A new firewall product for Windows laptops would generally be greeted
with yawns from the Linux community, but the newly announced
Yoggie Pico has some features that may
be of interest. The Pico is a device that contains a 'security processor'
running Linux and whole slew of free and open source security applications
in a USB 'key' form factor.
The intent is to provide a laptop user on the road the same level of security
as they would have behind the corporate firewall.
At its core, the Pico has an Intel CPU, some RAM and two separate banks of
flash. At boot time, it copies the read-only version of the software from
one bank to the other and runs from the copy; an attempt to ensure that
even if the Pico is successfully compromised, a reboot will restore it.
A driver is installed on the laptop that snags all network traffic just above
the link layer and sends it off to the Pico for filtering. This allows
traffic from all network interfaces to be intercepted.
The Pico provides firewall protection and Network Address Translation (NAT)
via iptables and runs
Snort for intrusion detection/prevention.
It also does content filtering of various internet protocols (HTTP, FTP,
POP3 and SMTP) to stop viruses, spyware, phishing and spam. It has three
proprietary, patent-pending, modules that in some, unspecified way correlate
the information gathered by the other security software to detect and
thwart previously unknown threats.
If you can believe everything that is said on the website, the Pico will
protect a laptop from any known or unknown threat immediately upon plugging
it in. One suspects the reality falls somewhat short of the hype. Statements
like: 'simply plug it to your laptop and you are completely secure' are
at best exaggerated, at worst deceptive; security is a process and a set of
tradeoffs, not a destination. How those tradeoffs are administered is
glossed over as well; too much configurability can be error-prone,
while too little can lead to unusable rigidity.
There certainly is a niche for this kind of protection; laptop security
is often the Achilles heel of a company's network security. The Pico
driver provides administrators a means to disallow network traffic when the
Pico is not present which may help keep laptops from bringing home various
ills. As a separate hardware device that does not rely on much from the
host OS, the Pico could provide a nice laptop security device; it remains
to be seen if its $180-200 price point is attractive.
Yoggie plans to release a driver for Linux (as well as Mac OS X and Windows
Vista) sometime soon, but because it is relatively easy to run the same
applications on the laptop itself, it may not be a big seller in that
(already small) market. Depending on how hackable the device is, there might
be a rather larger market for a USB attached computer that can run
Linux. It will be interesting to see whether Yoggie stands in the way or
actively assists anyone interested in modifying their Pico for purposes
other than what the company had in mind. And if Linux hackers can figure
out how to 'mod' it and talk to it, with or without Yoggie's help, some very
interesting applications could result.
Some rumblings about GPL compliance have been heard in the community (for
example see the
comments on the LWN
announcement). No links to
source code could be found on the website; it is possible that the
code is shipped with the device though there are indications that is
not happening either. From the
website, it would appear that the company has been shipping a similar
Gatekeeper device with
a different form factor and connectivity. It appears to have
substantially the same software and one would have hoped that any GPL
compliance issues would have been resolved then. An answer to an inquiry
about the code is pending, stay tuned.
to post comments)