As a long-time Sophos user (in my former life, working for a Fortune 500 company or two), I was excited to see the free SAV announced for the Mac. I installed it today, put it through its paces, found an (unexpected) piece of Windows spyware on my system, and came to some conclusions about the product. I then wrote it up in an article on my blog. Clean sweep: http://aaron.sakovich.org/blog/pivot/entry.php?id=637 My issues boil down to the following: Progress bar during installation does not start off accurately. Putting a "Remove" app in the Application folder is annoying. Everyone else leaves it in the .dmg; hopefully, I'll never need this app! A quarantined item with a long path name can wind up being obfuscated -- SAV puts an ellipsis in the path; if you must manually remove this file, you've got to pull the info out of the log file or search for the file name manually -- you can't glean the needed info from the quarantine window right in front of you! After removing the Windows spyware from my email, I later got an alert from SAV that it had found it again -- this time in my Time Machine backup. My TM disk resides on a network server; what happens to the sparsebundle when TM tries to prune that infected email out of my backup, and SAV flags it as quarantined? Will my sparsebundle get corrupted? That's it, though. I love the product, and applaud Sophos for releasing this!!! THANKS! Aaron :1000106

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My review of SAV Mac HE & 4 issues

As a long-time Sophos user (in my former life, working for a Fortune 500 company or two), I was excited to see the free SAV announced for the Mac.

I installed it today, put it through its paces, found an (unexpected) piece of Windows spyware on my system, and came to some conclusions about the product. I then wrote it up in an article on my blog.

Clean sweep:

http://aaron.sakovich.org/blog/pivot/entry.php?id=637

My issues boil down to the following:

Progress bar during installation does not start off accurately.
Putting a "Remove" app in the Application folder is annoying. Everyone else leaves it in the .dmg; hopefully, I'll never need this app!
A quarantined item with a long path name can wind up being obfuscated -- SAV puts an ellipsis in the path; if you must manually remove this file, you've got to pull the info out of the log file or search for the file name manually -- you can't glean the needed info from the quarantine window right in front of you!
After removing the Windows spyware from my email, I later got an alert from SAV that it had found it again -- this time in my Time Machine backup. My TM disk resides on a network server; what happens to the sparsebundle when TM tries to prune that infected email out of my backup, and SAV flags it as quarantined? Will my sparsebundle get corrupted?

That's it, though. I love the product, and applaud Sophos for releasing this!!! THANKS!

Aaron

This thread was automatically locked due to age.

Parents

0 Alphaman over 14 years ago

Yeah, as I suspected, letting any program other than Time Machine into a Time Machine backup is a Very Bad Idea. Given that the sparsebundle is a complex combination of data and metadata, dorking around inside it is redonculously problematic.
If any AV package ever says it found something bad in a Time Machine backup, just say thankyouverymuch, but DON'T dork with it. It can't hurt you from therein, as it would have to be restored to your system to be infectious -- and we all know the realtime component of SAV will prevent it from being restored.
Thanks for the link!
:1000605
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Alphaman over 14 years ago

Yeah, as I suspected, letting any program other than Time Machine into a Time Machine backup is a Very Bad Idea. Given that the sparsebundle is a complex combination of data and metadata, dorking around inside it is redonculously problematic.
If any AV package ever says it found something bad in a Time Machine backup, just say thankyouverymuch, but DON'T dork with it. It can't hurt you from therein, as it would have to be restored to your system to be infectious -- and we all know the realtime component of SAV will prevent it from being restored.
Thanks for the link!
:1000605
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data