It sure read that way, LOL ... I know the story on this, but I'm not at liberty (I don't think) to explain further, other to say that the article is flawed. Expect an official response to this nonsense. The Astaro does a very good job of blocking attacks, otherwise my customers would be at my door with pitchforks.
Right, Bruce. What a waste of time. If the Army hired these two guys to choose a new rifle for the troops, they'd probably pick the one that hit the center of the bullseye on average, but never once even hit the target.
I hate when idiots who don't know anything start doing articles about firewalls. That is as bad as people who don't know anything about them and than install them for clients and mess them up and the appliance gets blamed rather the the idiot who set it up. There is no perfect firewall. But I have worked with Sonicwall's products and actually ripped one out to replace with an ASG.
we are aware of this review and are currently investigating what went wrong. As soon as we know more, we will communicate this to our partners, the UBB and on the Up2Date blog.
thanks for your support.
I have a request, could you do us a favor and help us by posting comment below the review about your experiance with astaro and how good or bad it is? That can hopefully lead away from the bad title of the review. Thanks a lot!
Hi guys, I had a read of a number of items on that site and came to the conclusion it is trying to be ultimate reference for firewall tests of certain types. But the downside would appear to be that they think they know how configure them, but the tests would indicate otherwise.
We all know it only takes one rule to be wrong whether it be a pf, proxy or nat rule to weaken security. Pity they didn't ask one of the resellers to review the configuration before running their tests.
I have a really hard time believing those stats; Astaro has done an outstanding job in detecting malware. At one time I was doing some malware research and had to disable the antivirus for my machines, and had a high-risk surfer for whom Astaro would block 20+ pieces of malware per day and kept that machine perfectly clean.
Avira's antivirus (one of Astaro's AV engines) is known for excellent detection, and while Clam AV (the other engine) doesn't have the best detection rates they frequently add detection for new malware faster than everyone else; the two together offer fantastic detection. In addition I find that SurfControl is also very good at blocking spyware sites; I have found that it blocks most of the sites detected by McAfee's SiteAdvisor without all the false positives.
Clearly they did do something wrong in their testing. It wouldn't surprise me if they only had SurfControl and/or just one AV engine enabled. Having worked for an anti-malware company in the past I can say from experience that even professional testers mess up quite a bit (often through misconfiguration or misunderstanding, which is understandable when trying to get through a dozen products quickly), and unfortunately we (as readers) don't usually get to find out what went wrong or how the product really performed.
When it comes down to it, tests of malware detection rates are rarely realistic; both for the reasons above and because the malware test beds are simply not reflective of the malware in circulation (e.g., they may test the first generation of a piece of malware when 99% of what's circulating are thousands of variants that go undetected, etc. etc.). To top it off we also have no idea what or how they tested -- for all we know that 74% could have been sites all serving up the same malware, and the author may have no idea of how to test such things properly (as mentioned, even "properly" done tests should be taken with a small Siberian salt mine).
It's just really a shame when such reports are published on such high-profile publications; doubly so when the publication's average readers probably don't know to be skeptical.
At least someone is attempting to test... good or bad it is always desirable to know if the appliance you have is actually doing the job.
I think the astaro has a throughput problem compared to my old cisco firewall, albeit, it is scanning for viruses, content filtering, watching for malware and doing some intrusion detection while still being a firewall. It is seeing about 20% less throughput than the old cisco was. In real life, that does not really affect day to day surfing but it does slow down big file downloads a bit.
I will take the throughput hit knowing it is offering great protection cause I can live with the tradeoff. On the other hand, if the test these guys ran was not flawed then we should not burry our head in the sand either just because we are astaro owners.
