I had the pleasure, and I mean pleasure, of recently rebuilding two of my home PCs running Windows XP because of performance degradation and other issues. I ended up doing a clean wipe of the hard drives and reinstalling Windows XP from scratch. Once I got the machines up and running with broadband connection, I recognized that I was completely naked on the web with no protection. As you may or may not know, I have invested and am on the board of 2 security technology companies which sell into the SMB and enterprise markets (see Deepnines and netForensics). Therefore, I clearly understand the need to lock down your systems and protect yourself against spyware, viruses, and other malicious attacks. Of course, there is always a tradeoff between security and performance. In the past, I have been an avid user of best of breed software on my PC – ZoneAlarm Pro for firewall, Norton Antivirus, and Webroot SpySweeper for Spyware. One, this is not cheap, and two, and it becomes a headache to manage and keep track of after awhile, especially if you have more than one machine in the house where you have to set up rules for each separate PC. For example, as you can see from a recent post, a new software release from Webroot killed one of my machines. Despite the management overhead, what this best-of-breed approach offers me is diversified protection and real-time scanning. What good is having virus protection if you are already infected and the virus scan detects and removes it after you are already infected? There is a huge difference between prevention and remediation.
So of course, with an eye on simplifying my life, I decided to download and install Windows OneCare on one machine. It was easy to download, offered diversified protection against threats, and also allowed me to add multiple machines. However, one drawback, which did not really seem to be highlighted anywhere was that there was no real-time scanning and protection for incoming email. That in my mind is a huge flaw. How can Microsoft give everyone the perception that they are locked down with this new service when it does not scan your PC in real time for threats antivirus threats in your email? I can see a whole army of consumers feeling secure but still having tons of issues without the real-time functionality.
Anyway, this post is not about Windows or any one specific product, but the fact that I have to download and install security software on multiple machines and have to set them up and manage them. As you know I am all about simplicity and reducing friction in usage, so why not have one simple box that does it all for the consumer – cable/dsl modem, router, wireless LAN, with best of breed security software loaded into the device? Just like the enterprise security market went from packaged software installation to set and forget appliances, why can’t I have the same functionality in the consumer market? As we all know, hardware is a commodity and prices have fallen dramatically. And just like enterprises, I want defense-in-depth for my house which means building in security at the edge before it can even get to my machines. With best-of-breed security functionality built into the router, I can set security policies once for my whole house and not have to install and manage client software for every machine. I also get my CPU cycles back on my PCs as they can be a drain for the machines. The good news is that forward thinking companies like Checkpoint ZoneAlarm are starting to go after this market and recently announced just such a device for the consumer market. If you look at this graph you can see why having comprehensive security at the edge is needed. Malware gets blocked at the edge before it can do damage to your PCs. In my mind the state of consumer Internet security is that we are still in the dark ages but it is getting better.
I recently met with an interesting company offering a virtualization sandbox approach to keeping a consumer’s PC free of nasties. Green Border (www.greenborder.com) enables virtual sessions that prevent mal-code from the internet, email/webmail, IM, and even plug-in data sources (USB Drives) from getting to your system registry or files. As soon as you close the session, everything is wiped away. Even if you download a file, you can choose to have a “Green Border” applied to it so when you open it later it opens in a protected sandbox. I’m not sure how they handle “good” or desired cookies, though.
And no, ONSET doesn’t have an investment in them:).
interesting – sounds like you would still need some of the other security software if you want to save a file outside of your “green border”
Juniper Networks provides such a box today, Ed. This is NetScreen technology – FW and IPS from native software and best of breed collection from Symantec, SurfControl and Kaspersky Labs for antispam, web filtering and AV.
http://www.juniper.net/products/integrated/ssg_5_20.html
And best of all it can report back to netForensics 🙂
thanks Knuj. I have known about that and some other appliance but they are not sold for $150.
Disclosure: I work for Windows Live OneCare.
Thanks for trying it.
Just wanted to clarify that Windows Live OneCare real time virus scanning engine does protect against viruses in email attachments as we monitor all disk activity and catch them when the attacments are written to disk.
My advice is, stay away from the Z100g product. I have one and it has a particularly unsavory feature of sending all of your traffic logs to sofaware/checkpoint servers.
In other words, those companies will know everything you do on the internet and every packet you send.
I have been asking these companies to not store this information. However, to date, neither have complied. Their argument is that they cannot prevent the logging of this information without unsubscribing you from their service.
-Subotai