Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 2511 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos should be avoided, as it could actually increase your Mac's vulnerability?

NickMcEnjoy

Hello,

Some Mac users said "Sophos should be avoided, as it could actually increase your Mac's vulnerability" because it runs with root privileges. Is that true?

:1005583


This thread was automatically locked due to age.
Parents
  • 0

    Hi Nick,

    Thanks for asking. The poster of that article at Macrumors is characterizing a theoretical problem (and does point out an actual exploit in a product offered by a different company).

    There are no such issues with the security of the Sophos product.

    The poster's theory goes that if the Sophos software is exploited then malicious software (which exploits a Sophos program) could run with elevated privilges e.g. would be able to modify system settings and software, but you'd never be prompted to confirm those actions.

    Its ok to have this concern, however the poster has mischaracterized it to sound much more ominous than it really is for running Sophos software. This potential risk is true for any software which runs as "root". If you open up Activity Monitor and show all processes, you'll see many processes running as "root". The risk described by the poster at Macrumors applies to any of those including those provided by Apple (e.g. Time Machine, Spotlight, etc.).

    Everyone running as "root" has an obligation to insure they don't become the vector for malicious software. We (as a responsible security company) are constantly improving our software.

    (btw I'm the guy responsible for the software development team for SAV for Mac, and I really appreciate you asking questions; let me know if any of that either doesn't make sense or needs more detail)

    :1005589
Reply
  • 0

    Hi Nick,

    Thanks for asking. The poster of that article at Macrumors is characterizing a theoretical problem (and does point out an actual exploit in a product offered by a different company).

    There are no such issues with the security of the Sophos product.

    The poster's theory goes that if the Sophos software is exploited then malicious software (which exploits a Sophos program) could run with elevated privilges e.g. would be able to modify system settings and software, but you'd never be prompted to confirm those actions.

    Its ok to have this concern, however the poster has mischaracterized it to sound much more ominous than it really is for running Sophos software. This potential risk is true for any software which runs as "root". If you open up Activity Monitor and show all processes, you'll see many processes running as "root". The risk described by the poster at Macrumors applies to any of those including those provided by Apple (e.g. Time Machine, Spotlight, etc.).

    Everyone running as "root" has an obligation to insure they don't become the vector for malicious software. We (as a responsible security company) are constantly improving our software.

    (btw I'm the guy responsible for the software development team for SAV for Mac, and I really appreciate you asking questions; let me know if any of that either doesn't make sense or needs more detail)

    :1005589
Children
No Data