IT security firm Sophos is recommending that system administrators ask their security vendors if they are capable of properly protecting them on the forthcoming 64-bit version of Vista, as arguments continue regarding access to Microsoft's operating system code (kernel). Sophos has reassured its customers that Sophos Anti-Virus will offer full protection against malware threats on Vista, and suggests that some security vendors may not have given sufficient thought to the new operating system when developing their products.
Anti-virus firms Symantec and McAfee have recently made high-profile complaints that they are being "locked out" of the Vista operating system kernel by Microsoft's PatchGuard prevention system. They argue that this is preventing them from continuing to develop pro-active protection against new malware, sometimes referred to as 'host intrusion prevention' or 'HIPS'. They claim this action is anti-competitive.
However, Sophos argues that its approach to HIPS technology has met with no problems on both the low-spec and high-spec versions of Windows Vista. In addition, Sophos claims that Microsoft has so far provided all the interfaces that Sophos needs for providing this form of protection.
"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with high-spec Vista in mind," said Richard Jacobs, CTO of Sophos. "We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them. That's why we're ready for 64-bit Vista, and others aren't."
View: Full Article @ Sophos via Bink
Anti-virus firms Symantec and McAfee have recently made high-profile complaints that they are being "locked out" of the Vista operating system kernel by Microsoft's PatchGuard prevention system. They argue that this is preventing them from continuing to develop pro-active protection against new malware, sometimes referred to as 'host intrusion prevention' or 'HIPS'. They claim this action is anti-competitive.
However, Sophos argues that its approach to HIPS technology has met with no problems on both the low-spec and high-spec versions of Windows Vista. In addition, Sophos claims that Microsoft has so far provided all the interfaces that Sophos needs for providing this form of protection.
"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with high-spec Vista in mind," said Richard Jacobs, CTO of Sophos. "We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them. That's why we're ready for 64-bit Vista, and others aren't."
View: Full Article @ Sophos via Bink
Sophos Anti-Virus, including its HIPS functionality, has been designed for 64-bit Windows Vista.
that's the spirit
Took you long to think that one out ?...
1. Innovate, as before, offer new software and services, make some money by selling products, or
2. Cry while your competitors do #1 and then blame Microsoft for your own mistakes.
You can bet I'll continue to buy security software from a company that falls in the first category
McAfee and Symantec throw a fit when access is removed from the kernel because virus writers won't be allowed access to that attack vector. They lose job security because all the script kiddies they are paying to write viruses for them to fix are going to be left in the dark. Meanwhile, Kaspersky, NOD32, Sophos, Alwil, etc. gain market share because they are able to create REAL antivirus products that actually work. With virus and malware activity at an all-time low and the two largest antivirus firms not even in the picture, it snowballs from there.
Like I said, it's a conspiracy theory, but I find it interesting that the only two companies complaining are the two whose products have come closest to resembling viruses themselves as of late. I work in IT at my company, and LOATHE every time we get a new computer around here from D*ll, and I have to remove all the McAfee crap that comes on there because of the problems caused by it...sometimes it's almost impossible.
I wonder how many people who have commented have actually stopped to think "what are Sophos actually doing differently, is it really effective, or is this just well timed and devious marketting for a system that simply isn't as secure as alternative solutions?" Seems to me that most of you are just taking this as fact and not questioning it at all. Tut tut.
NB: I'm not saying it isn't as secure. It may well be - they haven't made enough detail available to make an informed decision (at least that I can find).
Sophos has decided to try to stop code before it executes....not once the damage is done. Post state inspection is useless if the code is executed.
An ounce of prevention(stop it from executing), is worth a pound of cure(clean after the virus is there.)
*edited for typos*
Find me an traditional AV solution that detects a virus *after* it's let the code execute? That isn't how they work. It'd be simply insane.
McAfee's enterprise software has had code sandboxing and heuristics for more years than I can remember. I also suspect the same technologies are burried inside the home user line of products under one big tick box.
Evaluating code before it runs isn't anything new.
My point is that Sophos are claiming to do something new and wonderful, but have released NO real details on how.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.