Gallery

Security without penalty

Posted on 30 Mar 2009 at 16:17

Paul Ockenden reduces the strain on his netbooks, continues his Wi-Fi investigations, and reveals the perils of using a mobile as a modem.

A netbook should by definition be small, light and cheap with a long battery life, all factors that also tend to make it slow - low weight and extended run time mandate a low-power processor and small amount of RAM. Despite this, netbooks often work fine "out of the box" when running XP or Windows 7, both of which are netbook friendly - unlike Vista. They may not handle the latest 3D games, but they'll easily cope with Microsoft Office, email and a bit of web browsing. That is, until you install a typical internet security suite, which will probably reduce them to a crawl. Some suites are worse than others - the latest versions of most are "lighter" than the behemoths of a year or two ago - but they all eat processor cycles, make your machine feel sluggish and cramp battery life.

A device I've been playing with over the past few months, from Israeli security firm Yoggie (www.yoggie.com), promises a solution. Yoggie produces several security gadgets, but I've been trying its Gatekeeper Card Pro - an ExpressCard that you plug into the slot on your netbook or laptop, from where it secures all your network traffic. Here's how the manufacturer describes what's inside this ingenious piece of kit: "It includes a robust computing platform with a powerful CPU, with the sole purpose of protecting the laptop. Two separate network cards provide a physical separation between the unsafe zone (internet) and the safe zone (connected to your laptop). The device also includes two separate flash memory units. One unit stores a secured copy of the Linux OS. During pre-boot, Yoggie copies the OS onto the second unit and uses it during runtime. The original copy of the OS, stored on the first unit, doesn't include any "Write Access" permissions. This double-step process guarantees that in the event of a successful attack, upon rebooting the device a clean and safe version of the OS is uploaded, making the OS and security applications completely safe."

There's a 520MHz ARM processor powering the Gatekeeper, and its Linux OS runs transparent proxies for HTTP, FTP, SMTP and POP3 that scan all web, FTP and normal email traffic. It excludes HTTPS because SSL traffic is already encrypted, so the device can't see its content. These proxies examine stuff such as email file attachments and file downloads - something that many hardware firewalls don't do. It protects against viruses using the excellent Kaspersky scanner, spam, phishing attacks, address spoofing, spyware and intrusion threats - spam and phishing is dealt with by Mailshell, SurfControl looks after the web filtering, and Snort looks out for intrusions. It's reassuring to know you've got such established and highly regarded products in there.

I found that Gatekeeper really brought my sluggish laptops back to life after I'd completely uninstalled existing security products. It introduces a very slight lag in traffic - just a few milliseconds - but for normal web and email users such delays aren't noticeable. Configuration is done either via a web browser or centralised management tools in a corporate environment, and updates are fully automatic.

I really like this device and it occupies a very unusual position in the marketplace, putting the advantages of an external hardware firewall into a normally unused slot on the side of your laptop. If you don't have a spare ExpressCard slot, it fits into a normal PC Card slot via an adapter - and if you've no slots at all there's a USB version called Pico (whose abilities are almost identical). It isn't perfect and I did find a couple of gotchas - it secures only network traffic and can't scan local drives or files, which means that if you plug in an infected USB stick it can't detect it. To counter this Yoggie bundles a desktop copy of Kaspersky Anti-Virus, but having to also run desktop antivirus kind of defeats the point of Gatekeeper. So long as you're aware of the limitation and act sensibly, I don't see this as a huge problem, since the majority of security threats arrive via the network.