CUJO REVIEW

FOR

• Appealing design
• Handles up to 50 devices simultaneously
• US and UK phone support

AGAINST

• Setup can be complicated
• Won’t work on all networks
• Overpriced subscriptions
• Managed via iOS/Android apps only

CUJO is an intelligent firewall which aims to protect your connected home from online threats. From desktops to mobiles, tablets to smart TVs, CUJO monitors all network activity to keep you safe from harm.

Once set up, CUJO acts as a gateway between your devices and the outside world. It checks devices as they connect to your network, analyzes packets as they leave and arrive, looks for attempts to access malware command-and-control servers and tests for man-in-the-middle attacks. Threats are blocked automatically, although you can also see and control some of what’s happening via iOS and Android apps.

CUJO is much more than a simple hardware firewall. A lot of its processing is carried out in the cloud, where it analyzes metadata from your network connections, checks for problems and instructs your device to block any threats. This reduces the load on CUJO’s own processor, and makes it easier for the system to detect brand-new dangers.

Simple device-level parental controls are thrown in as a bonus, allowing you to block access to websites by type. There is no need to install software on the clients, everything is managed from CUJO and its apps.

Despite some overblown claims on the CUJO website, the device can’t replace your antivirus, and you’ll probably need to keep the same security software you’re using now. What you do get is multiple extra layers of protection, and that’s especially welcome for smart devices which can’t easily be shielded in other ways.

CUJO is available for $99 (£79) with a monthly subscription of $9 (£7.20). Alternatively, spending $158 (£126) gets you the device and one year of service, or a one-off $249 (£199) covers you forever, with no further payment required. Whatever you choose, a 30-day money-back guarantee is available if the device doesn’t work for you.

DESIGN

While most network devices get hidden away in a dark corner somewhere, CUJO is clearly designed to be seen. Its rounded cream-colored form looks almost as though it should hold rose petals, or a candle, or be an air freshener. It’s not too bulky at 124 x 124 x 146mm and 377g, and could be left in full view almost anywhere in your home without looking out of place.

As usual with networking kit, cabling can make your life more complicated. There are a couple of Ethernet ports at the back of the product, at least one of which you’ll need to use, and a short power cable with a two-pin adapter.

Turn on the power and you’ll notice another unusual touch: CUJO has ‘eyes’, oval LEDs which light up to signify device status. At a glance you can see that the power is on, the device is working (or not), when it’s in standby, even when the firmware is being updated.

This lighting scheme isn’t exactly intuitive, and we had to check the website to understand what was happening. But it does help you see what’s going on with the device, and in a way that doesn’t make CUJO seem intimidating. You might look at the smiling eyes and realize that means CUJO is actively protecting current network activity, but visitors will just see a cute plastic pot with a smiley face – nothing technical at all.

What’s happening in the background could be an issue for some, as it presents a fundamental privacy concern. CUJO works by collecting the IP addresses of the sites you’re accessing and sending them to the cloud, where they’re checked for any signs of danger. That ensures your protection is always up-to-date, but also means any time anyone visits a website on your network, that URL is being dispatched to the CUJO cloud.

Is this a danger? In a very brief FAQ page, the company says it collects “metadata based on destination IP addresses”, but only logs “that the communication of your CUJO device is functioning with our cloud.”

This appears to mean that CUJO maintains information on the sites all users are accessing, but doesn’t keep any personally identifiable trail. It’s still not ideal, but some other site-blocking applications take a similar approach, and we wouldn’t rule out the product for this reason alone.

HARDWARE

CUJO doesn’t come with much processing power. With a dual-core 1GHz CPU, 1GB DDR RAM and 4GB flash storage, we can see why the website says “in the cloud is where we do the heavy lifting.”

Still, CUJO doesn’t skimp on its network connectivity, giving you two Gigabit Ethernet ports to handle incoming and outgoing traffic.

There’s also support for Cryptographic Hardware Acceleration to help CUJO manage its cloud communications more quickly, and it’s claimed the system can protect up to 50 devices simultaneously.

The rest of the unit is kept as simple as possible. There are the Ethernet ports and a power connector, and a tiny recessed reset button, but no other switches or controls. CUJO is aiming to be a ‘set and forget’ device: once you’re up and running, you’ll barely need to touch it again (in theory, anyway).

SETUP

CUJO can be very challenging to set up, even for network geeks. Note that it may not even be possible to use with all hardware setups, so it’s important to dig into the detail before you buy.

You have two main options. The first, ‘DHCP Mode’, can seem the simplest. Connect CUJO to your normal router, change your network settings to use CUJO as a gateway, and everything currently using your network connection will automatically be protected.

In some cases, CUJO can set this up for you. Download the iOS or Android app, give the setup wizard your router credentials and it will try to update your DHCP settings. If this works, great bash you’re up and running right away.

Unfortunately, CUJO is only able to configure router models it knows about. Often you’ll be told it doesn’t know enough about your hardware to do this, and you’re left to update the settings yourself. The app gives a list of items to change – IP addresses, DHCP leases – but it can’t tell you how to find those options in your router.

There is some support available on the website. Check out this page for a list of compatible and incompatible routers, for instance.

Life can become complicated, though, especially if the CUJO app doesn’t support your router. This page on ‘CUJO Modes’ won’t appeal to the technical novice, and as we write, the most useful-sounding link – ‘Please refer to this manual to disable DHCP Server on your Router’ – is broken.

That’s less than helpful, but if you keep looking, you will find specific instructions elsewhere. For example, BT Home Hub is covered on this page.

The second option is to use ‘Bridge Mode’, which requires two routers. Your internet connection comes in to router A; this connects by cable to CUJO; a second cable goes from CUJO to router B; all your devices must also connect via router B to be protected.

Not everyone has two routers available, of course. Even if you do, you’ll still need to disable DHCP on router B, so you’re not escaping the technicalities. And some routers may not allow DHCP settings to be changed, in which case you won’t be able to use CUJO at all.

To be fair, you aren’t left all on your own – far from it. CUJO’s tech support team is available via email and phone (US and UK). They’re so eager to help that we had a phone call soon after signing up. We also had multiple emails offering help and pointing us to web tutorials, and we’ve seen many positive reviews about the time the company has spent helping people get set up. We suspect that the large majority of users will be able to get CUJO running, but there’s a good chance it will be more complicated than they expected.

PERFORMANCE

Once CUJO is up and running, you can carry on using your devices as normal. Your traffic is filtered through CUJO, analyzed, and any threats blocked, but generally everything should work much as it always did.

If anything dangerous appears, CUJO’s apps register the threat and display a notification telling you more. You’ll also be warned on your local device in some situations, perhaps if access is blocked to a phishing site. That will probably be enough, most of the time, but we’re a little concerned that there’s no browser management interface. If your phone breaks or goes missing, you won’t be able to check up on your CUJO or manage what it’s doing.

One small advantage to using CUJO is it gives you basic parental controls. You can create a profile, define the types of website you’d like to block (adult, shopping, social media), optionally add some safe sites to a whitelist, then apply those settings to a device. Simple reports show you any violations when you review them later on.

This might be useful in a few situations, although there are some major limitations. In particular, the rules are being enforced at the network level rather than the device, so if your kid takes his tablet to a friend’s house, he’ll be able to do whatever he likes.

The CUJO website also says the parental controls feature helps you “avoid inappropriate apps”, “manage access schedules” and “set time limits”, but we didn’t see any of those in our Android app. The parental controls feature was flagged as a beta, so it’s possible they’ll be added later, but when they’re trumpeted on the website we’d say you’re entitled to expect them now.

Elsewhere, the CUJO apps provide simple lists of the devices connected to your network. These show details like device type, manufacturer, IP address, MAC address and more. You could use this to spot unusual devices which connect to your network only occasionally, and when they were last seen.

Demanding network users might run into difficulty with more advanced requirements, such as setting up port forwarding. It’s possible, but not necessarily straightforward, and we’ve seen some users complaining of problems.

If your network needs are mostly about local file and device sharing, though, it’s a different story, and most users will find their CUJO-protected home works much as it always did.

FINAL VERDICT

CUJO seems like a great idea: a neat-looking box you can place in your home, which protects all your smart devices without you having to do anything at all.

Unfortunately, getting to this point might take a while. Setup can be complicated, you may need to reconfigure your network, and advanced tasks like port forwarding could become more difficult.

There’s a distinct shortage of technical detail about CUJO’s features, too. It protects you from malware by blocking access to command and control servers, for instance, but what other sites are included? Where are these addresses sourced from? How often are they updated, and how large is the database? There’s very little information available, which makes it difficult to assess how effective the protection might be.

Overall, CUJO feels like it’s caught between two audiences – it’s too complicated for beginners, too underpowered for experts. It could still be useful if you have lots of smart devices to protect, but be sure to check your setup is compatiblebefore you buy.