USB laptop firewall runs Linux

A new firewall product for Windows laptops would generally be greeted with yawns from the Linux community, but the newly announced Yoggie Pico has some features that may be of interest. The Pico is a device that contains a 'security processor' running Linux and whole slew of free and open source security applications in a USB 'key' form factor. The intent is to provide a laptop user on the road the same level of security as they would have behind the corporate firewall.

At its core, the Pico has an Intel CPU, some RAM and two separate banks of flash. At boot time, it copies the read-only version of the software from one bank to the other and runs from the copy; an attempt to ensure that even if the Pico is successfully compromised, a reboot will restore it. A driver is installed on the laptop that snags all network traffic just above the link layer and sends it off to the Pico for filtering. This allows traffic from all network interfaces to be intercepted.

The Pico provides firewall protection and Network Address Translation (NAT) via iptables and runs Snort for intrusion detection/prevention. It also does content filtering of various internet protocols (HTTP, FTP, POP3 and SMTP) to stop viruses, spyware, phishing and spam. It has three proprietary, patent-pending, modules that in some, unspecified way correlate the information gathered by the other security software to detect and thwart previously unknown threats.

If you can believe everything that is said on the website, the Pico will protect a laptop from any known or unknown threat immediately upon plugging it in. One suspects the reality falls somewhat short of the hype. Statements like: 'simply plug it to your laptop and you are completely secure' are at best exaggerated, at worst deceptive; security is a process and a set of tradeoffs, not a destination. How those tradeoffs are administered is glossed over as well; too much configurability can be error-prone, while too little can lead to unusable rigidity.

There certainly is a niche for this kind of protection; laptop security is often the Achilles heel of a company's network security. The Pico driver provides administrators a means to disallow network traffic when the Pico is not present which may help keep laptops from bringing home various ills. As a separate hardware device that does not rely on much from the host OS, the Pico could provide a nice laptop security device; it remains to be seen if its $180-200 price point is attractive.

Yoggie plans to release a driver for Linux (as well as Mac OS X and Windows Vista) sometime soon, but because it is relatively easy to run the same applications on the laptop itself, it may not be a big seller in that (already small) market. Depending on how hackable the device is, there might be a rather larger market for a USB attached computer that can run Linux. It will be interesting to see whether Yoggie stands in the way or actively assists anyone interested in modifying their Pico for purposes other than what the company had in mind. And if Linux hackers can figure out how to 'mod' it and talk to it, with or without Yoggie's help, some very interesting applications could result.

Some rumblings about GPL compliance have been heard in the community (for example see the comments on the LWN announcement). No links to source code could be found on the website; it is possible that the code is shipped with the device though there are indications that is not happening either. From the website, it would appear that the company has been shipping a similar Gatekeeper device with a different form factor and connectivity. It appears to have substantially the same software and one would have hoped that any GPL compliance issues would have been resolved then. An answer to an inquiry about the code is pending, stay tuned.