19 posts in this topic

Posted

Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster.

Ormandy has released a scathing 30-page analysis

sophailv2.pdf

Share this post


Link to post
Share on other sites

Posted

we are currently doing a rollout of Sophos Endpoint Security across all of our system where I work.

Share this post


Link to post
Share on other sites

Posted

we are currently doing a rollout of Sophos Endpoint Security across all of our system where I work.

Maybe you should reconsider that.

Share this post


Link to post
Share on other sites

Posted

The number of false positives I've seen from Sophos is the worst I've ever seen from an anti-virus :(

Share this post


Link to post
Share on other sites

Posted

Cleaned

Share this post


Link to post
Share on other sites

Posted

And, in fact, do a search if your favorite security suite has been cracked/activation-bypassed or otherwise defeated by warez release groups. And then keep away from it and demand your money back, if possible. It's useless. There aren't many left these days, but they do happen. If warez people could pwn it, somebody with more evil intentions can and will do it as well, and you just might happen to be in the middle of it.

Share this post


Link to post
Share on other sites

Posted

I am a sophos partner and this concerns me greatly how they've declined. I will have a talk with them about this. I am pretty irritated at all these issues....

Share this post


Link to post
Share on other sites

Posted

I've never used sophos and now I'm glad that I didn't.

Share this post


Link to post
Share on other sites

Posted

I am a sophos partner and this concerns me greatly how they've declined. I will have a talk with them about this. I am pretty irritated at all these issues....

remixedcat,

I would be very interested in hearing what they say to you on this. I couldn't see an official response on their site to this when I looked last night. I have their enterprise console out in a few places too.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

remixedcat,

I would be very interested in hearing what they say to you on this. I couldn't see an official response on their site to this when I looked last night. I have their enterprise console out in a few places too.

I will be contacting them shortly...

Share this post


Link to post
Share on other sites

Posted

sophos contacted.... awating response..

Share this post


Link to post
Share on other sites

Posted

sophos contacted.... awating response..

Thanks, I would hope that they will get independent verification of their assertion that these were fixed circa September and have some sort of statement prepared to show changes in their development process. If they do that I see no need to switch and compliment Google for giving them lead-time.

Edit: I just checked the main console and it seems that 10.2 doesn't automatically apply on rollout if you have your update manager configured to 10.x recommended. The Mac's have gone to 8.0.8.1 automatically though. So don't forget to check your update manager configs!

1 person likes this

Share this post


Link to post
Share on other sites

Posted

You're welcome... I got a response so far... will get a more detailed one later:

Hello Liz ,

Thank you for your email and taking the time to share with us the concerns you have.

Below is some information you may want to review .

Sophos has written about his findings on Naked Security http://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/

We have forwarded your email to the proper Sophos Team . They will be

the best suited to address the questions and concerns you have.

They will be reviewing the email and questions to determine the best source of action and

provide you with the correct information .

Again, thank you for notifying us of the concerns you have so that we can ensure that they are addressed for you.

Let us know if you need any further assistance.

All the best .

Regards,

Share this post


Link to post
Share on other sites

Posted

got another response from Sophos:

Thanks for reaching out with this.

We most definitely appreciate Mr. Ormandy

Share this post


Link to post
Share on other sites

Posted

remixedcat,

Thanks for coming back with that, it is exactly what I wanted (expected) to hear.

I had Anti-Virus 10.0.9 / 8.0.8.1 out already and Anti-Virus 10.2.1 went out over night. The knowledge base links were quite useful.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

You're most welcome ;) are you still gonna use Sophos?

Share this post


Link to post
Share on other sites

Posted

Sure, I haven't been presented with any reason to approach management and say that there is a problem that looks like it will undermine the security of the network or of users.

Mistakes and bugs happen in software development; reactionist responses about flocking to a competitor in the face of them just aren't helpful or realistic when you have spent out for site licenses. If their response had been anything else (i.e. "we *may* fix it in SAV11 after you re-license next year [but then again we may not]") or any attempt to downplay or spin it was used then after a threat assessment my response may have been different. In all honesty I find SAV Enterprise Console to be pretty tidy, yes there are a few limitations that I have issue over, but it works - and I prefer it to the likes of F-Secure's equivalent.

Also the thought of having to do a mobile device recall and changing Mac's to another vendor really doesn't appeal on the greater scheme of good uses of one's time :rofl: .

It looks like about 1/3 of my endpoints have picked up 10.2.0 or higher as of right now; about normal for a version change at this point. As usual there is one on the 4th floor that is refusing to update... they only do it because I'm on the ground floor *sigh*

:rolleyes:

Share this post


Link to post
Share on other sites

Posted

Agreed. I did like their responses as well. They were also very prompt with the replies and I profusely thank them for it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.