A few questions about Mac Sophos antivirus(free home edition)

---

Eriq wrote:

i might be confused about what bootcamp is but i dont have windows on my mac to infect.

Also earlier you said that it detects iexplore.exe malware but it doesnt garentee it will detect them all. What do you mean by this? Are there ones sophos doesnt know about that it cant find or is it just that sophos doesnt find it even though it is in the database? Does sophos only look for malware from its database? Or when i choose to scan files, will it only scan for malware in its database or will it also check to see if a file/item is suspicious based on its contents and what it does?

---

Bootcamp is a system that lets you dual-boot into another operating system (tweaked for Windows) on your Mac.

"iexplore.exe malware" is not a Sophos designation.  iexplore.exe is actually the file name of the Microsoft Internet Explorer web browser on Windows.  There is a lot of malicious software that takes advantage of or pretends to be Internet Explorer.  Sophos likely catches anything you might find attempting to do this, but of course we don't know about the malware out there that we don't know about -- so we can't guarantee we protect against it -- just that our heuristic checks will likely detect and block it.

Modern anti-virus scanners don't just have a list of files and file fragments that they block -- as you surmised, they look for behaviour and meta-information that is indicative of a certain family of malware, as well as using many other techniques.

So it's possible to answer "do you detect this file?" and even "do you have detection for this family of malware?" but no AV company should be able to tell you "yes, we detect all files from this family of malware" unless they're restricting the "family" to represent the samples they know about and detect.

Does this clear it up, or make it more confusing?

---

Eriq wrote:

i might be confused about what bootcamp is but i dont have windows on my mac to infect.

Also earlier you said that it detects iexplore.exe malware but it doesnt garentee it will detect them all. What do you mean by this? Are there ones sophos doesnt know about that it cant find or is it just that sophos doesnt find it even though it is in the database? Does sophos only look for malware from its database? Or when i choose to scan files, will it only scan for malware in its database or will it also check to see if a file/item is suspicious based on its contents and what it does?

---

Bootcamp is a system that lets you dual-boot into another operating system (tweaked for Windows) on your Mac.

"iexplore.exe malware" is not a Sophos designation.  iexplore.exe is actually the file name of the Microsoft Internet Explorer web browser on Windows.  There is a lot of malicious software that takes advantage of or pretends to be Internet Explorer.  Sophos likely catches anything you might find attempting to do this, but of course we don't know about the malware out there that we don't know about -- so we can't guarantee we protect against it -- just that our heuristic checks will likely detect and block it.

Modern anti-virus scanners don't just have a list of files and file fragments that they block -- as you surmised, they look for behaviour and meta-information that is indicative of a certain family of malware, as well as using many other techniques.

So it's possible to answer "do you detect this file?" and even "do you have detection for this family of malware?" but no AV company should be able to tell you "yes, we detect all files from this family of malware" unless they're restricting the "family" to represent the samples they know about and detect.

Does this clear it up, or make it more confusing?