Google Research paper on Sophos

Discussion in 'malware problems & news' started by cruelsister, Nov 15, 2012.

Thread Status:
Not open for further replies.
  1. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    I don't believe this was discussed yet, but a Google security engineer has published a 30 page report on Sophos. To give a taste of it:

    “Installing Sophos Antivirus exposes machines to considerable risk. If Sophos does not urgently improve their security posture, their continued deployment causes significant risk to global networks and infrastructure.”

    Glad someone else has the same fondness for the product that I do.

    BugTraq submission: http://www.securityfocus.com/archive/1/524641

    PDF: -https://lock.cmpxchg8b.com/sophailv2.pdf-
     
    Last edited by a moderator: Nov 16, 2012
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think directly linking to a .pdf is allowed, it would be a bit silly if it weren't.

    Anyways, thanks. Gonna read this now.

    edit: Just read it.

    Yikes, painful to read. /GS would have solved so many of the vulnerabilities but then again so would fuzzing/quality assurance. It's just one thing after the other.

    I doubt Sophos is the only company guilty of this. Not by a long shot. Antiviruses directly interact with an attackers code and they run with Admin rights - even if they were programmed competently they'd be dangerous. The fact that this clearly was not, and that they were so unprepared to deal with a review of this size (ie: not even that big, this was one researcher) speaks a lot to the way things are handled.

    Hopefully it lights a fire under their ~ Snipped as per TOS ~.
     
    Last edited by a moderator: Nov 16, 2012
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    What amazed me was the conversation timeline at the end of the article. As Sophos is primarily used in Academia and Corporations, when the company is presented with a detailed listing of flaws their response of "(We) don’t have the resources to fix all the issues" is totally unacceptable.

    ps- I edited the link to go directly to the PDF. If wrong I hope the Mods won't be mean to me. I'm fragile.
     
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Exactly! :thumb:
    Strange attitude, isn't it? o_O
     
  5. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Yeah Sophos is a bad product, but so are most others.
     
  6. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Most? o_O
     
  7. tej

    tej Registered Member

    Joined:
    Dec 2, 2010
    Posts:
    23
    Location:
    India
    Sophail indeed. Guess it wont be featured on the nakedsecurity blog.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They blogged about this paper already.
     
  9. er34

    er34 Guest

    Unfortunately, we don't know it and many user live in a false sense of security :(
     
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Hmmm...As expected...;)
     
Loading...
Thread Status:
Not open for further replies.