  • Passkey support
  • Cross-platform compatibility (Windows, macOS, Linux)
  • Used by default in QubesOS vault
  • KeePassXC supports unlocking the database with a master password, key files, and/or hardware keys
  • Random passphrase generator and random password generation up to 999 characters (with filters)
  • Password health check and Have I Been Pwned integration
  • Automatic clipboard clearing after a customizable duration
  • Database file is encrypted with either the industry-standard AES256 or the Twofish block cipher
  • Browser integration with KeePassXC-Browser

Why I Recommend KeePassXC: With KeePassXC, you can securely manage your passwords without relying on cloud services and make use of its integrated tools to create stronger passwords.

App Store

F-Droid: A Privacy-Friendly App Store

F-Droid is an alternative app store for Android devices, offering only free and open-source applications. It provides a safer environment for downloading apps, free from tracking and proprietary software. It warns users if there are features in an app you may not like, such as relying on proprietary services, requiring excessive permissions, or offering paid versions of the app.

Key Features:

  • Repository of open-source apps
  • No tracking or ads
  • Warning for potentially unwanted features
  • Regular updates and security patches
  • Focus on privacy and freedom

Why I Recommend F-Droid: F-Droid is a must-have for anyone who values their privacy and prefers using open-source applications. It offers a wide range of apps that respect your freedom and data.

Network Security and Privacy

Pi-hole: Network-Wide Ad Blocking

Pi-hole is a network-wide ad blocker that acts as a DNS sinkhole, blocking ads and trackers across all devices on your network. It’s an effective tool for enhancing privacy and reducing unwanted content. It takes a little effort to set up, but there are guides that walk you through exactly how to do this. It is well worth the effort.

Key Features:

  • Blocks ads and trackers network-wide so you don’t need to install browser extensions on every device
  • Provides detailed statistics and dashboards to view network requests
  • Low resource usage
  • Customizable blocklists
  • Excellent documentation

Why I Recommend Pi-hole: Pi-hole is a powerful tool for maintaining privacy and reducing ad exposure across your entire network. It’s easy to set up and offers extensive customization options.

OpenWrt: Secure Routing Firmware

OpenWrt is an open-source firmware for embedded devices, mainly used on wireless routers. It is based on the Linux operating system and provides a fully writable filesystem with package management. This allows for the customization and optimization of router functions beyond what is typically possible with stock firmware.

Key Features:

  • Open-source firmware, which provides transparency and offers users the ability to quickly detect and remediate vulnerabilities
  • Stable and can run for very long periods of time
  • It is very extensible and offers add-ons like ad block, smart queue management, DNS encryption, VPN connectivity, and more
  • Automatically updates
  • Advanced firewall and network monitoring
  • Lightweight by default
  • Improves Wi-Fi with support for higher data rates
  • Can be used to modernize legacy hardware

Why I Recommend OpenWrt: OpenWrt is highly customizable, lightweight, and secure. I appreciate its secure-by-design approach and the way it empowers users by providing full control over their routers. Because it offers an unparalleled user experience, I’d highly suggest using it whenever possible.

 

Advanced Encryption

Shufflecake: Hidden Filesystem Encryption

Shufflecake is a new approach to filesystem encryption that allows for the creation of multiple hidden filesystems within a single disk partition, providing plausible deniability with state-of-the-art encryption.

Key Features:

  • Bleeding edge filesystem encryption with Argon2id as a KDF (Key Derivation Function), AES-GCM-256 as an authenticated cipher, and AES-CTR-256 for data encryption with 128-bit IVs (Initialization Vectors).
  • Support for any filesystem type
  • Works natively on Linux
  • Allows for multiple hidden filesystems
  • Provides plausible deniability

Why I Recommend Shufflecake: While Shufflecake is still considered experimental software, it boasts some excellent benefits and will likely make its way to Linux’s default disk encryption formats. Even in its infancy stage, Shufflecake provides several benefits over other types of plausible-deniability encryption methods to offer superior protection. If you are serious about encryption, consider checking this out.

Conclusion

These tools are just the beginning of what free and open-source software can offer in terms of security and privacy. By integrating them into your digital life, you can take significant steps towards protecting your data and maintaining your privacy with very little effort. Stay tuned for the next part of this series, where I’ll delve into more FOSS tools that can help you secure your online presence.

 

QubesOS and Shufflecake artwork is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).

Summit is not affiliated with OpenWrt. OpenWrt is a registered trademark owned by Software Freedom Conservancy (SFC).

Share This Post

Related Articles

Business can not wait

Web developers, it is time to add another item to your security checklist: mutation cross-site...

Navigating the Muddy Waters of CMMC

The adage “trust but verify” is a principle that emphasizes the importance of verifying the...

Hands of robot and human touching virtual AI brain data creative in light bulb. Innovation futuristic science and artificial intelligence digital technology global network connection.

The adoption of Large Language Models (LLMs) has increased at an alarming rate ever since...