Security

Testing the Yoggie Pico Pro security appliance


Since getting the new Yoggie Pico Pro security appliance, I've been doing some testing. Last week I told you about the easy installation, but also the unexpected blue screens when trying to use the Kaspersky Desktop.

I must admit I've been rather unimaginative in my testing of the Pico. The first test was, of course, downloading the Éclair test virus. Mixed results on that: while the Pico did pick up the virus and block access to it via HTTP; using the HTTPS link let it right through and I happily saved it on my Desktop. I don't see why malware/virus writers wouldn't use HTTPS to download payloads and bypass devices like the Pico.

Luckily I still had Windows Defender running in the background and that quickly picked up the test virus. Strictly speaking I should have disabled Defender as the Pico runs "all the security applications that you will need to completely protect your laptop…." I'm glad I didn't.

I tried some general surfing of dodgy Web sites but didn't receive any malware alerts, so started to play around with Web filtering instead. This can be enabled via the management interface and allows Web sites to be blocked by category. This was pretty successful. Blocking adult content successfully denied requests for thehun.net and blocking e-mail/chat stopped me from accessing Gmail, Live Mail, and e-messenger/net; it did not block access to the Web mail interface for my personal domain, so I would guess it's based on block lists rather than content analysis (because how hard is it to pick out the text ‘Squirrel Mail' from an HTML stream?).

The management interface front page gives a high-level overview of security status using the traffic light system of green/yellow/red to represent low, medium, and high alert levels. There are various 3D reports available to give a graphical representation of alerts; these can split events down into more detailed categories for analysis.

Summing up

I'm sure the questions everyone has are: does the Yoggie Pico do all that it claims and is it worth the $199 price tag? Here is my list of Pros and Cons:

Pros:

  • Web filtering is great for parents and sysadmins alike; although not bullet proof, it's good enough to stop the average person from wandering on to prohibited sites.
  • Very pretty design—silver/black/blue; futuristic.
  • Device cannot be bypassed without an admin password.

Cons:

  • Web filtering won't stop everything.
  • It's a little large for USB key styling and blocks access to the adjacent USB port.
  • Drivers are unsigned (not good for a security appliance!).
  • Can't detect malware if downloading via HTTPS.
  • Conflicts with Kaspersky, possibly other desktop AV software too.
  • Doesn't protect you from malware delivered via USB keys, CDs etc.

Personally, I think the claim that the Yoggie Pico offloads processing of security tasks from the main CPU is completely untrue as is the claim that "all the security applications that you will need to completely protect your laptop work harmoniously inside Yoggie Pico."

Let's be sensible and look at this logically. How is a device which filters network traffic looking for malware going to stop my computer from becoming infected via some other form of media (specifically USB/CD/DVD)? I think the inclusion of Kaspersky Desktop is an admission that it won't.

Furthermore, if the Pico can't scan HTTPS traffic then how does it stop malicious payloads from being delivered via that route? It can't.

Therefore, not all of the software I need to completely protect my laptop is running on the Pico; I still need desktop protection (hence the included installation of Kaspersky Desktop).

If I'm still running desktop antivirus and anti-malware software, then I'm not benefiting from offloading security tasks to the Pico so the performance gain is out of the window too.

These simple facts render both of Yoggie's main lines of sales hype moot and void.

We still have physical separation but that alone isn't enough to motivate me to spend $199 on one (let alone a corporate fleet)!

Overall, I would say that the Yoggie Pico is a nice idea but a very simple analysis shows it to be impractical. It can't offer the level of protection that would allow one to discard desktop antivirus software and continue with peace of mind. If blue screen issues mean that the Pico won't run harmoniously with desktop antivirus, then there's no question: stick with the desktop software and dump the Pico. I will try to test the Pico with another desktop antivirus suite and post an update on whether or not the blue screens return. Let's hope not! If so, then until this issue is fixed, I can't see any IT department seriously considering deploying these things.

Based on my experience so far, I would give the Yoggie Pico a very disappointing 4/10. It's a gimmick and a broken one at that.

4 comments
richardmcmann
richardmcmann

Hi there I've had the very same problem with my vista PC and after 4hrs and 8 blue screens, decided to email pico and tell them to shove it! I want a refund. Yes I too was confused by the bundled desktop AV application and had more blue screens with with both installed... but I also had blue screens with just pico installed in the first instance. Finnally - I noticed a large processor grab and disk usage with the device installed which baffled me as this defeated the object. My new dual care ROCK laptop suddenly became as slow as my single core 2 ghz 4 year old PC.. mmm dont bother folks.

mageistere22
mageistere22

Rather disappointing BUT, it is so in Life. my wondering is how "they" did not foresee all. UNless it confirms that No One, not Microsoft for Certain can build up serious programs without having to later deal with problemswith a Service Pack of some sort. Would Like to hear from others who try the app.

Justin James
Justin James

I will say, it is rather tough to scan an HTTPS stream for viruses, simply because it is an encrypted stream. The only way to virus scan on HTTPS is to perform the scanning where the decryption occurs. That means either in memory on the PC itself, or to have some proxy somewhere along the way that intercepts the HTTPS request, performs the request itself, decrypts the return stream, scans it, and re-encrypts it for transparent delivery to the original requester. This is the same reason why you cannot used hostname-based virtual hosts with HTTPS; either the HTTPS connections need to use different ports for each vhost, or they need to use different IP addresses. The hostname in the headers is encrypted, so the server has no awareness which virtual host to direct it to. Just some (hopefully) helpful information. From your review, the device does not seem bad, but I would rather have something sitting between my CSU/DSU and router (or between the router and the switch) than a USB device hooked up to my PC. J.Ja