Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   SOPHOS Antivirus (http://www.velocityreviews.com/forums/t305424-sophos-antivirus.html)

Frog 05-27-2004 06:21 AM

SOPHOS Antivirus
 
Just wondered what the general consensus is about an Antivirus program
called SOPHOS?

We use the thing here at work, and it doesn't look that flash to me;
Doesn't even do a memory scan before doing a HD scan.

Is anybody out there using it? And if so, what do you think of it?


Thanks
Charles



Billy K 05-27-2004 09:42 AM

Re: SOPHOS Antivirus
 
Yeah I do... I've never seen it disinfect a virus, the only option you have
is to move or delete any infected files.

The default setup does not do anything once a virus is found, and I don't
know if it does anything about the registry modifications viruses make.

I think its a poor program, yet they claim to have won many awards




"Frog" <FrogRemailer@bigfoot.com> wrote in message
news:Z474JH4D38134.3483796296@Gilgamesh-Frog.org...
> Just wondered what the general consensus is about an Antivirus program
> called SOPHOS?
>
> We use the thing here at work, and it doesn't look that flash to me;
> Doesn't even do a memory scan before doing a HD scan.
>
> Is anybody out there using it? And if so, what do you think of it?
>
>
> Thanks
> Charles
>
>




Don Kelloway 05-28-2004 04:04 AM

Re: SOPHOS Antivirus
 
"Billy K" <billycomp@hotmail.com> wrote in message
news:40b5b818@news.comindico.com.au...
> Yeah I do... I've never seen it disinfect a virus, the only option

you have
> is to move or delete any infected files.
>
> The default setup does not do anything once a virus is found, and I

don't
> know if it does anything about the registry modifications viruses

make.
>
> I think its a poor program, yet they claim to have won many awards
>


It's my opinion that Sophos is a excellent AV product. Especially when
used for it's primary purpose of detecting viruses. As for disinfecting
viruses I can only offer that I do not subscribe to this philosophy. If
it's a virus, it's deleted. Plain and simple. No chances are taken.

According to an article on Sophos' website.

Independent research and test centre West Coast Labs has awarded Sophos
Anti-Virus for Windows (NT server, XP Professional and 2000 platforms),
version 3.79, its highest anti-virus certification: Anti-Virus Checkmark
Level 2. The award demonstrates Sophos's excellence in detecting and
disinfecting all known in-the-wild viruses.

http://www.sophos.com/companyinfo/ne...ckmark379.html


--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".



An Metet 05-28-2004 04:43 AM

Re: SOPHOS Antivirus
 
On Thu, 27 May 2004, "Billy K" <billycomp@hotmail.com> wrote:
>Yeah I do... I've never seen it disinfect a virus, the only option you have
>is to move or delete any infected files.


Thanks for the reply.
One thing I've noticed today at work, is that if you choose to do a full HD
scan, it doesn't scan the memory at all !!!!!
Doesn't even appear to have an option to select memory scanning either!

>
>The default setup does not do anything once a virus is found, and I don't
>know if it does anything about the registry modifications viruses make.


I suspect I have a virus on my work machine, yet Sophos isn't finding it


>I think its a poor program, yet they claim to have won many awards


Strange isn't it; I haven't run across anybody thats even heard of the
program.


Many thanks
Charles


Billy K 05-28-2004 07:11 AM

Re: SOPHOS Antivirus
 
Mate, the guy who sang the praise of Sophos must have been a Greek... Sorry
mate but I am far from convinced the product does it's job.

The product does not protect my work environment from any viruses. I should
know because I sit there setting it up and am bewildered that viruses are
still hitting my environment.

I have AVG free edition installed and this detects viruses yet SOPHOS sits
there like a fat technician chomping on donuts !!!

Any technician recommending this product really needs to try something free
like AVG just to see how badly they are being jarded!!







"An Metet" <anmetet@freedom.gmsociety.org> wrote in message
news:d2c88f5b0abd8b35894754fc94dd226a@anonymous.po ster...
> On Thu, 27 May 2004, "Billy K" <billycomp@hotmail.com> wrote:
> >Yeah I do... I've never seen it disinfect a virus, the only option you

have
> >is to move or delete any infected files.

>
> Thanks for the reply.
> One thing I've noticed today at work, is that if you choose to do a full

HD
> scan, it doesn't scan the memory at all !!!!!
> Doesn't even appear to have an option to select memory scanning either!
>
> >
> >The default setup does not do anything once a virus is found, and I don't
> >know if it does anything about the registry modifications viruses make.

>
> I suspect I have a virus on my work machine, yet Sophos isn't finding it
>
>
> >I think its a poor program, yet they claim to have won many awards

>
> Strange isn't it; I haven't run across anybody thats even heard of the
> program.
>
>
> Many thanks
> Charles
>




Don Kelloway 05-28-2004 08:33 PM

Re: SOPHOS Antivirus
 

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b6e61a$1@news.comindico.com.au...
> Mate, the guy who sang the praise of Sophos must have been a Greek...

Sorry
> mate but I am far from convinced the product does it's job.
>
> The product does not protect my work environment from any viruses. I

should
> know because I sit there setting it up and am bewildered that viruses

are
> still hitting my environment.
>
> I have AVG free edition installed and this detects viruses yet SOPHOS

sits
> there like a fat technician chomping on donuts !!!
>
> Any technician recommending this product really needs to try something

free
> like AVG just to see how badly they are being jarded!!
>
>


Though I am not Greek may I suggest that you ensure that you are running
the latest SAV and signatures? As of fifteen minutes ago the current
SAV is 3.81 with 90301 signatures.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".



Billy K 05-29-2004 09:27 AM

Re: SOPHOS Antivirus
 
Sorry for before, I'm just an admin who is honestly very disapointed with a
product.

I work in an envirnoment that deals with other International firms mainly in
Asia. We use Sophos anti-virus on servers and clients. All updates come
through automatically from a share which is updated as soon as any updates
become available. We definately run current updates.

Every major virus to hit the net, we get it. Your right though, Sophos
detect all of these, however fails to deal with the virus accordingly.
Having the file deteled, moved, shredded, copied and etc is not really a
fantastic option. My question is, how do these files become infected in the
first place if Sophos was doing it's job.

We have a concern that Sophos will one day delete some important document
because we have it set to delete viruses. In the environment I work in we
get multiple viruses a week, we have to keep it on the highest possible
setting.

The disinfect option is just there for good looks. I've never had a file
disinfected. The interface with the 3 modes, Immediate, Scheduled, and IC
client is just not practicle. The same configuration must be made 3 times.

The SAV administration tool is OK, gets the IDE updates out there, but this
must be the only reason large organisations use SOPHOS. It does have easy
deployment.








"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:omNtc.2929$Yd3.1129@newsread3.news.atl.earthl ink.net...
>
> "Billy K" <billycomp@hotmail.com> wrote in message
> news:40b6e61a$1@news.comindico.com.au...
> > Mate, the guy who sang the praise of Sophos must have been a Greek...

> Sorry
> > mate but I am far from convinced the product does it's job.
> >
> > The product does not protect my work environment from any viruses. I

> should
> > know because I sit there setting it up and am bewildered that viruses

> are
> > still hitting my environment.
> >
> > I have AVG free edition installed and this detects viruses yet SOPHOS

> sits
> > there like a fat technician chomping on donuts !!!
> >
> > Any technician recommending this product really needs to try something

> free
> > like AVG just to see how badly they are being jarded!!
> >
> >

>
> Though I am not Greek may I suggest that you ensure that you are running
> the latest SAV and signatures? As of fifteen minutes ago the current
> SAV is 3.81 with 90301 signatures.
>
> --
> Best regards, from Don Kelloway of Commodon Communications
> Visit http://www.commodon.com to learn about the "Threats to Your
> Security on the Internet".
>
>




Martin 05-29-2004 01:32 PM

Re: SOPHOS Antivirus
 

"Billy K" <billycomp@hotmail.com> wrote in message
news:40b8578f$1@news.comindico.com.au...
> Sorry for before, I'm just an admin who is honestly very disapointed with

a
> product.
>
> I work in an envirnoment that deals with other International firms mainly

in
> Asia. We use Sophos anti-virus on servers and clients. All updates come
> through automatically from a share which is updated as soon as any updates
> become available. We definately run current updates.
>
> Every major virus to hit the net, we get it. Your right though, Sophos
> detect all of these, however fails to deal with the virus accordingly.
> Having the file deteled, moved, shredded, copied and etc is not really a
> fantastic option. My question is, how do these files become infected in

the
> first place if Sophos was doing it's job.
>
> We have a concern that Sophos will one day delete some important document
> because we have it set to delete viruses. In the environment I work in we
> get multiple viruses a week, we have to keep it on the highest possible
> setting.
>
> The disinfect option is just there for good looks. I've never had a file
> disinfected. The interface with the 3 modes, Immediate, Scheduled, and IC
> client is just not practicle. The same configuration must be made 3

times.
>
> The SAV administration tool is OK, gets the IDE updates out there, but

this
> must be the only reason large organisations use SOPHOS. It does have easy
> deployment.


Every virus will get through a reactive virus scanner sooner or later.

If things are as bad as you say, you should maybe be looking at why you are
at such a high risk. No virus scanner is going to stop viruses, only
mitigate the damage and contain them.




Leythos 05-29-2004 02:06 PM

Re: SOPHOS Antivirus
 
In article <40b8578f$1@news.comindico.com.au>, billycomp@hotmail.com
says...
> Every major virus to hit the net, we get it. Your right though, Sophos
> detect all of these, however fails to deal with the virus accordingly.
> Having the file deteled, moved, shredded, copied and etc is not really a
> fantastic option. My question is, how do these files become infected in the
> first place if Sophos was doing it's job.


You need to look at two things right away:

Firewall - use a firewall that allows for SMTP attachment filtering.
This one feature can eliminate 99% of the virus infected inbound email
to your system. This only works if you have your own email server(s),
but I'm assuming that you do.

Anti-Virus - get Norton AV corporate edition and use it. Setup the
updates for every 4 hours on the server and have the server push the
updates to the desktops. We have Symantec AV Corporate edition setup to
FORCE updates and scan's of users computers. You can even install (push)
the AV software to every desktop using the remote installer (right from
the server).

Using these two methods we've eliminated ALL (100%) of inbound virus
attachments from all the companies we manage.

After you do the above, you need to look at HTTP filtering, filtering
what sites users are permitted to access, and blocking ALL outbound
access that is not strictly for business needs. You can even block IM
and those sharing apps that people like to run from their computers to
connect to home.




--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Mailman 05-29-2004 10:43 PM

Re: SOPHOS Antivirus
 
Leythos wrote:

> You need to look at two things right away:
>
> Firewall - use a firewall that allows for SMTP attachment filtering.
> This one feature can eliminate 99% of the virus infected inbound email
> to your system. This only works if you have your own email server(s),
> but I'm assuming that you do.


I am getting a bit fed-up with Leythos' "advice". In the best case it is off
topic (the OP was asking about Sophos, not opinions on security in
general), now it's outright misleading.

By definition a firewall has no mail filtering function. What you describe
above is an SMTP proxy + anti-virus filtering. They'll both work fine
without any firewall whatsoever, exactly as any firewall will work without
any proxies being involved.

Unfortunately an SMTP proxy will be effective only if you make sure your
users have no access to ANY other mail servers - which PHBs are less than
likely to accept ("I occasionally absolutely unconditionally NEED to look
at my private HotMail/AOL/Whatever account!").

> Anti-Virus - get Norton AV corporate edition and use it. Setup the
> updates for every 4 hours on the server and have the server push the
> updates to the desktops. We have Symantec AV Corporate edition setup to
> FORCE updates and scan's of users computers. You can even install (push)
> the AV software to every desktop using the remote installer (right from
> the server).


In my experience Norton has repeatedly failed to identify viruses. Even
worse, their way of filtering mail raises serious questions about data
security and confidentiality. There are enough good anti-virus programs
that will update automatically (or on command) and filter well without
passing your confidential information through Symantec's servers, not to
mention their outrageous subscription fees.

BTW - in a proxy role Sophos can be quite effective: after all what you need
is just to identify the presence of a virus (in order to block the
attachement/message), not clean it.

> Using these two methods we've eliminated ALL (100%) of inbound virus
> attachments from all the companies we manage.


Just means you were lucky. No anti-virus can catch 100% for the simple
reason that a virus needs to be seen and analysed before a signature can be
defined. Anyone who _guarantees_ to block 100% of incoming stuff is a good
candidate for buying prime beach-front property in northern Mali.

All of this completely ignores the at least as serious issues of worms and
trojans - which most anti-virus programs (including your beloved NAV) will
not identify at all.

> After you do the above, you need to look at HTTP filtering, filtering
> what sites users are permitted to access, and blocking ALL outbound
> access that is not strictly for business needs. You can even block IM
> and those sharing apps that people like to run from their computers to
> connect to home.


At last some reasonable advice: do not allow indiscriminate outgoing
connections (your users will scream bloody murder at this point: "Are you
out of your mind? No IM and no Kazaa?"), use a filtering proxy for outgoing
HTTP, disable all ActiveX (again a less than popular thing), disable
executable content (HTTP downloading).
--
Mailman


All times are GMT. The time now is 03:48 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.