2. Yoggie Pico to the Rescue!

For mobile notebook clients, envision a 500-MHz miniaturized computer about the size of a pack of gum that integrates into the runtime environment on an existing computer attached to a network. This mini-computer offloads network processing tasks onto its hardware, thereby relieving the primary CPU to focus on other, more general computing tasks. It also provides direct coverage for its host computer, delivers firewall and intrusion detection capabilities alongside spam and spyware scanning and runs a Linux 2.6 kernel. Imagine that such a device is so thoughtfully designed it even prevents itself from becoming a vector of infection, disables network interfaces when lost or disconnected, and can be controlled through a centralized management server or through a management server that the vendor operates. And it doesn’t plug into any network jack-it needs just a single USB 2.0 port.

Yoggie Security Systems Yoggie Pico Pro is everything we’ve just described. In fact, the Pico Pro is an all-purpose plug-and-play security tool designed to protect personal computers or notebook PCs against most anything the Internet (and intranet) can throw its way. The Pico Pro is built around the Intel XScale PXA270 520-MHz chipset, which also powers other compact devices such as smart phones, GPS units and even the Dell Axim PDAs. This tiny CPU delivers a power rating equivalent to a Pentium 3 computer from the 1990s, which is more than sufficient for most network routing and traffic analysis tasks. And with 128 MB of on-board SDRAM, the Yoggie Pico Pro carries nearly as much memory as P3s from days of yore. Altogether, the Yoggie Pico can firewall network traffic, provide IDS protection against various forms of remote attack, thwart virus/spyware/spam payloads in real-time and employ behavioral and signature-based scanning engines (updated hourly) for serious protection. All told, the Pico offers a baker’s dozen (13) of security applications, which run atop Linux 2.6.

To prevent it from becoming a vector for network-born infections, the Yoggie Pico uses a dual-stage loading process that isolates the original factory-sealed OS from its real-time operating counterpart. The original image (Flash A) is loaded into working volatile memory (Flash B), and is then disabled. To all intents and purposes, Flash A is inaccessible to Flash B, and the latter stores acts as a security appliance only so long as the unit receives power. When power is lost or cut off, Flash B is wiped (along with any potential changes, malicious or otherwise) and network connectivity comes to a screeching halt. The Pico also maintains a separate, writable flash area to receive updates and process information in real time.

Click on thumbnail for a full-sized exploded view of the Yoggie Pico. Please note it features two sets of flash RAM, one of which is read-only to protect the Pico software from compromise or alteration.

This behavior may be turned off with an administrative password, and the unit itself is remotely monitored and controlled from a management server (one difference between the cheaper Pico and the Pico Pro we reviewed for this story is that the former only works with Yoggie’s own management servers, whereas the latter may be configured to work with an organization’s private management servers instead). The Yoggie is tiny for such a mighty network appliance-it’s literally no bigger than a pack of chewing gum. Though looks aren’t always important, this unit features a sleek, black-and-silver trim and is furnished with blue LEDs and status indicators. Although the Pico Pro is designed for notebook computers, we included a desktop system in our analysis as well for completeness’ sake. Because the Yoggie Pico Pro has no external power adapter, it draws on the USB 2.0 port for both power and data. This is clearly an advantage for mobile computing platforms and a convenience for desktop computers.