Jump to content
RESET Forums (homeservershow.com)

Luma and its enterprise security or should I say lack of?


itGeeks

Recommended Posts

itGeeks

I sent Luma the question below regarding security or should I say the lack of.

 

As for the Eicar antivirus/malware test files that is the most concerning to me, It seems that Antivirus/Malware protection is none existent and that is very disturbing to me. I had to disable Sophos end-point protection on my test computer before I could test Luma with these test files because Sophos endpoint protection kept blocking them as it should before I could see if Luma was providing the promised enterprise protection with antivirus/malware. If this is the same vaporware as the promised port forwarding and and features we should of had at launch like we where all told then Luma needs to make it very clear to its customers that its not active yet but will come soon with all the other vaporware. Please let me no ASAP if Luma is doing Antivirus/malware scanning and if it is then y on earth is the very popular Eicar test files getting threw.
 
I look forward to your response,
 
Luma's response-
Luma Support (Luma)
Jul 13, 9:52 PM EDT
I did not want to respond earlier around your eicar inquiry before I had some additional confirmation. I received confirmation on what i thought to be the case. Basically, we are not scanning as an AV engine for malicious files or doing any sort of signature matches today. We are looking at your network behavior to determine if there is malicious/suspicious communication between your home devices and external sites. We push out periodic updates to that information to expand the net, but essentially we are looking for nefarious network behavior that we call attention to vs. traditional malware.
I will also check on a timeline or inquire if this is a expected future feature item.
I hope this helps.
On your earlier conversation around automatic channel reelection, I will also have to check and see if that is on the roadmap. Currently it is not slated for the near future (within the month) but I will have to look beyond that.
Luma Support

 

  • Like 1
Link to post
Share on other sites
tjstansell

Honestly, this response from support doesn't surprise me.  I don't know where I read it, but I remember seeing something about how it scans your network for suspicious network activity.  When I read that, I remember thinking, "hm... so it will alert me *after* I get a virus or malware and attempt to prevent the spread.  sure wish it stopped the malware from even being introduced in the first place."  Maybe it was this FAQ entry: http://support.getluma.com/hc/en-us/articles/222490648-How-does-Luma-make-my-network-more-secure-

 

I do agree though that that is a very different message than the marketing blurb "Luma secures your devices, neutralizes any threats automatically, and keeps you in control of your network".

 

The more and more I read about Luma, see their responses to questions (or lack thereof), etc, the more I'm tempted to just ditch them and move to eero.  I did get a coupon code from eero for $100 off, which means it's $100 more than my luma pre-order, but at this point it's almost worth it.  I think at this point I just have more respect for eero as a company.

Link to post
Share on other sites
qtopplings

I don't think they ever explicitly said that they would function as an anti-virus scanner.   Everything I read was exactly what they said in the reply;  they would scan the network for any suspicious outgoing activity and then lock that down and notify you.  There's no real time scanning of files/data coming in....I don't think that is a function of a router.

Link to post
Share on other sites
itGeeks

I don't think they ever explicitly said that they would function as an anti-virus scanner.   Everything I read was exactly what they said in the reply;  they would scan the network for any suspicious outgoing activity and then lock that down and notify you.  There's no real time scanning of files/data coming in....I don't think that is a function of a router.

Please don't take what I am about to say as trying to be rude or disrespectful, You can slice it anyway you want 7 ways to heaven but Luma is using many buzz words that are giving us all the false sense of protection, They need to be clear and concise of what Luma is offering in the protection department. To your own admission the protection as you understand it is useless y? Because its going to take a user getting a virus 1st then in hopes of it phoning home in a suspicious way for Luma to decide if the user should be notified that they may have a virus? What about all the viruses that don't phone home but destroys there computer and files or worse they encrypt there personal files with an attached ransom to unlock them? The internet is a major threat and with big buzz words like enterprise protection front and center that's a bad thing. In all my testing there is not even Micky mouse protection at this point and customers should be made aware. Take a look at this review from pcmag below and you tell me y I am so angry regarding the protection Luma is really providing today vs the hype.

http://The Luma offers a built-in Security feature that continually scans all connected devices for malware and vulnerabilities to hacking and viruses. It will quarantine infected devices and attempt to purge them of infections, and will send a push alert to your mobile device when something is detected. You can check your status by tapping the Security icon on the bottom of the Home screen.

 

I will quote what I am talking about below-

 

"The Luma offers a built-in Security feature that continually scans all connected devices for malware and vulnerabilities to hacking and viruses. It will quarantine infected devices and attempt to purge them of infections, and will send a push alert to your mobile device when something is detected. You can check your status by tapping the Security icon on the bottom of the Home screen."

 

Guess what? In my testing Luma is doing no such thing. I disabled my endpoint protection again today on my production laptop and downloaded several virus test files from Eicar and let them stay on my laptop all day, Luma never once notified me via a push notification/email that I had a virus on my computer, When I got back to the office I thought maybe it at least disabled my laptop from communicating to my network or the internet, Nope it did not my laptop worked just fine with web browsing and sharing files on my network. Take a look at the update I got from Luma today regarding my security concerns below-

 

"Luma Support (Luma)

Jul 15, 9:01 AM EDT
Hi,
I also found a little more information on the network scanning side of things.

There are plans to expand our network behavioral analysis and to include potential malware scanning as well. This is a roadmap item, but no ETA currently.

With respect to your question, we should be blocking sites known to be malicious or serving up malicious content. the eicar site would not be one that is actually malicious from a site perspective.
With respect to the question of why are the luma dev not accounting for future channel congestion, i believe this is pending as I mentioned earlier, but I do not have an ETA on that as well.
Bandwidth steering is something that is also on the roadmap but as you know some clients will not necessarily follow the steering recommendation. It will depend not he client a well as the recommendations from the Luma.
With respect to the quote, it is referring to the network behavior analysis that we are offering today that scans and looks for communication to malicious sites and alerts you in the Unrated mode and blocks in other modes depending on what your settings are configured to. This works in parallel to the policy controls around parental controls. Also, pending features on the roadmap will enhance this as we role them out in the coming weeks and months.
I hope this helps.
Thanks,
Luma Support
 
My thoughts as frustrated as I am, Is Luma has no business at this point wanting to be first inline on any network, At best it should be a 'bridge mode' device connected to a capable router providing some sort of basic network protection, Luma does not even have a firewall built in according to my testing. Luma as a router is a train wreck at best at this point. The wireless has been rock solid for just over two weeks so that's a plus. The rest is vaporware and don't install Luma 1st inline to protect anything.
 
All I can say is Luma better be working around the clock to get on feature parity in the security department to offer the basic network protection that a cheap 100.00 'off the shelf router' offers that you can purchase from any Best buy, Micro Center or Fries and in case you don't no what I am talking about a REAL FIREWALL for pete sakes. Sad to say the least.
Edited by itGeeks
Link to post
Share on other sites
itGeeks

Update from Luma I got yesterday-

 

Luma Support (Luma)
Jul 19, 2:54 PM EDT
 
There is not an explicit av system currently running on the device, however if the device is trying to reach a site known to deliver malicious content and you have an R policy in place, then this should prevent communication to said site.
Currently, the device is looking at the traffic vs the content to take preventative actions. Also, if set to U-restricted, then you will still get a notification, but not blocked.
Luma does plan to roll out new signature based detections going forward, but it is not currently implemented.
With respect to hiding FW ports, currently Luma is blocking ports as you noted and not going the obscurity route. That may change in the future depending on requests from the field, but not currently in place (as you noted).
I hope this helps.
Luma Support
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...