Slyguy

Level 43
Hi everyone,

As one of the guys behind the SafeThings product, I was extremely pleased to run into this thread.

I’d love to learn more about your thoughts around our product:
- what would motivate you to buy such a product?
- what is it missing in the product that would turn it into a must-have?

Thanks everyone,
Andrei
Hello Sir,

I have not had the pleasure of trying one personally. Also it is not currently available in the USA so I can't get my hands on one for testing. A few quick questions, and some suggestions based exclusively what I can find on the website;

1) Does this act as a DHCP server as a primary on the network?
2) Can DNS be switched to an INTERNAL DNS server? (it bugs me that Gryphon cannot, I want my Pi-Hole online)
3) Does it send logs, if so, how verbose?
4) Does it send TLD and SNI information on visited websites or is everything local on device?
5) Can telemetry be adjusted/eliminated/reduced? Is the telemetry encrypted?
6) Is there custom blacklisting/whitelisting of sites/domains?
7) Parental controls by age group? Homework time? How deep are the parental controls?
8) Website states it detects incoming traffic to IoT devices and stops them. How does it determine if the remote IP is a qualified source or not?
9) What level of filtration is there for malware? Is it simply malware domains?
10) Does it have RRP that can be disabled? (Manual channel selection)
11) Is low power mode and scheduled WiFi on/off available or coming?
12) Is the device hardened? SSH closed up? Etc?

Another feature, lobbied by ME for Gryphon was inclusion of ad-blocking within the firewall itself. This is an absolutely phenomenal feature. It's aggressive, and it should be, but you can whitelist. This allows me to not feel the forced need to use my Pi-Hole because quite frankly, Gryphon blocks enough ads to where you don't need a browser or DNS adblocker. Any chance Avira will take an aggressive stance against ads and trackers like this? Malvertising is real.

I'd be very curious to try it when it is available and would surely do so!
 

AndreiP

From Avira
Verified
Developer
Hello Sir,

I have not had the pleasure of trying one personally. Also it is not currently available in the USA so I can't get my hands on one for testing. A few quick questions, and some suggestions based exclusively what I can find on the website;

1) Does this act as a DHCP server as a primary on the network?
2) Can DNS be switched to an INTERNAL DNS server? (it bugs me that Gryphon cannot, I want my Pi-Hole online)
3) Does it send logs, if so, how verbose?
4) Does it send TLD and SNI information on visited websites or is everything local on device?
5) Can telemetry be adjusted/eliminated/reduced? Is the telemetry encrypted?
6) Is there custom blacklisting/whitelisting of sites/domains?
7) Parental controls by age group? Homework time? How deep are the parental controls?
8) Website states it detects incoming traffic to IoT devices and stops them. How does it determine if the remote IP is a qualified source or not?
9) What level of filtration is there for malware? Is it simply malware domains?
10) Does it have RRP that can be disabled? (Manual channel selection)
11) Is low power mode and scheduled WiFi on/off available or coming?
12) Is the device hardened? SSH closed up? Etc?

Another feature, lobbied by ME for Gryphon was inclusion of ad-blocking within the firewall itself. This is an absolutely phenomenal feature. It's aggressive, and it should be, but you can whitelist. This allows me to not feel the forced need to use my Pi-Hole because quite frankly, Gryphon blocks enough ads to where you don't need a browser or DNS adblocker. Any chance Avira will take an aggressive stance against ads and trackers like this? Malvertising is real.

I'd be very curious to try it when it is available and would surely do so!
1) Yes
2) Yes
3) It sends aggregated stats from netflow, in order to construct and benchmark behaviour models in the cloud (here we do ML-based anomaly detection)
4) & 5) Yes, as a natural consequence of 3
6) Yes
7) Admin can create roles (users) and attach devices to them. Then rules (content based, time based) can be applied either on roles or per-devices.
8) Our most powerful engine to detect such dodgy connections is the ML anomaly detection (we also employ crowdsourcing looking at the same device behaviour in multiple deployments), but we do employ as well whitelisting and blacklisting (Avira URL Cloud)
9) We analyze behaviour (netflow), and don't do MitM. This is why SafeThings is a fit solution for IoT devices; for files security on traditional devices we include Avira Prime.
10) Will have to check with the tech team and come back to you.
11) Yes, it's on the backlog with a good priority attached to it.
12) Yes, we spent a good amount of time to do proper security and hardening. SSH is locked down.

Thanks a lot for the time and feedback. Great pack. And yes, ads is something we're fighting against, as well as PUA (potentially unwanted apps). This device is good addition to our portfolio in that war.

Thanks,
Andrei
 
Last edited:

AndreiP

From Avira
Verified
Developer
It's good to be able to talk to product folks directly and a great move you did to ask users !

my list ( may provide more points over the coming days )

1) privacy, I want the filter lists to be downloaded locally and applied locally by the UTM, no sending of domain names or their hashes to an Avira endpoint. This will be good for you as well, data fines in the EU are becoming a real thing.

2) if you do provide a web management dashboard, which would be nice, make sure it does it's the UTM that does the connect(...) call and your backend that does the listen(...), I don't want any open ports that are internet facing ( so your backend will be doing pushes ). Do not have any ports open to the internet, preferably no ports open at all and admin is done either via web dashboard and bluetooth only.

2.5) If you do that, do the authentication & certificate work right and ofc only allow strong ciphers in your TLS, a man in the middle attack compromising a UTM would be nothing short of a disaster.

3) email alerts ( for suspicious "dial-outs", portscans comming from the web etc )

4) strong filtering per device that can be used for parental controls, ie while pr0nhub may not have malware, parents should have the option to bank explicit content for underage kids.

5) Do NOT do deep packet inspection, I don't want my UTM doing MiTM to my devices.

6) Auto updates ( again good work with signing the updates, and authenticating your server to the UTM , rolling the certificates etc is very important )

7) support virtual LANs, eg one for guests, one for kids, one for parents

8) support for OpenVPN ( esp if VPN could be assigned per VLAN, that would be great )

9) geo-blocking -- if there are no legal issues with providing this ( there was talk that in the EU geoblocking may become illegal, didn't watch what happened )

10) Mesh support

11) detection of network cards in promiscuous mode

12) WPA3

14) good practices for authentication the administrator to the machine ( not plaintext like the other routers I'll leave unnamed ... ) and also authenticating the machine to the user ( no self signed certs like other routers )

15) 2FA for your web dashboard

16) out of the box ability to block Alexa, Google voice etc per device. These days sadly these come bundled with a lot of 3rd party devices and many users feel strongly about this.

If you do integrate it with local AV, eg the UTM being aware that the connection started from machine XYZ from a process forked of powershell, this would be a heavy plus but maybe too much to ask for version 1 of your product.

Hope it helps and good luck !
Thanks for the great pack of feedback. This is really useful.
 

blackice

Level 15
Verified
Last edited:

notabot

Level 15
There are some channels used in Europe that aren’t used in the US. Different countries regulate the signals a little differently, but you may be able to get it to work if you really wanted to.
I see so the real issue would be compatibility with the WAN interface - that should be fine as I planned to use the provider's router for routing only and connect Avira's Safethings to it and effectively use Safethings for WiFi only ( plus its security features ).

That way would I be on the clear?
 

blackice

Level 15
Verified
I see so the real issue would be compatibility with the WAN interface - that should be fine as I planned to use the provider's router for routing only and connect Avira's Safethings to it and effectively use Safethings for WiFi only ( plus its security features ).

That way would I be on the clear?
That may work, however you may run into an issue of having a double nat. A lot of people who run routers behind routers run into problems.
 

blackice

Level 15
Verified
That depends on the router the provider gives, eg I already do that but with a different UTM device
Gotcha. I’ve never tried to use a WiFi router or AP meant for another country’s approved bands before so I’m not sure if it’s a bit deal or not. If you give it a shot good luck, and let us know how it goes. I really like the secure router idea and run a gryphon at the moment.
 

notabot

Level 15
Gotcha. I’ve never tried to use a WiFi router or AP meant for another country’s approved bands before so I’m not sure if it’s a bit deal or not. If you give it a shot good luck, and let us know how it goes. I really like the secure router idea and run a gryphon at the moment.
But ie Avira could geoblock another country, would be good if someone from Avira could comment, if it works, I'm happy to fork the cash to try the device.

Gryphon it's probably the best option at the moment but the priciest too, this is for a holiday place so any UTM is an overkill and I'm happy to settle for second-best.
 

AndreiP

From Avira
Verified
Developer
I apologise for the late reply; I've been meaning for some time now to post an update here, on the community.
The first batch of the Avira SafeThings router was a success, although in very limited supply. It was a first test for us, to see if there's a market for such a product. The feedback we've gotten was both solid and vast; there's a good portion of pride we've took in our results, but also sides where we need to do better have surfaced.

Where we're doing great - that's security, as that's what we've been doing for so many years now. That's where our team owns knowledge, and our innovative approaches to apply security for IoT have proved to work.
Where we needed to improve - that's hardware. As much as we strive to provide a strong suite of security and privacy features on a gateway, users will still demand top-notch networking capabilities from a box (mesh, hi-performance platform, latency booster, apps ecosystem). And that is totally normal.

This is why we have partnered with TP-Link - the global leader in networking devices - to provide a complete product for securing the smart homes. More details may be found here: Avira® and TP-Link® Join Forces to Offer Wi-Fi Routers with IoT Security for the Smart Home

The first TP-Link units that sport Avira SafeThings technology will emerge on the market in Q1 2020. I am so curious to read the first reviews here, on Malwaretips. :)

Cheers,
Andrei
-- on behalf of Team Avira SafeThings
 

woodrowbone

Level 9
Verified
Is it wise to place your tech on Chinese hardware with all that is going on with that right now?
I mean, everyone who has concerns with this will be unlikely to buy a Chinese router.

/W
 

notabot

Level 15
I apologise for the late reply; I've been meaning for some time now to post an update here, on the community.
The first batch of the Avira SafeThings router was a success, although in very limited supply. It was a first test for us, to see if there's a market for such a product. The feedback we've gotten was both solid and vast; there's a good portion of pride we've took in our results, but also sides where we need to do better have surfaced.

Where we're doing great - that's security, as that's what we've been doing for so many years now. That's where our team owns knowledge, and our innovative approaches to apply security for IoT have proved to work.
Where we needed to improve - that's hardware. As much as we strive to provide a strong suite of security and privacy features on a gateway, users will still demand top-notch networking capabilities from a box (mesh, hi-performance platform, latency booster, apps ecosystem). And that is totally normal.

This is why we have partnered with TP-Link - the global leader in networking devices - to provide a complete product for securing the smart homes. More details may be found here: Avira® and TP-Link® Join Forces to Offer Wi-Fi Routers with IoT Security for the Smart Home

The first TP-Link units that sport Avira SafeThings technology will emerge on the market in Q1 2020. I am so curious to read the first reviews here, on Malwaretips. :)

Cheers,
Andrei
-- on behalf of Team Avira SafeThings
Thanks for this, I realize there are NDAs for ongoing product partnerships and you can't announce new functionalities here before your official channels - however something like "existing product currently does XYZ but stay tuned !" does not break any NDA and the hint that there's product development going on currently is sufficiently strong.
To give you a concrete example while I needed this for 2020, in the absence of any info on whether Safethings supports a Mesh I went for another solution.
Not criticism btw, I'm happy with what I bought and the price I paid, more of a communications feedback/hint to boost sales of your product.
 

Umbra

Level 24
Verified
Is it wise to place your tech on Chinese hardware with all that is going on with that right now?
I mean, everyone who has concerns with this will be unlikely to buy a Chinese router.

/W
All Chinese stuff aren't forcibly bad...this kind of generalization is result of western brainwashing to win trade wars...
In business you go with the biggest seller. If they want success worldwide, TP-Link is the best choice especially in Asia where they are the main router provider, for example in the country i reside, all ISPs provide them and frankly the quality is quite good for the price (especially the Archer serie). Sure you can have better like Gryphon and others but in Asia no one will pay for it except geeks.
And if you really worry about "privacy/spying stuff", just use a VPN ;)
 
Last edited: