Sophos Antivirus Flaws Revealed

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
A Google researcher has taken on Sophos antivirus software and picked it apart piece by piece. The bad news is some rather disturbing flaws were found in the encryptions and other vulnerabilities. The good news is Sophos was informed prior to the announcement and has begun making the necessary changes.

The problem with all antivirus vendors, he says, is that they do their work in secret without peer review, which eliminates a step that could make for stronger platforms.
Click to expand...
 
Sounds like sloppy code writing to concentrate more on selling the product than actually providing good code.

At least I'm not using it for my PCs.
 
With so many free AV programs out there that actually work... It's a wonder how there is any market for it left.
 
People still think free=inferior. I can't tell you how many people protested when I tried putting Avast or MSE on their computers, then told me that Trend Micro or Mcafee of all things was MUCH better.
 
Traditional Antivirus needs to die. There is no way for it to keep up. I have watched every one of them fail. Good clean regular backups are far more valuable.
 
My office decided to use Sophos, over my objection, I hate having to deal with it and manage it.
 
xxEIEIOxx said:
Traditional Antivirus needs to die. There is no way for it to keep up. I have watched every one of them fail. Good clean regular backups are far more valuable.
Click to expand...

Not being a retard is far better.

That said, I will not be using another AV on any machine until they all follow MSE's model.

1) Can run a scan without having any noticeable performance hit on your machine.
2) Catches the large majority of stuff even when surfing like a tardboat.
3) No noticeable hit on just about any hardware I have installed it on.
4) Doesn't pop up stupid annoying Vista UAC style "Are you really sure you want to do that?" crap Every 5 seconds when you actually attempt to do any bloody thing.
5) It's Free
6) Solid Default settings.
7) Clean, easy to understand interface
8) Fairly good advanced options for those who want to tweak it a little more.
9) Is not Obnoxious.

When other AV's can do the same as MSE, I will give them a shot again. Until then, it is easier to deal with the very few things it misses since they all miss a few things here and there anyhow.
 
Dekoth-E- said:
Not being a retard is far better.

That said, I will not be using another AV on any machine until they all follow MSE's model.

1) Can run a scan without having any noticeable performance hit on your machine.
2) Catches the large majority of stuff even when surfing like a tardboat.
3) No noticeable hit on just about any hardware I have installed it on.
4) Doesn't pop up stupid annoying Vista UAC style "Are you really sure you want to do that?" crap Every 5 seconds when you actually attempt to do any bloody thing.
5) It's Free
6) Solid Default settings.
7) Clean, easy to understand interface
8) Fairly good advanced options for those who want to tweak it a little more.
9) Is not Obnoxious.

When other AV's can do the same as MSE, I will give them a shot again. Until then, it is easier to deal with the very few things it misses since they all miss a few things here and there anyhow.
Click to expand...

Other than maybe Google, no other company can match what Microsoft has to offer especially with requirement #5. A lot of the free software was a decent job for the average home user and works, but with how a large portion of users browse, click everything, download random BS. They need the paid software for very structured real time protection. Does a lot of paid software use a lot of resources? Yes, but it is up to those who know to share the information for others so they purchase the proper software.
 
The problem with all antivirus vendors, he says, is that they do their work in secret without peer review, which eliminates a step that could make for stronger platforms.
Click to expand...

Wow what an awfully convenient statement, coming from a guy working for a company who doesn't have to make money off of their software because they make the money from advertising.

If you have IP to protect you're not going to open source it... it's common sense.

All those AVs that are around and successful exist because they're "good enough". They'll never be perfect from a security standpoint.

Maybe Google should open-source their search algorithm then to be consistent with this statement? Oh... no? Why not?
 
theDreamer said:
Other than maybe Google, no other company can match what Microsoft has to offer especially with requirement #5. A lot of the free software was a decent job for the average home user and works, but with how a large portion of users browse, click everything, download random BS. They need the paid software for very structured real time protection. Does a lot of paid software use a lot of resources? Yes, but it is up to those who know to share the information for others so they purchase the proper software.
Click to expand...

I have yet to see that "structured real time protection" of the Paid AV's prove to be superior in any manner. If I saw clear proof that showed that the Paid stuff was superior and worth the performance hit, I would support it. Right now though, I have yet to see a single Paid solution as far as "consumer grade" Av goes that justifies its price over freeware. And believe me, I have seen some incredibly stupid surfing habits on the machines I support. Free isn't a set in stone requirement, however if your solution isn't Flatly superior to the free, then you have no business charging for it. Also, MSE does real time protection as well without a performance hit, so there is just flat no justification for the performance hit that most AV cause. Especially when it comes to scanning.

Again, what little does make it past MSE is pretty easily removed.
 
I ONLY use Internet Security 2010. It ALWAYS finds tons of virus and registery errors that I didn't even realize were on my computer. Even a fresh install of Windows can be infected with Viruses that only Internet Security 2010 can find. Its well worth the money. Its very easy to download to. All my family and co-workers use it.

***
 
westrock2000 said:
I ONLY use Internet Security 2010. It ALWAYS finds tons of virus and registery errors that I didn't even realize were on my computer. Even a fresh install of Windows can be infected with Viruses that only Internet Security 2010 can find. Its well worth the money. Its very easy to download to. All my family and co-workers use it.

***
Click to expand...

:eek: Download links naw!!! :eek:

:p
 
I'm on XP, without an Antivirus. It's all about NoScript, Mark Russinovich (Sysinternals FTW), and common sense.
 
westrock2000 said:
I ONLY use Internet Security 2010. It ALWAYS finds tons of virus and registery errors that I didn't even realize were on my computer. Even a fresh install of Windows can be infected with Viruses that only Internet Security 2010 can find. Its well worth the money. Its very easy to download to. All my family and co-workers use it.

***
Click to expand...

can't tell if serious
 
westrock2000 said:
I ONLY use Internet Security 2010. It ALWAYS finds tons of virus and registery errors that I didn't even realize were on my computer. Even a fresh install of Windows can be infected with Viruses that only Internet Security 2010 can find. Its well worth the money. Its very easy to download to. All my family and co-workers use it.

***
Click to expand...

OMG that's the same antivirus I use... always first thing I install on my computer, amazed at how much it finds... my second install is XP recovery suite cuz it checks my hard drive for me... it's amazing how many of my brand new hard drives have critical errors on em!
 
Shadowe said:
With so many free AV programs out there that actually work... It's a wonder how there is any market for it left.
Click to expand...

What sort of corporate administrator functionalities do they have, and how good are they for areas outside of the US? A lot of things factor into large purchase decisions. We went with Avira simply because they get a lot of the junk that comes in from Africa and other options didn't.

Plus a ton of people just buy what ever AV their work uses. I can safely say that when managing a ton of servers and clients that you have already hardened against most threats, the ability to centrally manage things often takes priority over how effective the solution might be. And while their are plenty of free, and often superior, AV solutions that are usable for the home user those tend to be client only with pathetic, or none at all, management support.

Of course, then the users go home and buy brand of AV XYZ because work uses it, and land themselves in trouble.
 
I think someone said it best before, that smarter users would prevent a lot of the problems.. But in this day in age that is something you cannot expect people to do.. Which is sad:(
 
sdhsbaseball said:
I think someone said it best before, that smarter users would prevent a lot of the problems.. But in this day in age that is something you cannot expect people to do.. Which is sad:(
Click to expand...

I'd rather have dumb users than "smart" users. Truly dumb users are at least scared of the computer and give it some sort of respect out of the fear it will wake up one day and eat all their files and get them fired because they are working on a report that had to go out ASAP. They will also fear and respect the IT staff and do exactly what they are told.

Smart users will go out and try to install all their own favorite crap, attempt to network share itunes files, do things the way "my friend in school was a CS major and he" told them to, and get smart with the IT staff when told to do things specific ways and generally bitch about IT policy when it interferes with their facebook and other problems. They will also offer half assed tech support to their friends in marketing and in the process making things far worse than ever.

Dumb users may be dumb but will follow instructions and do what they are told. Smart users will turn into smart asses and create major problems because "I know better than IT".
 
sd11 said:
I'd rather have dumb users than "smart" users. Truly dumb users are at least scared of the computer and give it some sort of respect out of the fear it will wake up one day and eat all their files and get them fired because they are working on a report that had to go out ASAP. They will also fear and respect the IT staff and do exactly what they are told.

Smart users will go out and try to install all their own favorite crap, attempt to network share itunes files, do things the way "my friend in school was a CS major and he" told them to, and get smart with the IT staff when told to do things specific ways and generally bitch about IT policy when it interferes with their facebook and other problems. They will also offer half assed tech support to their friends in marketing and in the process making things far worse than ever.

Dumb users may be dumb but will follow instructions and do what they are told. Smart users will turn into smart asses and create major problems because "I know better than IT".
Click to expand...

You are completely right! I should have worded things a little different; instead of saying smart users i should have said something like respectful users or something along those lines. I agree having someone who knows just a little bit makes them dangerous, and it sure seems like those type of people like to go on reckless rampages and use there "knowledge" they have to "help".
I know i don’t have a huge background in the IT sector but i do have a good background in the automotive side of life and we have those same type of people. The ones that would love to help a friend on their car since the have "knowledge" then once they royally screw things up they ask you for help and you have to redue there crappy work and then still figure out the original problem at hand.
 
sd11 said:
What sort of corporate administrator functionalities do they have, and how good are they for areas outside of the US? A lot of things factor into large purchase decisions. We went with Avira simply because they get a lot of the junk that comes in from Africa and other options didn't.

Plus a ton of people just buy what ever AV their work uses. I can safely say that when managing a ton of servers and clients that you have already hardened against most threats, the ability to centrally manage things often takes priority over how effective the solution might be. And while their are plenty of free, and often superior, AV solutions that are usable for the home user those tend to be client only with pathetic, or none at all, management support.

Of course, then the users go home and buy brand of AV XYZ because work uses it, and land themselves in trouble.
Click to expand...

Yep, I am very careful when I saw I support MSE to clarify that I mean only for home users. The corporate environment is another story completely. I know I have 7 different corporate environments I am responsible for. I use Symantec enterprise in all of them, mostly because they already had that when I came on board and I am sure you understand what a pain changing over can be. Like you said, being able to centrally manage takes priority over effectiveness. Easier to remove the few threats that get through usually.

sd11 said:
I'd rather have dumb users than "smart" users. Truly dumb users are at least scared of the computer and give it some sort of respect out of the fear it will wake up one day and eat all their files and get them fired because they are working on a report that had to go out ASAP. They will also fear and respect the IT staff and do exactly what they are told.

Smart users will go out and try to install all their own favorite crap, attempt to network share itunes files, do things the way "my friend in school was a CS major and he" told them to, and get smart with the IT staff when told to do things specific ways and generally bitch about IT policy when it interferes with their facebook and other problems. They will also offer half assed tech support to their friends in marketing and in the process making things far worse than ever.

Dumb users may be dumb but will follow instructions and do what they are told. Smart users will turn into smart asses and create major problems because "I know better than IT".
Click to expand...

I agree, though I would argue there is a limit. The exceptionally dumb ones tend to cause just as much havoc as the "I think I know more then I really do" groups. I prefer the ones who just want to turn on the computer, have their stuff there and are ok with how I tell them to run the machine. I tend to keep my clients fairly loose on the restrictions as I have found over the years that micromanaging is far more work then it is worth. I simply keep the screws tightened down on the servers and network security and make sure I stay on top of individuals who prove to be my "Problem children". Over the years this approach has worked well for me. I deal with very few real threats and I enjoy a fairly amicable relationship with my clients as they don't feel like I am lording over them.
 
I use MSE at home, but the corporate environment is far too large to use that product. Heck, Microsoft's protection suite products weren't even around when Sophos was procured. Sophos isn't perfect, but it helps a lot when you have knuckleheaded end users who like clicking pretty, "YOU HAVE A VIRUS CLEAN HERE" popups since it emails the tech who's responsible for the machine with what they infected themselves with and what action was taken against the threat.

Truth is there is no longer a bullet proof platform out there that can keep all the crap out of your network apart from erradicating all the virus/spyware authors :p
 
arg Sophos! it used to be that you had to download the updates on a central computer and distribute them from your own webserver, even for laptops outside your network.
any EXE file put in the update folder would be ran with admin privileges on all the computers that updated from that server.
Combine iis exposed to the net with a program that will run any EXE file and it was a recipe for disaster and they were required to run it.
I ended up writing a small program that downloaded the updates over a secure connection and ran them locally with a pgp signed master list and md5 checks.
 
I have Sophos Endpoint Security on about 1000 systems and I really like it.
The console makes it easy to manage all my systems. I honestly never even notice it running.
It's not perfect but I consider it to be one of the best for Enterprise.
 
You must log in or register to reply here.
Back
Top