I had the pleasure, and I mean pleasure, of recently rebuilding two of my home PCs running Windows XP because of performance degradation and other issues. I ended up doing a clean wipe of the hard drives and reinstalling Windows XP from scratch. Once I got the machines up and running with broadband connection, I recognized that I was completely naked on the web with no protection. As you may or may not know, I have invested and am on the board of 2 security technology companies which sell into the SMB and enterprise markets (see Deepnines and netForensics). Therefore, I clearly understand the need to lock down your systems and protect yourself against spyware, viruses, and other malicious attacks. Of course, there is always a tradeoff between security and performance. In the past, I have been an avid user of best of breed software on my PC – ZoneAlarm Pro for firewall, Norton Antivirus, and Webroot SpySweeper for Spyware. One, this is not cheap, and two, and it becomes a headache to manage and keep track of after awhile, especially if you have more than one machine in the house where you have to set up rules for each separate PC. For example, as you can see from a recent post, a new software release from Webroot killed one of my machines. Despite the management overhead, what this best-of-breed approach offers me is diversified protection and real-time scanning. What good is having virus protection if you are already infected and the virus scan detects and removes it after you are already infected? There is a huge difference between prevention and remediation.
So of course, with an eye on simplifying my life, I decided to download and install Windows OneCare on one machine. It was easy to download, offered diversified protection against threats, and also allowed me to add multiple machines. However, one drawback, which did not really seem to be highlighted anywhere was that there was no real-time scanning and protection for incoming email. That in my mind is a huge flaw. How can Microsoft give everyone the perception that they are locked down with this new service when it does not scan your PC in real time for threats antivirus threats in your email? I can see a whole army of consumers feeling secure but still having tons of issues without the real-time functionality.
Anyway, this post is not about Windows or any one specific product, but the fact that I have to download and install security software on multiple machines and have to set them up and manage them. As you know I am all about simplicity and reducing friction in usage, so why not have one simple box that does it all for the consumer – cable/dsl modem, router, wireless LAN, with best of breed security software loaded into the device? Just like the enterprise security market went from packaged software installation to set and forget appliances, why can’t I have the same functionality in the consumer market? As we all know, hardware is a commodity and prices have fallen dramatically. And just like enterprises, I want defense-in-depth for my house which means building in security at the edge before it can even get to my machines. With best-of-breed security functionality built into the router, I can set security policies once for my whole house and not have to install and manage client software for every machine. I also get my CPU cycles back on my PCs as they can be a drain for the machines. The good news is that forward thinking companies like Checkpoint ZoneAlarm are starting to go after this market and recently announced just such a device for the consumer market. If you look at this graph you can see why having comprehensive security at the edge is needed. Malware gets blocked at the edge before it can do damage to your PCs. In my mind the state of consumer Internet security is that we are still in the dark ages but it is getting better.