Yoggie CEO Blog

I recently received an IdeaPad S10 – An outstanding netbook from Lenovo. It is relatively small, has great connectivity, and everything I need to take with me on flights and trips.

It smoothly switches from hibernation to power on and vise versa, ready to serve me when I am looking for a nearby Japanese restaurant, business address, or my Gmail account.
I also installed a copy of MobileMe client (by Apple) on it, keeping my business folders in sync on my S10, 3 Windows PCs  and my MacBook.

So far, all is great. The S10 comes with Norton Internet Security Suite 2009 ready to be enabled/installed.  When I did that, I ran into some major challenges (I do not like the words “issue”, “problem” and “risk” :-)). The Atom processor on my S10 is great for running Windows XP and my applications, but it was never designed to run these additional multiple security applications included in the Symantec security suite (to be accurate, nor any other vendor’s security suite) such as: Anti Virus, Anti Spyware, Web and email proxies, intrusion detection and prevention, Anti Spam, Anti Phishing, etc.

I immediately noticed a significant performance hit on my second reboot after getting all the recent Security Suite updates. At that point, I learned how I can really enjoy my S10.

The secret is to completely remove the Security Suite and disable Windows XP updates. Yes, this sounds like preparing my S10 to be shot dead on my next Internet connection, but this is the only way to really enjoy both performance and the great mobility of the handy S10.

I am not preaching to practice “unsafe surfing” by not using  a security tool at all, but as you know, I don’t have to pay for a Yoggie Gatekeeper that perfectly fills the security gap that I created.  The S10 has a 34mm ExpressCard slot which is perfect for the Gatekeeper Card. The only drawback is that Lenovo saved some space and made the 34 mm slot shorter than the PCI standard, causing my Gatekeeper to stick out about 10 mm of its form factor, but this is something I am ready to trade with no need to run the Internet Security Suite that makes my S10 almost non usable.

The Windows XP updates are still missing, but I am trying to be selective and cherry pick only these that I find very critical that the firewall and 13 other security applications in Gatekeeper may miss.

So as the CEO of the hair growth company said in the TV commercial: “I am not just the company president, but I am also a user” 

Cheers,
Shlomo.

I am writing this item from Frankfurt Airport, Germany. I am using my MacBook Pro, connecting to the T-Mobile wireless account, and sharing the same infrastructure with everyone else here (same access point, same switch, sharing the same DHCP server with everyone etc.)

This has nothing to do with my post today, except that I just cannot tell you how I can “see everyone else, while no one can see me”. Well, not exactly. They see my Gatekeeper for Mac mini-computer and my MacBook is hiding behind it (I have my own DHCP Server on the Gatekeeper) – sorry, I cannot avoid mentioning it

So, I am looking around and I see more Mac users than Windows-based PC users. This is not a real statistic, but the interesting point is that it’s no longer only students or young people. You start to see the suit and tie crowd using these computers, connecting to their corporate servers, “VPNing”, doing their corporate work that was totally dominated by Windows till not long ago.

This is in line with recent publications from analysts showing that since switching to Intel processors, Mac entered the corporate world, and is increasing its presence there. It is still a one digit % number, but this brings a new challenge to corporate IT. Many of these Mac owners, are very senior employees (only senior people can decide to get a non standard corporate PC). They also expect IT to support it.

Mac didn’t suffer from many Viruses and Malware attacks in the past. But, as the Mac is starting to be used by senior corporate people, it becomes an attractive target, very well selected, for identify theft, hacking into financial information and sources, getting credit card information, and do what hackers do today to Windows based PCs.  OS X is not really more secure than Windows Vista, it was just less popular.

For IT, this is a huge headache, not only do they lack experience and knowledge in these systems as well as lacking tools and infrastructure to provide adequate service, but Apple and the security vendors are not ready to provide them with security infrastructure and solutions.

IT doesn’t have a security response team that is gathering information from Mac security experts, building procedures and tools, and providing real-time answers to Mac related security vulnerabilities. All that they have with Windows based PCs is missing with the Mac.

In addition, over 15 years of progress in Windows security is missing in OS X and it takes time to catch up. Meanwhile, corporate exposure is growing, and the hackers, using strong hunting instincts, are closing in.

Apple, is trying to close this security gap, and be proactive. Last Monday, Apple announced Safari 4.0, a release that fixes more than 50 vulnerabilities in the browser. I believe that Apple is trying to increase its effort and investment in security, however, they have a long way to go, and more importantly, it really requires to change some of the Apple culture and vision – which is the more difficult task.

So, it’s not that I wish for Apple to change its culture, but instead, upon entering the corporate world, I expect Apple to grow-up a bit security-wise, and step up to the challenge.

Meanwhile, I am using my MacBook with Gatekeeper Card.

Cheers,
Shlomo.

In Part II, I talked about the huge challenge of Anti Virus companies facing the massive increase in the size of the Virus signature database. The problem is not only allocation of 60MB of Virus signature file into the computer’s RAM (That’s today, tomorrow is can be 1GB). It’s also the performance hit that PC would suffer.

I am frequently asked by Yoggie customers and prospects about this performance hit. Everyone knows that Anti Virus software slows down the PC, but providing a simple answer, is a challenge. The public records for this number varies from 15% to 55% depending on the test equipotent, lab setup and the “age” of the Anti Virus software. The latter is probably the most critical one and is controlled by the Anti Virus vendor and the end user. This means that an Anti Virus released in 2007 and running on a PC for 2 years (I.e. 2 years old) will have a very different performance hit on the PC, comparing to Anti Virus that is “only” 6 month old.

The reason is related to the fact that the Anti Virus “update” doesn’t include just new Virus signatures. Many of these daily updates include new DLL (Dynamic Load Library = computer execution code) files designed to fight specific Virus families or instance that cannot be covered using the current Anti Virus algorithms and require a specific code to effectively detect and remove such new Viruses.  As a result, older Anti Virus programs,  include hundreds of DLL files (Anti Virus may have 5 – 10 daily updates) acting as a collection of patches. These patches lack overall system optimization and may be seen as spaghetti code that dramatically slows down the Anti Virus execution performance.

Everyone knows that when first using a PC with fresh Windows OS, it runs well with satisfying performance.  However, 9 – 12 months after, the PC starts to slow down and 1-2 years after, the PC is very slow.  Windows OS contributes to this effect, however, the Anti Virus spaghetti effect is a major contributor to this effect, presenting a growing problem that current technology presents no remedy to.

As a side tip, one can understand that he better completely uninstall his Anti Virus of previous year and install a brand new version from the current year. By doing just that, one should expect better performance during the next months to come.

It is very clear that a new direction is needed. Some security companies are trying to “milk” their current technology that is generating significant revenues during last decade. While other security companies keep their R&D teams very busy in leading the industry with breaking new technologies. These companies are usually smaller ones, maybe startup companies that try to come up with a fresh vision and different a way to solve the problem.

As a founder of two security companies that recognize the paradigm shift in the security market, I appreciate creative thinking, but when it comes to security I also know that a solution always gets back  to the 3 basic laws of security.

Any breakthrough technology that tries to present a security “leap frog” step must obey these 3 laws or it will end up in the security marketplace waste basket and forgotten dead startups.

So, I started with description of the 3 basic laws of security in Part I and I’m returning to the same basic rules now.   Every brand new technology that is presented needs to be verified so it architecturally supports multiple lines of defense, that it applies different algorithms/technologies in every security line and that it is seeking maximum “security depth” between each security line.

Lets check Yoggie’s Gatekeeper product line against the 3 basic laws of security:

1.    Use of multiple line of defense: Gatekeeper comes with 13 built-in security applications.  Few, such as IDS/IPS work on the packet level and others such as Anti Spyware work on layer 7 extracting file  content and running file-level scanning.  Each presents a different line of defense. The IDS checks the packet stream, looking for matches with the DB of streams.  The Anti Spyware obtains a complete file from the Layer 7 proxy, performs content analysis to detect the true file type and applies a specific scanner to find a known Spyware file signature within the file structure/content. Moreover, the Gatekeeper as a whole acts as an integrated security line within the system, where the other security lines are installed inside the actual PC OS you are trying to protect.

2.    Yoggie’s Gatekeeper uses different technology within its built-in security lines. The IDS technology is very different than the Anti Spyware technology specified above. Also the Gatekeeper technology (content scanning) is different than the Host PC security application (i.e. Windows/Mac based Anti Virus)  which is scanning run-time code.

3.    Yoggie’s Gatekeeper detects and stops the attack and threat before it lands inside the protected PC OS. This means that the PC security application will not see screened attacks stopped by the Gatekeeper. That constitutes a “security depth” between the Gatekeeper and the PC. Moreover, the Gatekeeper hides the PC using NAT technology making it invisible to the other PCs that are connected to the same public network.

Needless to say that the 3 basic laws of security are not everything needed in security systems. Corporate IT requires policy enforcement mechanism, management, reporting tools ,etc. But the 3 laws provide an efficient and successful tool to check any security system and to allow maximum security with minimal redundancy.

That’s for today; stay tuned for additional topics, soon.

Cheers,
Shlomo.