Antivirus provider Sophos has fixed a variety of dangerous defects in its products that were discovered by a security researcher who is recommending many customers reconsider their decision to rely on the company.
The affordable Sophos Home Premium expands on basic antivirus with protection forged in the company's enterprise-level products, including a new remote management app. However, the advanced. Sophos Home doesn't really seem to upload much, so it might be operating in a similar manner to the first tick box in this video by uploading hashes/checksums and behaviors. The hitmanpro component in the premium beta is similar, but it warns you when something is in the process of being uploaded. Applies to the following Sophos products Sophos Endpoint Security and Control How to prepare Sophos for inclusion in a disk image. Install the Sophos Endpoint Security and Control to an endpoint that will be used as the gold image, and ensure that it is set to update from the location that the imaged endpoints are supposed to update from.
- A full on automated test of Sophos Home Premium vs over a thousand malware samples.Want to get Sophos Home Premium? Get a discount:https://buy.home.sophos.co.
- I thought I discovered the issue in that the permitted network (Local Subnet) via the tunnel was set as only a single host IP, 192.168.2.0. I adjusted this under IP Host from single host to subnet address, changed the firewall rule to allow access to the local subnet 192.168.2.0/24 and permitted access to the subnet under SSL VPN network resources, but it still will not allow me to access the LAN.
'Sophos claim that their products are deployed throughout healthcare, government, finance, and even the military,' Tavis Ormandy wrote in an e-mail posted to a public security forum. 'The chaos a motivated attacker could cause to these systems is a realistic global threat. For this reason, Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient.'
A more detailed report that accompanied Ormandy's e-mail outlined a series of vulnerabilities that attackers can exploit remotely to gain complete control over computers running unpatched versions of the Sophos software. At least one of them requires no interaction on the part of a victim, opening the possibility of self-replicating attacks, as compromised machines in turn exploit other machines, he said. The researcher provided what he said was a working exploit against Sophos version 8.0.6 running Apple's OS X. Attackers could 'easily' rewrite the code to work against unpatched Sophos products that run on the Windows or Linux operating systems, he said.
A post published to Sophos' Naked Security blog around the same time Ormandy released his report thanked the researcher for privately disclosing the vulnerabilities so they could be fixed before attackers have the knowledge required to exploit them.
AdvertisementSophos Antivirus Linux Reddit
'The work of Tavis Ormandy, and others like him in the research community, who choose to work alongside security companies, can significantly strengthen software products,' the post stated. 'On behalf of its partners and customers, Sophos appreciates Tavis Ormandy's efforts and responsible approach.'
The Sophos post detailed eight fixes that were released from 42 days to 55 days after Ormandy privately brought them to the attention of Sophos engineers. For his part, Ormandy concluded that the amount of time it took to release the patches was excessive.
'Sophos simply cannot react fast enough to prevent attacks, even when presented with a working exploit,' he wrote. 'Should an attacker choose to use Sophos Antivirus as their conduit into your network, Sophos will simply not be able to prevent their continued intrusion for some time, and you must implement contingency plans to handle this scenario if you choose to continue deploying Sophos.'
A security researcher at Google, Ormandy stressed that his report and comments were entirely his, and not those of his employer.
With marked improvements in the security of browsers and Adobe's Reader and Flash applications, it wouldn't be surprising for attackers, particularly well-funded ones targeting a specific corporation or government agency, to turn their attention to AV programs. The detailed interactions AV programs have with browsers and sensitive operating system regions means there's plenty of opportunity.
Sophos Antivirus Reddit
It's unclear if Ormandy has analyzed the security of other antivirus products so he can arrive at an assessment of how they compare to Sophos. He didn't respond to an e-mail seeking comment for this post.