My own experience, in a couple Twitter threads:
https://mobile.twitter.com/PaulGowder/status/129693268470763...
https://mobile.twitter.com/PaulGowder/status/129686524552122...
Tl;dr: I installed their VPN software on my personal computer in order to get remote library database access during COVID. It turns out that it wanted to know everything about my system and I had to rip holes into configuration files 99% of users couldn't even find in order to stop it.
With some tweaking you can also use it to configure a split tunnel (at least on Linux) VPN so that your employer can't spy on all of your web activity. (Really for any VPN you just need to update the routing table after the VPN software is running).
On a positive note, I now have a reason to use to MacBook touchbar. Setup an Automator action to kill the PIDs to release the GPU when I no longer need to use VPN.
https://github.com/sqlitebrowser/sqlitebrowser/commit/72a452...
You can manually add that to applications that don't have it, to see if it works. :)
Which is ultimately a bug, or a missing feature, in MacOS -- it shouldn't be possible for a random broken app to make your 10h battery only last 1h -- change my mind.
Coincidentally, even though MacBook Pro 16" has a much larger battery than MacBook Air -- ~100Wh vs. ~50Wh -- MBP is also capable of consuming said battery at a much faster rate -- 100W vs. 30W. So, if you need an average web-browsing machine with the best battery runtime in the presence of silly apps that consume all available resources, it's actually a much better choice to get MBA vs. MBP.
Why Apple doesn't introduce a setting to optimise the runtime for battery, or a lap-use mode, is beyond me. I had to install Turbo Boost Switcher to make my 2020 MBP16" usable as a laptop -- it runs out of battery, and is too hot to use on a lap, otherwise. Sadly, there's not even any tool to reliable turn off the graphics card, either -- I had to find a setting to switch it off in Firefox manually.
Apple should expose services in Control Center instead of making you use the terminal.
Especially given how obtuse launchctl is to work with compared to it’s Windows and Linux counterparts.
All of these things are actually configured by the company/library you are connecting to. They are configuration options for the firewall that are enforced by global protect. Blame your library IT, not Palo Alto.
How easy is it for a non-expert to determine what the vpn client will or will not do, once deployed?
In our case we were required to verify that any machine that connected to our VPN was sufficiently updated, had a backup taken, was running AV and was recently scanned for malware, and had disk encryption enabled with our recovery key.
It's straight up malware that modifies things that can break your computer.
And it's not like they're going to offer support for fixing it.
Do take the letters seriously... determine whether there are valid legal claims presented. But if there are not, it is a scare tactic, so don't stress over it.
Their intent is to prevent their customers and potential customers from hearing criticisms of their products.
That alone is enough to make me never do business with them again. Legality means nothing, this was a breach of ethics and honesty.
We are a tiny company building an open-source alternative to an existing SaaS app and we have received two such letters in the last 6 months. First time I just replied in an email, second time I had the lawyers respond to create a legal trail. I don't think we were at fault in both the cases but it is still not worth it.
This is not reasonable advice. 95% of lawyer's letters that we receive are without legal merit and do not lead to any legal action if ignored. You can generally tell which ones have merit. If you're not certain, sure you can ask a lawyer - but even asking a lawyer costs money, so don't bother for letters that are obviously attempts at intimidation.
As a serial entrepreneur that is the brains in building the entire hardware and software of several acquired systems I have been the recipient of multiple such certified delivery cease and desists. While my case does not match that of this topics point mine was threating to inform me to stay out of the industry which clearly I did not, just a scare tactic without grounds because they knew of my talents. My most recent exit I secured a legally binding document with the new owner that states I cannot be pursued for anything by either the parent company or any future subsidiary. It has been crickets.
As others say your best option is to read and understand your situation since you lived it as no one will care more about it than you, not even a lawyer you are paying but they will gladly take your money, again from experience.
Is the validity of the legal claim that relevant? If deep pockets co. wants to sue you into oblivion can't they just drag the trial forever and make sure you go bankrupt from legal fees before reaching a judgement?
OP is not some independent site doing a neutral review. This is a competitor pretending to be neutral (and doing a laughably bad job at it; the "referee" is their evangelist).
So they basically make a untrustworthy video that (surprise, surprise) comes to the conclusion that their product is better, provoke Palo Alto into a hamfisted knee-jerk response, and now try to drum up cheap publicity by posing as the victim.
I have always regarded Palo Alto's products as snake oil, so this is not a fan defending their team.
That said: This behavior of Orca is reprehensible and you should not reward them with your attention.
Not that I agree with Palo Alto's lawyer, I just don't like misleading titles.
New York only matters if either party has standing in that jurisdiction. Palo Alto Networks(California) and Orca Security(Israel) would not, however there could be made a case that the video in question resides on servers(youtube) in New York.
The argument for the application of 15 U.S. Code § 45b appears to only apply to "form contracts".
> means a contract with standardized terms— (i) used by a person in the course of selling or leasing the person’s goods or services; and (ii) imposed on an individual without a meaningful opportunity for such individual to negotiate the standardized terms.
It appears as though the EULA is a form contract and Orca indeed falls under the protections of the Consumer Reviews Fairness Act.
EULA: https://www.paloaltonetworks.com/content/dam/pan/en_US/asset...
Cisco is the worst by far, the Fortinet are not fun to use but have an incredible $/performance ratio, and the Palo Alto ones are by far the most expensive but also the most enjoyable to use.
They're certainly not without their faults, and we've had issues with them that took time to remedy, but I wouldn't trade them for anything else I've seen so far from competitors.
If so, I have bad news for your license compliance...
As part of a team choosing a new technology for something, you really need to take a lot of things into consideration. This would be one thing your legal department would need to consider, undoubtedly. However, if you are trying to choose such a critical technology as your infosec stack, and you completely remove a company from a bakeoff because of a negative review (which this essentially is), then you are not running your bakeoff properly.
PA firewalls and systems are pretty freaking good. I haven't worked with Checkpoint for a long time, but hear they got good a few years back when PA started eating their lunch. FirePOWER is the devil, as is Cisco.
Now I don't anymore. That's a bunch of money that will go to someone else.
This is the price when you have to defend the technical aspects of your solution with lawyers.
PAN, for all their true issues, puts out some impressive products. There is a reason they have eaten Checkpoint and Cisco FirePOWER's lunch.
Hilariously, my company blocks the article because it is a non-approved TLD. But I challenge you to defend the lawyers and ethics of other large infosec players.
"Better than Cisco" is some pretty strong damning with faint praise.
But this news of a reviewer getting cease&desist nastygram from PANW erodes some of the trust that PANW started with by default in my mind.
They're not the only company to try to prevent independent benchmarking and reviews, but I've never liked that from any company.
Perhaps this could be a learning moment for PANW, and they decide to change some policies?
(I actually have one of those big old Palo Alto Networks blue rackmount firewalls right here, purchased with the intention of playing with it, either for ideas for OpenWrt features, or to decide whether to buy a new little one for interim use until I have more time for open source. I'm not getting much warm-fuzzies from the big blue metal box at the moment, but maybe that will improve.)
In response to your "Cease and Desist" letter of 4 September 2020 to Avi Shua of Orca Security, we refer you to the reply given in the case of Arkell v. Pressdram [0].
Sincerely,
The Internet
--
[0]: https://lettersofnote.com/2013/08/07/arkell-v-pressdram/
That seems unlikely given if that were true, we would expect a public response from Palo Alto to that effect?
That isn’t a ploy that would work very long and the backlash and damaged reputation would be significant if that occurred.
[IANAL] if that is true i wonder whether PA Networks exposes itself to counter suit as i think i know at least one similar (in my layman view) case where inclusion and enforcement of a contract provision violating a specific consumer law protection provision was a ground for successful class action. In such a case one doesn't even need to actually fight the legal battle themselves, just show it to lawyers with time to spare, and even just mentioning such possibility may be enough on its own.
That said, build better products, don't take down crappy reviews. I've had terrific experiences with my PA FW's and Panorama isn't too shabby as far as centralized mgmt solutions go - I'd hate to see them throw away all the good will they've built up with stupid choices like this.
For PA to risk ruining other people's careers (for being honest!) just to artificially inflate the reputation of their own crappy product isn't something I can forgive very easily.
I also got the email that orca probably sent to everyone in their CRM about this, and while I didn’t need any reason to think less of prisma, I now associate Orca as a competitor and probably an earlier call than palo alto for cloud.
If it's using RQL for that I would take that as a redflag that it won't support much customization or logic that would allow you to tailor it to your organization.
(Gartner is a joke. There, I said it.)
a good example of this was a cisco asa with firepower (which in itself ia a terrible solution, but alas). even at "just" 50% of the specced load, we started seeing weird issues in regards to IPsec tunnels. (SA's randomly dropping, getting abysmal performance at certain times etc).
But it looks like more people have upvoted this post than actually watched the video, so maybe that isn’t going to happen.
Are you trying to sell me access to a comparison trying to sell me on your product? Im confused and amused.
1. Installation and/or execution of software constitutes copying (the "RAM Copy Doctrine") which is only lawful if the person currently using the software has been licensed or sold the software
2. Licensing restrictions can restrict license holders from exercising rights they otherwise would have as a matter of law
There is nothing prohibiting you from only licensing your software out under terms that prohibit licensees from exercising fair use or first sale rights. Indeed, this is one of Oracle's main "innovations": ever since Larry Ellison failed to get David DeWitt fired for daring to benchmark Oracle, they just made everyone who buys Oracle promise not to benchmark it. This is legally sound and the only way around it is to argue that the software transaction was actually a sale and not a license - as far as I'm aware, though, nobody has been able to successfully articulate such a claim.
Seems like the usual situation to me. :(
