Who doesn't like free stuff? There's a long tradition of free or open-source security tools, and one of the best sites to learn more about them is Security Tools, a running list of what it claims are the 125 best free security tools around.
The Security Tools list, which is maintained by the Nmap Project, is a great spot to search for the best of the free network analysis tools that unfortunately, are used for evil as well as good. It includes the old reliables, such as the multi-platform network protocol analyzer Wireshark, the latest version of which is said to be v.1.10.5 released Dec. 19, 2013, and Aircrack, the 802.11 a/b/g WEP and WPA cracking tool and packet capture offering. But there are also several newer tools, such as Fiddler (the latest version being v.184.108.40.206, released Feb. 20, 2014), which is a web-debugging proxy that can log all HTTP(S) traffic.
Sometimes vendors shepherd open source projects, such as the Snort intrusion detection and protection system, which Cisco gained in its acquisition of Sourcefire. Sourcefire founder Marty Roesch, now with Cisco, started Snort. In a much newer project, Cisco says it's open-sourcing next-generation firewalls through its OpenAppID project.
Another long-time favorite, the Metasploit Framework for developing and testing exploit code, remains open source. But it has also been commercialized by Rapid7, which now owns it.
In all, the sectools.org list contains 22 categories of free security tools, including rootkit detectors from Sysinternals as well as vulnerability scanners (though the better commercial versions come with a price tag). Web scanners can be had for free, too.
Then there's also Microsoft Security Essentials, anti-virus software available for Windows 7 in 33 languages, for small businesses up to 10 PCs. Several anti-malware vendors, such as Malwarebytes, also offer free but limited versions, mainly as an enticement to win new customers of its paid products.
So how well do the "free" versions typically do?
Dennis Technology Labs (DTL), based in Great Britain, over the years has regularly run a series of anti-virus software tests of both paid and free versions like AVAST and AVIRA. Its latest round of anti-virus tests published in December show that commercial products from Kaspersky, ESET and Symantec's Norton were somewhat more accurate than AVAST and AVIRA's free versions that were available last autumn.
In one of DTL's published December test findings, the Avast! Free Antivirus 8, for example, scored a 92% on "total accuracy," AVG Anti-Virus Free 2014 scored 86% and Microsoft Security essentials scored 66%. In this round of tests, the commercial products, by and large, scored better in terms of accuracy. But it's another year, antivirus testing remains controversial, and the latest versions of free antivirus may show something entirely different in the future.
Sign up for MIS Asia eNewsletters.