Feeds

back to article Google bod exposes Sophos Antivirus' gaping holes

A security researcher has discovered embarrassing and critical vulnerabilities in Sophos' enterprise protection software. Tavis Ormandy, an information security engineer at Google, published a paper along with example attack code to highlight flaws present in Windows, Linux and Mac OS X builds of Sophos' antivirus product. The …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

I'd count myself amongst the last people to defend Sophos, but it does seem irresponsible that an engineer employed by Google would give only 5 days notice about a critical bug before releasing an exploit.

4
5
Boffin

I would suggest a more careful read of the article, in particular this sentence:

> Ormandy reported the vulnerabilities to Sophos on 10 September.

That's rather more than 5 days,

0
0
Silver badge
FAIL

Better to test a product in house ...

before sale rather than wait for people to report defects.

Who does Sophos think they are? Microsoft?

0
0

Onel de Guzman

Point of order. Onel de Guzman, creator of the Love Bug, did his dastardly deed back in 2000 - ten years before the Naked Security blog was written. So we wouldn't have that many articles about him other than the odd retrospective piece. :)

0
0
Black Helicopters

The QA at Sophos has been poor in the last year. Two major problems caused by Sophos. The only plus was that they communicated constantly during the last problem, though that only goes so far since it's the second problem they've caused for us. I can't say I was a huge fan of McAfee when my organization used them but after these Sophos issues I am ready to look at other options.

1
0
Anonymous Coward

OK, so he picked on Sophos

If he'd picked some other AV vendor what's to say he wouldn't have found something similar? You can only compare products if you test them the same way.

0
0
Anonymous Coward

Like the Murphy's, they're not bitter...

Definitely a bit of a spat...

http://nakedsecurity.sophos.com/2010/07/14/patch-tavis-day/

0
0
Anonymous Coward

Sophos are pretty terrible

Their last balls up over a month ago is still causing us problems with machines today.

They completely and royally screwed up, released code that killed it's own auto-updater and many others which stopped it working properly. Their initial response actually caused even more damage with their suggestion and they kept saying they were throwing their resources at it but as their support staff finished their 8hour shift and handed over many Network admins we into their 12+ hour shift trying to sort it out.

The explanation showed that the problem passed successfully through 5 separate QA systems that all should have picked it up and didn't.

How much compensation have they offered? Nothing!

1
0
Silver badge
Trollface

Re: Sophos are pretty terrible

As far as I am concerned, I wouldn't use that buggy Sophos crap if I had free access to it, which I do.

0
0
FAIL

Fail all round

Sophos for their buggy software, Google bloke for doing the typical security researcher irresponsible attention seeking teenagerish behaviour pattern BS.

2
1
Bronze badge
Headmaster

Nobody is addressing the REAL issue, here.

It's "Antivirus's" dammit!

1
1
Bronze badge
Childcatcher

Re: Nobody is addressing the REAL issue, here.

Perhaps, but I think we should go for a more nuanced, educational approach:

Basic: http://www.angryflower.com/bobsqu.gif

Moderate: http://theoatmeal.com/comics/apostrophe

Advanced: http://lmgtfy.com/?q=possessive+ending+in+s

0
0
Anonymous Coward

Not the only one with problems

Symantec have not been that good at detecting one of the Rimecud variants.

Everything else I run over it can find it.

Thank goodness for Stinger on company machines you can't install your own software on.

0
0
This topic is closed for new posts.