« previous next »
Pages: [1]   Go Down

Author Topic: Researcher advises against use of Sophos antivirus on critical systems  (Read 139 times)

Offline menotu

  • PCLinuxOS Tester
  • Super Villain
  • *******
  • Posts: 15316
  • ┌∩┐(◕_◕)┌∩┐
Researcher advises against use of Sophos antivirus on critical systems
« on: November 07, 2012, 06:51:50 AM »
by Dan Goodin - Nov 6, 2012 - arstechnica

Advisory comes after security app is patched to fix dangerous defects.

Antivirus provider Sophos has fixed a variety of dangerous defects in its products that were discovered by a security researcher who is recommending many customers reconsider their decision to rely on the company.

"Sophos claim that their products are deployed throughout healthcare, government, finance, and even the military," Tavis Ormandy wrote in an e-mail posted to a public security forum. "The chaos a motivated attacker could cause to these systems is a realistic global threat. For this reason, Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient."

A more detailed report that accompanied Ormandy's e-mail outlined a series of vulnerabilities that attackers can exploit remotely to gain complete control over computers running unpatched versions of the Sophos software.

At least one of them requires no interaction on the part of a victim, opening the possibility of self-replicating attacks, as compromised machines in turn exploit other machines, he said. The researcher provided what he said was a working exploit against Sophos version 8.0.6 running Apple's OS X. Attackers could "easily" rewrite the code to work against unpatched Sophos products that run on the Windows or Linux operating systems, he said.

http://bit.ly/VRlGJI
Logged
PCLinuxOS 32bit KDE 4.10.1; kernel-3.4.11-pclos1.bfs & 64bit 3.2.18bfs; NVidia GeForce 8400GS 1GB 310.19 driver

Sony Vaio SVE1513A4ESI Laptop, Intel Core i5, 2.6GHz, 6GB RAM, 750GB, 15.6" Intel HD Graphics 4000

Offline horusfalcon

  • Hero Member
  • *****
  • Posts: 998
  • Wayfarer of The Western Wastes
Re: Researcher advises against use of Sophos antivirus on critical systems
« Reply #1 on: November 07, 2012, 07:13:09 AM »
An important point Mr. Goodin makes toward the end of the article is that no one knows yet how any of the other commercial AV products compare on this score with Sophos.

Overall, it sounds like there's still no substitute for good security best practices and user education in combating malware.  Social Engineering is still gonna be the most versatile and vulnerable route of exposure to threats, and, so long as the environment is susceptible to threats, it's still gonna be a game of cat-and-mouse where a determined attacker can always defeat a determined defender given enough time and resources.

Sophos has a reputation for being one of the better anti-virus products out there.  It's certainly one of the more expensive solutions, and this one report is unlikely to change any of that.  It's noteworthy that Sophos' management expressed their appreciation for having been notified of the exploits, and owned the problem when they were made aware of it (even if they did move too slowly for Mr. Ormandy's liking).

It's also noteworthy that Sophos is more than an anti-virus software company - they provide a complete range of enterprise security services to a variety of high-profile clients.  That's more than can be said for many of their competitors.

All I'm really trying to say is it's way too early to come to the conclusion that Sophos is a no-goodnik based on these recent events.  Watch and see.

Later On,
D
Logged
"The Way is not a matter of knowing or not knowing.  One word to a wise man; one lash to a bright horse."

Dell Latitude D620, PCLinuxOS 2012.08 KDE4/LXDE, 3.2.18.pclos.bfs, specs here.
Pages: [1]   Go Up
« previous next »