Monday, August 20, 2012

Can I Evade ScanSafe Anywhere+ ?

Dragos Lungu Dot Com | Can I Evade ScanSafe Anywhere+ ?

Can I Evade ScanSafe Anywhere+ ?

scansafe anywhere plus

ScanSafe just launched Anywhere+, a very cool web security service which is intended to provide web content security for roaming users.

Well, securing the laptops used by sales or marketing staff  *outside of the company’s premises* has always been a pain in the behind :) and I’m afraid this will not change overnight.

However, I find ScanSafe’s approach interesting and it might just work this time… but how does it work? Is it a proxy setting? Is it a VPN connection? Is it a browser plugin? I don’t know so I had to find out. I applied for a trial account and I hope I will get to the bottom of this issue soon.

Sure, the marketing presentation looks nice:

And so does the explanatory text:

  • Authenticates and directs your external client Web traffic to our scanning infrastructure. 
  • Numerous datacenters are located all over the world from Sydney to San Francisco ensuring that your employees are never too far from our in-the-cloud scanning services.
  • SSL-encryption of all Web traffic flowing to us improves security over public networks

So, I’m guessing that Anywhere+ alters the browser itself and no matter how you get on Internet, the web requests will be redirected to ScanSafe’s data centers where the response is checked for web malware.

This raises a few questions on the adoption of this technology:

  • User’s online privacy could be questioned – Lots of authentication pages don’t use SSL
  • If this technology is browser dependant (my money is on Internet Explorer), what would prevent a smart a$ user to use a different browser such as portable apps

I wish ScanSafe Anywhere+ best of luck because the service is much needed and it’s distributed architecture looks promising.  And guys, please don’t forget my application for a trial version :)

UPDATE:

I got an email from Spencer Parker, Director of Product Management at ScanSafe and here are some clarifications:

1. The software works at the protocol level, not application level. This means it works with any application that uses the HTTP or HTTPS protocols. This means if users go ahead and install another browser to bypass corporate proxy settings (which a lot do!) then the Anywhere+ driver still redirects the protocols correctly to the closest ScanSafe scanning tower.

2. We use an SSL tunnel to get all HTTP and HTTPS traffic to the scanning tower. It does this to add an extra level of security to the application (stop people sniffing your traffic at wireless hotspots etc) and for other reasons as well.

I’m still waiting for my trial account :)

No comments:

Post a Comment