Free Tools

Discussions Sophos should be avoided, as it could actually increase your Mac's vulnerability?

Free Tools requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 6 subscribers
Views 2511 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos should be avoided, as it could actually increase your Mac's vulnerability?

NickMcEnjoy over 13 years ago

Hello,

Some Mac users said "Sophos should be avoided, as it could actually increase your Mac's vulnerability" because it runs with root privileges. Is that true?

This thread was automatically locked due to age.

Parents

0 bobcook over 13 years ago

Hi Nick,
There are two reasons we have processes that must run as root:
1) on-access scanning;
2) full system scanning in the background.
For the first item, best protection requires intercepting malicious software as soon as possible. It makes no sense to scan for malicious software after its already been installed; its better and safer to catch it just after its downloaded or copied to disk. Doing this requires elevated privilges.
For the second item, scanning every file and folder on your disk requires elevated privilges (we call it a "full system scan"). It makes no sense to scan only where a regular user can go, as malicious software could hide in all sorts of interesting places normally not reachable. And we want to do this in the background, without requiring a user to authorize that scanning operation every time.
For that reason, our product will always have some portions that run as root. We won't compromise our strategies for best protection just because someone thinks running as root is theoretically less secure than running as an unprivileged user. But we are always looking to improve the security of our software and running some subsystems with lower privilges is certainly one strategy to achieve this. So yes, don't be shocked when you see, over time, some of our software running as a non-root user.
Hope that helps!
:1005595
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bobcook over 13 years ago

Hi Nick,
There are two reasons we have processes that must run as root:
1) on-access scanning;
2) full system scanning in the background.
For the first item, best protection requires intercepting malicious software as soon as possible. It makes no sense to scan for malicious software after its already been installed; its better and safer to catch it just after its downloaded or copied to disk. Doing this requires elevated privilges.
For the second item, scanning every file and folder on your disk requires elevated privilges (we call it a "full system scan"). It makes no sense to scan only where a regular user can go, as malicious software could hide in all sorts of interesting places normally not reachable. And we want to do this in the background, without requiring a user to authorize that scanning operation every time.
For that reason, our product will always have some portions that run as root. We won't compromise our strategies for best protection just because someone thinks running as root is theoretically less secure than running as an unprivileged user. But we are always looking to improve the security of our software and running some subsystems with lower privilges is certainly one strategy to achieve this. So yes, don't be shocked when you see, over time, some of our software running as a non-root user.
Hope that helps!
:1005595
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data