woodrowbone

Level 9
Hi guys, I saw this router mentioned in another thread, I saw it worthy of it´s own thread.

Avira SafeThings

Lets discuss what we can find out about it.
I like the fact that it has a lifetime subscription like ASUS AiProtection for example.
The looks of it is horrible, let´s hope this is not the final design...Avira, let´s get in to the new century please :p

/W
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
With Windows10 becoming stronger and the freeware enabling advanced features of WindowsDefender (e.g. ConfigureDefender) and/or adding additional security layers to OS (e.g. OSarmor) the market share of paid AV's is dropping slowly as is the upgrade conversion rate of free versions to paid premium versions).

Luckily for the AV-vendors most Android mobile phone makers lack in patch management (monthly Chrome Android updates are at best pushed to mobile phones in a three month interval for at most two years) and Internet Of Things device makers do not comply to the basic securiy features (no patches, no secured connections, no easy/forced admin password change, etc). With only a handfull of smart devices in our household, my bad luck statistics hit the 100% percent mark, because all had (some still have) unpatched security flaws.

This opens up a whole new market for AV-vendors: AV & UTM integrated devices to provide a layer of protection for all the connected smart devices in our homes. So in future I will buy a router with monthly subscription for AV-blacklist and AI-monitoring, but I will with wait until MIMO & MESH become mainstream.
 
Last edited:

Slyguy

Level 42
Verified
Every home will have a UTM appliance within 10 years, it's almost a requirement. Avira's hardware looks solid, just a bit less than Gryphon but close enough. Avira Safe Things doesn't appear to offer any advanced IPS or Malware Protection, but rather looks like a more secured router with additional features and control.

However on the plus side, it has no subscription and doesn't require you to use Avira's own stand alone stuff after the first free year. Whereas other solutions tend to have a yearly fee because they offer traditional AV protection and advanced IPS features that require updating.
 

woodrowbone

Level 9
I am not sure how to compare the hardware in these thing, Avira run a quad-core lower MHz (717), similar for Gryphon right?
ASUS AC86U for example is running a dual-core with a much higher MHz (1.8)
I know the cpus have different architecture, but what does that translate in to in real life?
Is core count or MHz boss here?

/W
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
Cores versus clock frequency.

I swapped the motherboard of my old Windows 7 desktop Pentium dual core (with 5GHz mobo throughput) with an old I7 920 (with 4.8 GHz mobo throughput) having nearly same Passmark CPU benchmark. . It was faster swapping mobo than installing Windows 7 completely for an older relative who had problems getting used to Windows 10.

Because I have a silent PC-case (isolated) and old i7-920 uses a lot more energy and produces a lot more heat, I reduced the clock frequency a little and added a 120mm fan (my PC case was fan less except for the fan which was build in the power unit) to reduce the heat of CPU.

To my surprise the startup of Chrome felt faster. Testing it with AppTimer indeed showed the old i7 is faster in practice. The i7 was 15% faster than the Pentium (CPU benchmark), but with reduced clock frequency it should be nearly the same.

The benefit of being able to process tasks in parallel with low to CPU load has more practical advantage because 90% of the time we are not using 100% of CPU capacity. So my guess is that more cores/threads is beneficial when CPU capacity is not utilized to the max (compared to CPU with less cores and simular CPU benchmark).
 
Last edited:

Handsome Recluse

Level 21
Verified
Cores versus clock frequency.

I swapped the motherboard of my old Windows 7 desktop Pentium dual core (with 5GHz mobo throughput) with an old I7 920 (with 4.8 GHz mobo throughput) having nearly same Passmark CPU benchmark. . It was faster swapping mobo than installing Windows 7 completely for an older relative who had problems getting used to Windows 10.

Because I have a silent PC-case (isolated) and old i7-920 uses a lot more energy and produces a lot more heat, I reduced the clock frequency a little and added a 120mm fan (my PC case was fan less except for the fan which was build in the power unit) to reduce the heat of CPU.

To my surprise the startup of Chrome felt faster. Testing it with AppTimer indeed showed the old i7 is faster in practice. The i7 was 15% faster than the Pentium (CPU benchmark), but with reduced clock frequency it should be nearly the same.

The benefit of being able to process tasks in parallel with low to CPU load has more practical advantage because 90% of the time we are not using 100% of CPU capacity. So my guess is that more cores/threads is beneficial when CPU capacity is not utilized to the max (compared to CPU with less cores and simular CPU benchmark).
 

AndreiP

From Avira
Verified
Developer
Hi everyone,

As one of the guys behind the SafeThings product, I was extremely pleased to run into this thread.

I’d love to learn more about your thoughts around our product:
- what would motivate you to buy such a product?
- what is it missing in the product that would turn it into a must-have?

Thanks everyone,
Andrei
 

Glashouse

Level 4
Verified
Hi @AndreiP,

perhaps I am not the average user, but for me, Avira Safethings has the same drawback as its competition:
As far as I got it you have to use the build in WiFi which I don't want to do as I need more access points to cover my house.
Every AP is wired as I don't like meshed APs.

Sending all traffic through two ethernet ports (one in, one out) would be a cool feature....

But as I said, I might not be your main target for this product.

cheers
 

Cortex

Level 11
I'm not fond of controlling such devices via yet another app, I have enough trouble maintaining battery levels on my iPhone 8 already without further drain - Probably the wrong generation? I would first be interested on tests in real world experiences before buying anyway. Two Ethernet ports not enough for me at all. All in all looks good but as it's controlled from the 'cloud' I can only wonder if my streamer for example will suddenly be removed for reasons unknown? I and any cloud often do disagree. I will be interested in time, maybe. BTW I really dislike Avira AV solutions so I don't suppose that helps either :emoji_fearful:
 

AndreiP

From Avira
Verified
Developer
Hi @AndreiP,

perhaps I am not the average user, but for me, Avira Safethings has the same drawback as its competition:
As far as I got it you have to use the build in WiFi which I don't want to do as I need more access points to cover my house.
Every AP is wired as I don't like meshed APs.

Sending all traffic through two ethernet ports (one in, one out) would be a cool feature....

But as I said, I might not be your main target for this product.

cheers
The hw config (MIMO) allows us to roll out mesh capabilities in the near future. But I totally understand heavy techies want to build and control the infrastructure on their own ;).

The traffic pass-through idea is great. Thanks a lot!
 

woodrowbone

Level 9
Hi everyone,

As one of the guys behind the SafeThings product, I was extremely pleased to run into this thread.

I’d love to learn more about your thoughts around our product:
- what would motivate you to buy such a product?
- what is it missing in the product that would turn it into a must-have?

Thanks everyone,
Andrei
Hi Andrei, welcome to the forum!

I for one would like you to adress some of the questions already asked in this thread, IPS, Malware protection, CPU comparison etc.

/W
 

AndreiP

From Avira
Verified
Developer
Hi Andrei, welcome to the forum!

I for one would like you to adress some of the questions already asked in this thread, IPS, Malware protection, CPU comparison etc.

/W
Definitely.

Re CPU comparison - we chose to go for more cores vs high frequency because we profit more from parallelisation rather than high computing power. We deemed it's best to distribute tasks like L3 routing and acceleration, networking ancillary services (DHCP, DNS proxying, mesh etc), packet sniffing / inspection, and additional services (VPN server, smart home services, plus more additional features to come) over separate cores.
We did a lot of benchmarking at the beginning and this architecture was a winner.

Re malware protection - we are not doing DPI, but rather a shallow inspection of packages in the sense that we are not analysing the payloads that are being trafficked across the network (with a few exceptions that are required for device ID). Since SafeThings was built to secure connected devices other than the traditional ones (Windows, MacOS, Android, iOS), we rely most of out anomaly detection engines on regression / machine learning algorithms that continuously baseline the *network behaviour* of the IP connected devices.
Some examples: a connected light bulb should not employ FTP connections, a thermostat from the same vendor/same model in the same geography should have a similar network behaviour to other similar deployments - and if it starts connecting to a strange DNS/IP then the anomaly sensing starts and actions are enforced. All that ML logic happens in the cloud.
Malware protection at the edge, on traditional devices, can be complemented with Avira AV endpoint protection.

Re IPS - on top of the anomaly detection engines, we're also checking all the incoming connections (against blacklists & behaviour-wise), as well as the connections between the LAN devices to sense botnet CNC activity or devices with dodgy behaviour (ip cam doing port scanning, smart tv maintaining an always-on connection with a cloud service, failed login attempts over ssh/httpbauth etc.).
 

motox781

Level 8
Verified
AV's getting into the router business. Good thing. I'd rather my stuff be protected at the 'point of entry'. The question is, which one to choose that actually "updates" firmware on time when vunerabilities/etc are detected (like android phone manufacturers or box store routers of today.../facepalm) + a thousand other variables over my head haha.

I'll prob buy one in the next couple of years. My Google WIFI Mesh is working fine for me ATM.

@Slyguy prob has the best consumer router available ATM (Gryphon). I'm sure they do a good job.
 
Last edited:

woodrowbone

Level 9
@AndreiP
In a product like this, Malware protection and packet inspection is necessary, I think all the competition have it?
If I choose a product to protect my entry point, it should be able to protect all appliances hanging on the LAN side.
Regardless if it is a PC or a fridge. The PC could be installed with poor security, making the entry point very important.
To make the product more interesting for more people, the possibility to use it as transparent bride, filtering the traffic behind another router would be a great thing.
I think this is what Glashouse ment also, or?

/W
 
Last edited:
  • Like
Reactions: ZeroDay

Threadripper

Level 7
Everything on my network bar an Amazon Echo and Smart TV are on Linux or iOS, I wonder which would be worth buying as the actual AV software they come with will be of no use.
 
  • Like
Reactions: AndreiP

notabot

Level 11
Hi everyone,

As one of the guys behind the SafeThings product, I was extremely pleased to run into this thread.

I’d love to learn more about your thoughts around our product:
- what would motivate you to buy such a product?
- what is it missing in the product that would turn it into a must-have?

Thanks everyone,
Andrei
It's good to be able to talk to product folks directly and a great move you did to ask users !

my list ( may provide more points over the coming days )

1) privacy, I want the filter lists to be downloaded locally and applied locally by the UTM, no sending of domain names or their hashes to an Avira endpoint. This will be good for you as well, data fines in the EU are becoming a real thing.

2) if you do provide a web management dashboard, which would be nice, make sure it does it's the UTM that does the connect(...) call and your backend that does the listen(...), I don't want any open ports that are internet facing ( so your backend will be doing pushes ). Do not have any ports open to the internet, preferably no ports open at all and admin is done either via web dashboard and bluetooth only.

2.5) If you do that, do the authentication & certificate work right and ofc only allow strong ciphers in your TLS, a man in the middle attack compromising a UTM would be nothing short of a disaster.

3) email alerts ( for suspicious "dial-outs", portscans comming from the web etc )

4) strong filtering per device that can be used for parental controls, ie while pr0nhub may not have malware, parents should have the option to bank explicit content for underage kids.

5) Do NOT do deep packet inspection, I don't want my UTM doing MiTM to my devices.

6) Auto updates ( again good work with signing the updates, and authenticating your server to the UTM , rolling the certificates etc is very important )

7) support virtual LANs, eg one for guests, one for kids, one for parents

8) support for OpenVPN ( esp if VPN could be assigned per VLAN, that would be great )

9) geo-blocking -- if there are no legal issues with providing this ( there was talk that in the EU geoblocking may become illegal, didn't watch what happened )

10) Mesh support

11) detection of network cards in promiscuous mode

12) WPA3

14) good practices for authentication the administrator to the machine ( not plaintext like the other routers I'll leave unnamed ... ) and also authenticating the machine to the user ( no self signed certs like other routers )

15) 2FA for your web dashboard

16) out of the box ability to block Alexa, Google voice etc per device. These days sadly these come bundled with a lot of 3rd party devices and many users feel strongly about this.

If you do integrate it with local AV, eg the UTM being aware that the connection started from machine XYZ from a process forked of powershell, this would be a heavy plus but maybe too much to ask for version 1 of your product.

Hope it helps and good luck !
 
  • Like
Reactions: AndreiP and ZeroDay

Slyguy

Level 42
Verified
Interesting product. It's basically a less mature Gryphon without the deep parental controls, flexibility and privacy involved with Gryphon but it looks like it could be a contender at some point. Their site comparison has Cujo on it, which is invalid, Cujo is out of business. F-Secure Sense is on there, but that is pretty well known to be an anemic device. Better to compare Avira with Bit Defender Box, Bullguard Dojo, Norton Sphere and Gryphon.

Also I agree in that the endpoint offering with some of them is irrelevant. I like Eset on Gryphon, but have no desire to have Eset on my endpoints at this time so there would be no added value with that.

As for packet inspection, all of these would use TLD and SNI identification of traffic, not actual MiTM. Gryphon does L7 application layer inspection but doesn't utilize MiTM, it uses application identification via header indicators, SNI, TLD. For IPS/AI/ML, it generally works off port anomaly detection, and wouldn't be inspecting actual traffic.

Also critical is privacy. All of these devices should download filtration lists rather than send TLD/SNI data to a remote server for ack. I wouldn't use a Gryphon if it didn't do this because it's too great of a privacy risk. So as notabot pointed out, we all sort of feel this is critical. Also logging should be MINIMAL and not ex-filtrated from the router unless triggered by the router owner themselves.
 
Last edited: