Last week on PokerFuse we announced PokerShield. As a former (and hopefully future, once regulation passes) online poker player this is an idea I have had for some time. I even wrote an article suggesting that players do this themselves about a year ago. However, not all players may have the technical skills to implement this solution.
That is why SeNet and Pokerfuse are releasing this solution. As mentioned in the article it will be a completely free and open-source product. We hope to have a beta out for release in a month (perhaps sooner if government shut-down continues and I have more resources to put on it). It has already gotten some attention on 2+2 which I am pleased about as I was concerned if people would see a need for this type of platform.
I want to address a couple of the concerns\questions that were brought up in the 2+2 thread. First, why free? The information security community has a long tradition of releasing open-source tools to help and contribute. Look no further than Nessus, Metasploit, SNORT, and SET to name just a few. We also support another open-source project designed to teach developers about coding vulnerabilities in python led by one of our application security engineers, PyGoat. PokerShield is no different we want to contribute to the community and learn something ourselves through the creation process. Of course being open-source does have disadvantages, support and updates will not match that of a commercial product. But I do promise that as long as there is demand it will not become an abandoned project. And down the road if demand is incredibly high, new features are being requested, and support desired we may consider a pro version. However, that has not been discussed in detail and if we ever go down that path there will always remain an open-source version, following the metasploit\Rapid7 approach.
The second question or theme from the 2+2 thread was how will this really protect players and other questions about the architecture. I believe the data sheet gives a clear picture but I will repeat some of the more important points. The base is Linux because I believe that is easier to customize and secure. Players should not have to interact with the host operating system, unless they want to. It is just a base for the two virtual machines. The idea is if you only play poker from the poker VM you will dramatically reduce the risk of having your account compromised by targeted phishing attacks or some of these other schemes that have happened before. Is it still possible? Yes, but security is all about managing and reducing risks and I believe this solution will help.
Our goal is to make this as easy to install and use as possible, while at the same time providing a secure platform. Please keep the discussion and questions going as some players have good points. For example, I liked the suggested idea of a 3rd VM that would be used for more "dangerous" Internet activities. Stay tuned to Pokerfuse and SeNet for additional updates and news.