I am puzzled, as well as a bit concerned and put off by my initial experience here, though I've
heard some good things about Sophos in general, so...
I want to wait before I do more than ask a couple of questions and make some comments suggestions...
Please take this post as constructive criticism you (SOPHOS) certainly have much to offer and I'm not
loyal to any single security vendor, yet!
Perhaps a moderator could lend some assistance?
I went to the "Free Scanning Tools" section and BTW this is a great way to win customers over, if done the correct way.
Q1- I attempted to download the "Sophos Endpoint Assessment Test"...
This is apparently not a free tool at all and it's apparently a "free download" a trial of a full suite.
It's likely that installation would require the removal of at least part of
my present malware prevention/solution group which includes the following:
Windows Defender, Zone Alarm, WinPatrol, Avast!, MalwareBytes,
as well as many "stand alone/portables" Kaspersky VirusRemovalTool,
AviraAntiVir, CaSIR, Norton Power Eraser, etc.
QUESTION: IS Q1- above CORRECT? If not which parts
So I figured that I would give the "Sophos Threat Detection Test" a try as it is listed as a
subcategory of the "Sophos Endpoint Assessment Test".
It is reported to be "Simple to install" and there is "No need to uninstall existing
AV"... An easy second opinion on system security it would seem...
Q2- I have apparently downloaded a full AV solution which dug EXTENSIVELY into my registry
and required elevated write permissions several times - is that correct.
I ran it and it identified a file on my computer as "Sus/UnkPacker" (apparently a common Sophos identification)
This file is found in 3 places in a hard disk restoration I recently did from
an archived disk - it is tagged as "Sus/UnkPacker"in each of the 3 similar
applications it resides in - It's part of an OEM package
licensing from Steinberg from years ago.
A couple of packages that came with audio hardware.
It's reported as "1st seen 2010-07-20"...whaa?? Nothing makes
any sense, size, checksum, etc. but the report could be quite alarming to "an average user"...
That file has been through literally 100's of malware scans it is safe.
Further, it is quite valuable and maintaining the license from a Germany-based company is tedious.
I doubt Steinberg wants their products declare as risk ware on the basis of being part
of a well known (and sometimes hacked) music editing suite.
I know there are going to be false positive with all malware solutions, but I was presented with similar "scare ware"
tactics that are so rightfully denigrated here on this site.
Let's look at the similarity between your descriptions of "Fake AV" and what happened to me.
I attempted to get more information & was brought to this page;
No real info, so I clicked on the More information link - WOW more vague yet scary information, about a safe file...
Scary because it is given SEVERAL Aka’’’’s - some of which are very severe infections.
It's actually a valuable file (a software syth) and my thinking is that because it is associated with products that have been hacked and passed about - it was generalized as dangerous. Perhaps I'm wrong but that's what I think.
I also think with that presentation some people would have deleted it and depending on how the product was
originally delivered and the present license - it might not be easily replaced - unless one happens to be in Germany...
I submitted the file in question to Virustotal http://flq.us/1Dz (hope that link works)
and only ONE out of the 43 vendors of malware solutions found this to be malware -
That ONE was SOPHOS -
Still these things happen - better safe than sorry - but then I looked more closely at the
descriptions and recommendations page-
"Recovery Instructions: Please follow the instructions for removing worms"
Which brings us to a page that directs us to several other vague but even scarier sounding
descriptions as well as instruction on removal...
which assumes one is "Using EnterpriseConsole".
That is a quick "up sell" (I know it's a free download) - I've done some marketing and I think most people already
know there is some fairly predictable conversion rates from free trials to full payments-
more free trials = more paid customers...
You point out quite rightly, that user data is not safe with the Fake AV outfits because at best, it’’’’s sent without encryption -
“Also, your suggested best practices” warns to guard personal info in part by making sure Https is being used:
http://www.sophos.com/en-us/security-news-trends/best-practices/phishing.aspx
"Check the website you are visiting is secure
Before submitting your bank details or other sensitive information there are a couple of checks you can do to help ensure the site uses encryption to protect your personal data:
Check the web address in the address bar. If the website you are visiting is on a secure server it should start with "https://" ("s" for security) rather than the usual "http://".
Also look for a lock icon on the browser's status bar. You can check the level of encryption, expressed in bits, by hovering over the icon with your cursor...."
Yet Sophos asks that Name, Address Phone#, Workplace etc be entered
into non- encrypted forms pages for Most downloads!!
Q3- Why Not Practice What You Preach?
The instructional videos are great - breaking down complex muti-vector threats into
chunks for the "average web user" but this is strictly aimed at the business sector- no?
It's nice that there is a free root kit scanner - but the copyright on the instructions is
2004 to 2009 - With the version being tagged as over 2 years old!! Is it?
Also it apparently functions fully only with the AV installed…
Q3- Is the above correct?
1 more thing -
you posted a "fail" http://nakedsecurity.sophos.com/2011/08/04/facebook-captcha-fail/
because a FB user was presented with foreign characters
on a captcha here on your site, I was presented with...a Greek character -1st time?
http://www.imageno.com/mztcwewafxphpic.html --> larger version on the link showing a similar "issue"
I think you have a good product line but certainly need to take care of the points where you are off-topic
and asking people to do exactly what you teach is unsafe in the very good instructional videos, and elsewhere on the site…
Hope this isn't deleted - it presents some points in your presentation here that have
some inconsistencies
CR
edited for spelling, etc.
This thread was automatically locked due to age.