With the large variety of malware and attack surfaces for systems on public networks, protecting your laptop is a critical aspect of working on the road.  Keeping out viruses, spam, spyware and other attacks generally requires several different applications, either from a “security suite” package or individual apps from several sources.  Yoggie, an Israeli-based security company, addresses this need from a very different angle.  They provide a USB (or PC Card) security appliance: full security in a dongle the size of a normal USB thumb-drive.  The appliance promises an integrated hardware firewall as well as complete security protection, and it does so without installing the bloat-ware that most security suites seem to have become.  I took the Gatekeeper Pico for a test drive the past few days, with mixed results.

The device arrives as promised, with almost zero software to install on your local machine.  That is a great benefit, preventing the scanning process from taking over your machine and killing the performance.  I connected the device, installed the driver and hit my first snag.  A quick reinstallation of the software cleared that up and I was off and running.  The installation process places a network shim on your computer, effectively intercepting all network traffic and passing it through the Yoggie appliance before allowing it to or from your computer.  The concept is great, especially since it offloads the overhead.  Unfortunately, the implementation appears to be lacking based on my testing.

The appliance claims 12 built-in security appliance functions.  I was not able to test all of them, but the ones I did test had mixed results.  The anti-virus feature worked great, blocking the web page with the virus on it from loading with a very clear indication of what it was doing:

eicar

For other functions, such as the firewall feature, the indication of the Yoggie intervention was not as clear.  I spent several minutes attempting to copy some files via FTP and TFTP without any indication from Yoggie that it was blocking the traffic, either actively during the action or passively during in the log files.  Still, disabling the Yoggie appliance resolved my connectivity issues, so I can only assume that the appliance was the cause of those troubles. 

The folks at Yoggie make grand claims about performance impact of their device, specifically that the impact is virtually zero on the computer.  And while I generally found this to be true, I also found that there was a bit more to it.  While the Yoggie was enabled I found that download speeds on my cable modem connection were significantly impacted:SpeedTestWYoggieSpeedTestNoYoggie

Not only was the performance impacted by ~35% for bandwidth and way worse for the ping test but the appliance actually prevented the upload speed test from running. And again, it did so without any useful information to me as a user.  I was concerned that it would prevent general file uploads via web connections and confirmed that to not be the case - I was able to upload flies just fine using web forms or ActiveX controls, but there remained some questions in my mind at this point.

I took a look at the UI to confirm the settings and found the dashboard interface to be pretty, but not really all that useful:

StatusReport

The gage indicators are easy to understand, but even the detailed logging still didn’t contain information about the actions that the device had taken.

I had to head in to the office at this point and pulled the device out for the travel.  Upon connecting to the office network I quickly learned that the network shim remains active, even when the appliance is removed.  This meant zero network connectivity if it wasn’t plugged in.  I like this configuration as it allows for administrative control over the appliance setup and prevents users from overriding those settings without permission.  As an added bonus, if you’re deploying a lot of these appliances you can configure them to receive their configuration instructions from a central source rather than individually programming them.  This is a huge benefit for enterprise environments.

I disabled the device for a bit to get some real work done since I didn’t have time to worry about testing it for a couple hours.  This is when things started to go VERY wrong for me.  I experienced three Windows crashes (Blue Screen of Death) in the next 8 hours of system usage.  These were the first BSoDs I’ve had on my Vista laptop in months, if ever.  All of the crashes indicated device driver issues and all happened with the Yoggie appliance in the disabled mode for the software and the hardware not connected at all.  I cannot say for certain that the Yoggie caused these crashes, but it is the only thing I changed on my system.  I also noticed that each crash was triggered by my initiating a network connection to a web site or other service, which means that the Yoggie Gatekeeper was involved in the action.

I didn’t get to test the built-in Anti-Spam or Anti-Phishing tools since I don’t have any accounts that would need extra protection there.  And I have no idea what a “Layer-8 Security Engine (TM)” is since last time I checked there were still only 7 layers in the OSI model.  I also don’t know what “PENTAGON LEVEL security protection” is, so I cannot evaluate how well they performed on that front.  The Anti-Virus is only active on the network connection, so if you use a USB-drive or other means to bring files onto your computer you are not protected there.  That is a benefit of having locally installed AV software installed, though there are the obvious performance issues there as well.

Overall I was not particularly impressed with the Yoggie Gatekeeper Pico appliance.  For very basic usage by non-technical users it probably would provide OK protection, but without indications that it is intercepting traffic, users would likely get very frustrated very quickly if things stop working.  For someone more technically inclined it seems that the interruptions in service would be more pronounced and more frustrating, though hopefully those users would know how to get around the issues.  I love the concept of the security appliance that you take with you, but this one seems to miss on the implementation, at least on my laptop.