Back to article
Linux Specialist Astaro Claims First Anti-Spyware Firewall
Moving Against Spyware
March 13, 2005
Astaro, a specialist in Linux-driven integrated security, has rolled out a product touted as the first on any operating system to combine network firewall protection with an anti-spyware gateway.
In an interview with LinuxPlanet, Jon Friedman, Astaro's VP of product marketing, noted that Astaro Security Linux is built on top of a hardened edition of Novell's SUSE Linux Enterprise Server (SLES). Like previous versions, the new Astaro Security Linux 5.2 also includes a VPN gateway; virus protection; intrusion detection; and spam and "surf" protection, according to Friedman.
Initially, Astaro offered its integrated security as a software product only, for installation on a dedicated PC. More recently, though, the company started to give users a choice between software and security appliance solutions.
Both the software and hardware products are upgradeable to 5.2, according to the VP. "We've been finding a tremendous amount of interest on the anti-spyware side. IT departments have been spending many, many hours trying to clean up spyware off of users' desktops," he told LinuxPlanet.
Many spyware programs collect information--and even when they don't, they tend to slow down end users' systems, he contended. "Spyware is becoming more and more of a difficult problem."
Indeed, in a recent consumer survey by America Online and the NCSA (National Cyber Security Alliance), 47 percent of respondents said they think spyware programs are running on their PCs.
In another recent report, industry analyst group IDC estimated that 67 percent of all computers are actually operating some sort of spyware.
Moreover, in an IDC survey of over 600 organizations, spyware emerged as the fourth-biggest threat to network security.
A plethora of desktop anti-spyware tools is already available, running the gamut from Microsoft's new product to SpyBot; Spyware Blaster; Ad-Aware; CounterSpy; HiJack This; Spyware Sweeper, and Pest Patrol, for instance.
But Friedman told LinuxPlanet that, unlike desktop offerings, Astaro's inbound filtering prevents spyware from getting beyond the firewall.
In addition to this inbound network filtering, the product also provides outbound filtering, for "interception of outbound spyware," he said.
Friedman acknowledged, though, that at least two other vendors are also starting to approach spam protection from a gateway perspective. "BlueCoat's 'proxy appliances' use (BlueCoat's) own, proprietary operating system, SCOS. This product has spyware blocking, but it is not integrated with a firewall," according to the Astaro VP.
"SonicWall's products also use a proprietary operating system, SonicOS. I think this is based on Linux, but as far as I can tell their published materials don't say so," he maintained.
SonicWall announced an anti-spyware product in February. "But the press release just said it'd be available in the first quarter, and we don't think it's shipped yet," according to Friedman.
Beyond the breadth of functionality of its security suite, Astaro has long been known for integrating open souce tools with commercial products and its own middleware. Founded in Germany in January, 2000, Astaro had enjoyed 185,000 downloads of its security software by early 2002.
"Astaro has a strong, vocal, easily segmented target marked in the open source community. The active support and contributions in the community often (lower) support and development cocsts, as do Astaro's modifications to existing code bases, wrote Pete Lindstrom, an analyst at Hurwitz Group, in a report released way back in 2002.
"We want to provide a supported hybrid which is based on open source. We pick the best components that RedHat, SuSE and Mandrake have to offer. Without middleware, though, the onus would be on the user to glue everything together," said Steve Schlesinger, Astaro's managing director, during an earlier interview.
Friedman this week cited a number of open source components as ingredients in Astaro's 5.2 product, ranging from an Apache Web server to Snort.
But the spyware database used in 5.2 is a commercial product, as is the antivirus engine from Kaspersky Labs that also appeared in earlier editions, he said.
"Astaro Security Linux uses the URL database from ISS's Cobion division to identify spyware Web sites. We do not use any public databases at this time for spyware," according to Friedman.
On the other hand, Astaro does use public databases for anti-spam filtering, according to the Astaro exec. "But that's different," he said. "To protect against spyware, there really has to be someone looking at Web sites 24 hours a day."
Cobion's URL database uses a black list for filtering out traffic from known spyware sites. But Astaro's product allows administrators to override filtering by placing selected URLs on a "white list" instead, he told LinuxPlanet.
Existing Astaro users with subscriptions to either Surf Protection or Astaro Secure Web can upgrade to version 5.2 free of charge.