Pros & Cons
-
- Security applications run in a completely separate Linux-based computer and monitor all network connections.
- Very accurate spam filtering.
- Includes a one-year subscription to Kaspersky AntiVirus.
-
- Antivirus/Antispyware protection applies only to HTML/FTP/POP3/SMTP traffic, not local network or drives.
- No whitelist/blacklist either for spam filtering or Web filtering.
- Missed most malware in testing.
Yoggie Pico Personal Specs
| OS Compatibility: | Windows Vista |
| OS Compatibility: | Windows XP |
| Type: | Personal |
If you work at a large company, your Internet connection is probably filtered by server-based security software before anything reaches your desktop. The gateway server strips spam from the incoming POP3 e-mail stream and blasts viruses as they sail in on the HTML or FTP stream. A server-based content filter may even balk your attempts to check baseball scores when you should be working (oh well!). The great thing is, all this protection happens on some other computer, so it doesn't slow you down. Now the Yoggie Pico Personal brings this kind of protection to your own desktop or laptop; no corporate network required.
The Yoggie (pronounced YOH-gee—like the bear or the catcher) Pico Personal is a complete Linux-based computer with a Pentium 3 equivalent processor, but it's the size and shape of a USB thumb drive. Once you install its driver and plug in the device, it processes all network traffic. Thirteen security applications from well-regarded vendors such as Kaspersky, Sourcefire, Mailshell, and SurfControl run on the Yoggie device and filter out problems at the network level. The security applications aren't running on your computer, so they can't interfere with other processes or slow down the system. And hack attacks crash and burn when they hit the Pico.
For added security, the driver blocks all network activity if the device isn't plugged in. During installation you define an emergency password that lets you disable Yoggie's protection if necessary. That way, if you lose or break the device, you can regain network access. Be sure to use a strong password here and store it somewhere safe.—
Managed Care
To communicate with the Pico, you access its management console through the browser. A Yoggie icon in the system tray shows the device's status and provides access to the console; you can also simply type the console's address into your browser. A simple status page shows a running total of protection events categorized as Firewall, Intrusion Detection/Prevention, or Malware, along with a separate indicator for events in the last 15 minutes. And a big gauge summarizes all recent activity as low, medium, or high risk.
If you dig deeper, you can view sharp-looking charts of recent protective activity in different areas. A security log lists event details, optionally filtered by type. Alas, in the current version, the option to Export the log to a file is broken. The management console also provides access to a handful of settings—you can enable or disable spam filtering and Web filtering and set the overall security level. Advanced settings let you turn off protection for specific network protocols or change the response to specific intrusion events, but most users should leave these settings alone.—
Not the Usual Firewall
Yoggie's firewall is strictly a barrier against outside attack. It doesn't include the program-control feature that's so prominent in software-based firewalls. It will never pop up a query asking whether such-and-such a program should be given Internet access. In fact, it doesn't know anything about the processes running on your computer, since its own protective processes live on a completely separate system. But no matter what network you're connected to, whether it's your own home network or the Wi-Fi connection in a seedy Internet café, the device processes all network traffic before letting it through to your system.
The firewall analyzes network traffic from several different viewpoints looking for attacks and exploits. It stealths your system's ports, just as a software firewall does, and it uses stateful packet inspection to limit incoming network traffic to packets that your system requested. If the IDS/IPS (intrusion detection/prevention system) detects an HTML exploit, it blocks access to the offending page.
To verify the Yoggie firewall's protection, I ran the same Web-based tests that I would for a software firewall. As expected, it passed most of the tests. But Gibson Research's "ShieldsUp!" test showed ports 0 and 1 closed but not stealthed, which is unusual. And the Pico failed the Stealth Test at PC Flank (www.pcflank.com). Yoggie tech support verified these findings and quickly released a firmware update that brought the results into line, stealthing the ports. Still, it was a bit disconcerting.
I collected a handful of sites actively hosting exploits of various kinds and tried visiting them under the Pico's protection. It visibly blocked a malicious drive-by download on one site, but seemed to let the others pass. On checking the Pico's log, though, I found it had "defanged" the exploits, blocking access only to the malicious content. You'll definitely want to check the logs from time to time, because the firewall doesn't pop up alerts or otherwise boast about its own cleverness.
As noted, the Pico's security software doesn't include a program-control element, much less protection against "leak test" techniques that attempt to get around normal program control. Just for the heck of it I ran a dozen leak-test programs anyway. As expected, it ignored almost all of them because they aren't actually doing anything malicious. In that attitude it's similar to Norton Internet Security 2007, which ignored leak tests because they are just tests, not actual malware.
I always do my best to break a firewall's protection using techniques that could be applied by malicious software, but I couldn't do a thing against the Pico. It was completely immune to all my standard attacks. I couldn't even turn off its protection by sending fake mouse-clicks, since disabling protection requires a password. And any attempt to disable it by attacking its network connection (the only point of exposure) completely disabled all network access, the same as if I unplugged the device. It's hardware-tough!—
Simple Spam, Man
The Yoggie Pico Personal filters all POP3 e-mail traffic using technology licensed from Mailshell and assigns each message a spam score. If it determines that a particular message is spam, it prefixes the subject with [SPAM]. Messages with a significant but lower spam score get marked [Probably SPAM], and those identified as fraudulent are marked [PHISHING]. You can turn spam filtering on or off—there are no other user-configurable settings. It doesn't matter what e-mail client you use, as the filtering happens at the network level. Conversely, no matter what client you use, you'll have to define a message rule manually to divert spam messages into their own folder.
I let the device filter about 1,200 messages from a real-world spam-infested e-mail account and then double-checked its decisions. Over half the messages were flagged as spam, and exactly one of those was a valid message. And that one mismarked message was a very short one shared through a Yahoo! Groups e-mail list. A couple of similar messages were marked as probably spam. Given that some software antispam solutions throw 10 percent, 20 percent, or even more of your valid mail into the spam folder, this is truly impressive. Less than 10 percent of messages that got through to the inbox were actually spam. That's a fine result, given the almost total lack of false positives.
On the other hand, there's no option to whitelist specific senders or domains to make sure they never get blocked as spam. The Pico doesn't know anything about your e-mail client or your address book. If your e-mail client has sufficiently powerful rules capability, you may be able to define an exception for messages coming from addresses found in your Address Book, for example setting up a rule to "Move all messages with [SPAM] in the subject—except messages from people in your Address Book—to my Spam folder." Microsoft Outlook has this capability; Outlook Express does not. Depending on your e-mail client, you may need to scan the spam folder carefully before deleting messages.—
Merely Content Filtering
Yoggie uses Web categories from SurfControl to power its Web filtering feature; you just check off the ones you want blocked. Now, all HTML traffic from sites matching those categories will be blocked, replaced by a warning message indicating which banned category the site matched. It's completely browser-independent; the blocking occurs at the network level.
Most content filtering applications let you whitelist a particular site even though it matches a blocked category or blacklist a site regardless of category; the Pico can't do this. And its list of 40-plus categories shows up with no particular order or organization. It's truly primitive content filtering. Fortunately, few users actually need this feature. —
Hyper-Focused Virus and Spyware Protection
Yoggie's antivirus and antispyware protection is strictly network-based. It stops malware from coming into your computer via Web sites or e-mail. If you bring in a virus on an infected floppy disk or thumb drive, the Pico won't scan it. If you transfer it from another system on your local network, again the Pico won't scan it. Most users will feel a bit exposed by that limited level of protection, so Yoggie has included on the installation CD a copy of Kaspersky AntiVirus with an option to get a year's subscription free by contacting Yoggie tech support.
I found it singularly difficult to test the Pico's protection using my standard set of sample malware. As noted, files already on the system and files brought in on a removable drive don't get scanned. Files transferred across the local network don't get scanned, either, as the device filters specific network protocols—HTML, FTP, POP3, SMTP—but not your local network traffic. Fortunately, I always choose samples that can be downloaded directly from the Internet—I don't accept samples supplied directly by security vendors. The malware URLs do tend to "go bad" after a while, but I tried redownloading all those that were still valid. Then I attempted to e-mail each sample to myself, giving the device a chance to catch it either in the outgoing or incoming e-mail stream. The results were not impressive. It blocked less than half of my spyware, adware, and Trojan-horse samples and didn't block any of the rogue antispyware samples or the commercial keyloggers. For complete protection, you'll definitely want to run the supplied copy of Kaspersky AntiVirus or your own favorite AV product.
The added security supplied by the Yoggie Pico Personal is definitely effective (and expensive). The Pico grabs all network traffic and cleans it up before letting the system get hold of it, like a standalone gateway security server in a corporation. You can rely on its spam server and firewall, but you'll want to retain local security software for full protection against viruses and spyware.
More Security Reviews:
Final Thoughts
Yoggie Pico Personal
Corporate networks have gateway servers that put a firewall around all network traffic and filter out viruses and spam. The Yoggie Pico Personal brings that kind of hardware-based protection to your individual PC. It's an added layer of protection, but it doesn't replace a software security suite.