|
A short while ago, we previewed the Yoggie Pico here.
Thanks to the good folks over at Yoggie, we now bring you the review of the Yoggie Pico Personal Edition.
Did this device live up to its marketing hype?
Be sure to read right down to my Conclusion!
 To briefly recap, the Yoggie Pico is an USB device with 13 integrated security applications in the one device, aiming to mitigate both known and unknown threats.
These include: * Adaptive Security Policy™;
* Multi-Layer Security Agent™;
* Layer-8 Security Engine ™;
* URL Categorization & Filtering;
* Anti-Spam;
* Anti-Phishing;
* Anti-Spyware;
* Antivirus;
* Transparent Email Proxies (POP3; SMTP);
* Transparent Web Proxies (HTTP; FTP);
* Intrusion Detection System / Intrusion Prevention System;
* VPN Client; and
* Stateful Inspection Firewall.
First Impressions
 The Yoggie arrived in a classic, matt black box with a sleeve. The front advertises "Titanium Grade" Security, and "Plug & Forget: One small device, and you are completely safe!". The back of the box displays the usual blurb, except for the typing error in the first paragraph. Unfortunately as this part is duplicated on the box itself, that makes the same mistake appear twice.
The package contained:
* 1 x Yoggie Pico Personal;
* 1 x spare cap for the Yoggie (very thoughtful);
* 1 x Quick Start Guide;
* 1 x Software and Driver CD;
* 1 x Informational slip advising me that I am entitled to 1 Desktop Kaspersky Antivirus 1-year license.
The Yoggie was meant to be mounted into the box but it didn't quite survive the courier trip and ended up sloshing around inside the packaging.
Installation
I disconnected my machine from the internet as a precaution then disabled my security products. The enclosed CD pops up with a simple menu for the following tasks:
* Install Yoggie Software & Driver;
* User Guide;
* Quick Start Guide;
* Bonus: Kaspersky Desktop AV; and
* Browse CD.
 The bottom right hand corner of the screen indicates the shipping CD is of version 5.1.0.
With my machine ready to roll, I hopped straight into installing Yoggie software and driver. After the welcome screen, a screen requests that I "make sure your Yoggie is properly connected to the computer before proceeding with the installation". After this screen was where I began to encounter some problems. For a security product, it was more than a little disconcerting to receive prompts informing me that the software I am installing has not passed Windows Logo testing to verify its compatibility with Windows XP but it will install once I click "Continue Anyway".
According to the Quick Start Guide, once the driver installation is complete, the web browser will open and I will be prompted for a username and password. My browser never opened as promised, and when I clicked on the Open Management Console to start it, my browser was unable to connect to the Management Console either.
So far things were not looking too promising. I unplugged the Yoggie and reconnected it a number of times without success. The browser continues to time out. Worse still, now every time I close my Internet Explorer I get an application error. This error message disappears when I disabled Yoggie from my system tray.
A search on the Yoggie support knowledge base did not return any references on this issue. It did have a reference to v5.1.5 of the Yoggie software and driver though.
Installing the latest version proved to be a better experience. At least in this version, the software is now signed and no longer shows the Windows Logo incompatibility prompts. Unfortunately I still could not access the Management Console at all. This time I knew that the software installed correctly because as soon as I disconnected the Yoggie, I lost all network connectivity. So in theory, at this point, the Yoggie should be protecting my machine.
However not being able to see what the Yoggie is doing, or to change the default password is not particularly helpful for a product that I am entrusting my security functions to. I opted to back out of the Yoggie installation altogether.
When you first don't succeed ... I wondered if the difficulties I had in getting the Yoggie Management Console working was contributed to by the fact that I had hardened my operating system. So I tried to install Yoggie on a freshly built machine without any security software installed or any hardening work performed on it.
I opted to skip straight to using version 5.1.5 of the software and the Management Console responded pretty much straight away. However, now Internet Explorer 7 notifies me that I have a certificate error. Great. This time a foray into the Yoggie support website turns up an article addressing this issue. According to the article, the certificate was issued to "https://yoggie.yoggie.com:8443" so if I type that URL into the browser the error should not come up. It did not quite prove to be true in my case. The warning came up a few times when I connected to the Yoggie Management Console, and only disappeared after I changed my password.
The initial problems with installation and the number of certificate issues that have come up reflect badly on this product. Nevertheless, I decided to keep an open mind to the rest of the testing.
Registration The registration process is simple. The Quick Start Guide provides the username and default password for the device. The first log in to the Management Console prompts for these credentials. Next I am prompted to select either Corporate Mode or Standalone Mode. In my case with the personal edition, I selected Standalone Mode. I entered my name, email address and a valid license key (provided on the sleeve on the back of the CD). I elected to change the default password. Uninstalling and moving the Yoggie to another machine does not revert to the factory default password. At last the Yoggie Pico is active. I am advised that the first time the Yoggie goes live, it can take up to fifteen minutes to download any necessary updates.
Interface  The Status page of the Management Console is a simple dashboard. The Risk Level is displayed in a half circle with the traffic light system of green being low risk, yellow for medium and red for high. Below that are three dial gauges and counters for Firewall Events, IDS/IPS Events and Malware Events. It is a simple and effective design for a standard user.
The reporting tab gives the option of displaying the number of events in a chart format - 2D or 3D depending on your personal preference. Only a time-elapsed chart of events is displayed though. The Security Log which is a columnar display provides more information, including date/time, engine (Firewall, IDS/IPS or Malware) and a description of the event. The System Log is also columnar and displays events pertaining to the Yoggie's operation such as start up and signature updates.
The Advanced Settings tab provides some measure of customising your Yoggie's behaviour. These are:
Web Filtering - a pre-defined list of groups which you can block or allow as you see fit. There is no customising within the groups. I presume the lists are maintained by Yoggie;
Firewall - port blacklist and whitelist. There are long lists of ports which are either known to be safe or high risk. There is an option to override these;
Size Policy - "Yoggie can scan files for malicious content up to a certain file size limit. It is recommended Yoggie blocks files of greater size. If you choose not to block big files the scan will be performed only up to the size limit." It can block downloads greater than 10 Mb if desirable. This is an either “on” or “off” feature, and the 10 Mb limit cannot be changed;
IDS/IPS - allows or blocks certain predefined roles for the Intrusion Detection and Intrusion Prevention Systems;
Components - Permits the enabling or disabling of SMTP, POP3, HTTP and FTP scan engines. Curiously enough, for the security engines, the Mailshell engine is activated by default, but the L-8 security agent is disabled by default. I tested the device with the L-8 agent in both states.
Test Drive
This is what I was waiting for, I was ready to test just how good this little device is.
I set up my machine with Yoggie connected onto my network, and hit it with some simple connection requests. This went pretty well. Next I brought out the big guns and hammered it with the Nessus security suite. The Yoggie didn't even blink. The counters in the Management Console kept going up, but the full might of Nessus failed to penetrate the firewall. In fact, as far as it was concerned, the machine might as well have been turned off. Impressive!
Next I tested the web filtering feature which works as advertised. It was a fairly bland test by heading for a well-known adult site, I am sure that the lists that are maintained are not perfect but assume that they will be updated regularly.
 The anti-virus feature was next on my hit list. The User Guide provided a link to the EICAR test virus payload and I duly followed the URL. The Yoggie worked beautifully on the downloads using standard HTTP protocol. It detected and blocked the virus in all the variants available on the website. The bad news is that it failed miserably to block the same files using secure SSL (HTTPS) protocol. It simply let all the files through to the keeper. This scared me so badly that I was ready to pull the pin on the testing. In fact in most cases when I'm testing a security product and it fails in this fashion, I generally return it to sender quick smart.
Nevertheless I pressed on for our readers. I turned off the phishing filter in IE7 and headed for some known phishing websites. PhishTank helpfully has a list of confirmed phishing websites and I tried out about a dozen of these. More trouble. The Yoggie failed to block my access to any of the sites that I chose. Turning on the phishing filter in IE7 immediately warned that I was headed for trouble going to these URLs.
The last of the major features is the anti-spam feature. Helpfully I have an email address which for some reason is a spam magnet. I checked that the POP engine is enabled and also selected the option to tag the subject line with "Spam". I let the floodgates open and quickly started to see the spam come through, untagged. It was yet another failure.
I probably could have persisted with testing the device, but I stopped testing after this point. Bear in mind that this is almost an out-of-the-box installation and only one and a half features worked as it should!
Useability
 There is always an overhead associated with security suites. Despite the claims to free up resources from your PC, the Yoggie still require some overhead on the system. It installs a driver which routes network traffic from the standard interfaces to the USB ports so the device can perform its functions. The overhead of this is approximately 9 - 10 Mb which is fairly good.
However, if you decide to install the Kapersky software which was bundled with the Yoggie, the resource overhead increases to an additional 8 to 16 Mb above what the Yoggie driver requires. This brings it roughly to the resource overhead of software based security suites available in the market, resulting in none to minimal real performance gain.
The signature update interval is hardcoded and there is no way of changing the timing of this.
Conclusion
I terminated the testing of the Yoggie when the failure rates started climbing. Frankly I was so worried about its ability that if Yoggie was my only layer of defence against the internet baddies, I would lose sleep at night. In my opinion, it is worse to have a security product that fails to live up to expectations than not having one at all. This is because it lulls people into a false sense of security thinking they are protected. It's like locking all your doors and windows, but leaving the key in the front door lock.
A large number of things concerned me about Yoggie; the gaping holes in the anti-virus engine, the phishing filter and the spam filter. Further, as the device only monitors network traffic, viruses or malware transmitted by the old fashion means of flash drives are completely missed. I actually injected viruses and malware via the flash drive method and successfully infected my test machine. The Yoggie never picked up the infection, or the outbound traffic the malware was starting to generate. I killed that machine pretty quickly once I proved my point so it is possible that the malware was not entirely successful in connecting back to its mother somewhere in the ether.
 The interface is hard coded to 800 x 600 resolution which makes reading the logs a challenging process. There did not appear to be any way of exporting these logs either.
If pushed, I would say that it appears to be a robust firewall. But given the rest of the vaunted features failed spectacularly, any security expert will be asking whether you can trust one part of the device if the rest doesn’t live up to its claims.
I think the product has great potential. I also think the marketing is slightly misleading as it is definitely not a "Plug & Forget" device given it only monitors one aspect of the many aspects that comprises computer security. It also does not completely free your machine from resource overhead.
As for me, I reverted back to my usual security suite. My heartbeat rate has come down, I changed out of my brown pants and I'm sleeping at night.
The Yoggie Pico Personal is available here for USD$179.00. For purchases made before 31st December 2007 you receive a full three years of subscription.
|
