Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 49 replies
  • Subscribers 6 subscribers
  • Views 158327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus for Mac version 9.0 Preview

bobcook

Hi everyone,

Today we published Sophos Anti-Virus for Mac version 9.0 Preview for your evaluation and use.

The headline feature for version 9.0 is Web Protection, offering protection to make web browsing safe. This is the same technology used by our corporate customers, learn more from our website: http://www.sophos.com/en-us/why-sophos/innovative-technology/web-protection.aspx

We've also worked hard to improve the existing features with a number of security and stability fixes. Version 9.0 supports Mac OS X 10.6 and up. This means we've discontinued support for all PowerPC systems and 10.4/10.5 Intel systems going forward.

This is a "preview" release. The product has passed all of our internal quality assurance testing but we are looking for additional feedback from real users in the real world. Barring any undiscovered defects, this version provides the same protection as version 8 plus protection for web browsing. The product will get regular updates too.

Download the version 9.0 Preview installer here: http://downloads.sophos.com/home-edition/savosx_90_he.zip

SHA-256 checksum of the 9.0.0 zip file: 0252e80845d38e43c9638983900d3f9a91dac4b2e9c028e787e4a8e40018d4c1

SHA-256 checksum of the 9.0.1 zip file: 4719154788e5e4251dc76bfecde842ea7fd08db32e36ecef0072335ca156bb4a

You can upgrade an existing version 8 installation, or set up a brand new installation with the same installer. Either way, just download and run the installer app. Today you need to "opt-in" by manually running the installer but later this year we'll migrate all version 8 installations.

If you find problems, please post about it here. If you don't have any problems we'd also love to hear that too. If you find a showstopper issue, please let us know and then reinstall version 8 until we can fix it.

Note that the version 8 installer is still available from our main website: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

Regarding the Web Protection feature, you can test the two different types of protection with these two links:

URL reputation blocking: http://www.sophostest.com/ then click the "Malware" link about half-way down the page

Malicious content blocking: http://www.eicar.org/download/eicar_com.zip

In both cases, you will get a notification page instead of the real content when the protection features are enabled in the preferences.

Thanks in advance for your feedback.

:1012410


This thread was automatically locked due to age.
Parents
  • 0
    ZRL1 wrote:

    A different question on the same subject - the NY Times site was recently hacked, but it wasn't the NYT site itself but the DNS server that routes the user to the NYT; the user was instead routed to a potentially malicious site as a result of the hack. Would SophosWebIntelligence catch that?

    Since nothing is ever simple, I understand that if the user was using OpenDNS rather than whatever DNS support came with the ISP, that rerouting was detected and the user was transparently sent to the actual NYT site instead. Would SophosWebIntelligence have allowed the correct routing to pass through?

    Yep definitely a complicated issue, but here goes:

    (1) Web Protection checks the URLs and the IP addresses when the browser connects to the remote site. In this case, when using a spoiled DNS server, your machine is going to use the legit URL but a bad IP address. We should block that access.

    (2) Web Protection checks the content sent from the server back to the browser for signs of malicious content (either malicious code or stuff that looks suspicious). In this case we should block the bad content.

    The Internet is a very dynamic place and we don't always find the bad sites before they are used in an attack like the NYT situation. Nobody has prefect clarity, so it may be that we might not detect the bad IP. Same applies to all DNS-based protection (you can't block what you don't know about). This is why blocking via content inspection (e.g. scan the content before the browser gets it) is also important.

    Hope that helps.

    :1013004
Reply
  • 0
    ZRL1 wrote:

    A different question on the same subject - the NY Times site was recently hacked, but it wasn't the NYT site itself but the DNS server that routes the user to the NYT; the user was instead routed to a potentially malicious site as a result of the hack. Would SophosWebIntelligence catch that?

    Since nothing is ever simple, I understand that if the user was using OpenDNS rather than whatever DNS support came with the ISP, that rerouting was detected and the user was transparently sent to the actual NYT site instead. Would SophosWebIntelligence have allowed the correct routing to pass through?

    Yep definitely a complicated issue, but here goes:

    (1) Web Protection checks the URLs and the IP addresses when the browser connects to the remote site. In this case, when using a spoiled DNS server, your machine is going to use the legit URL but a bad IP address. We should block that access.

    (2) Web Protection checks the content sent from the server back to the browser for signs of malicious content (either malicious code or stuff that looks suspicious). In this case we should block the bad content.

    The Internet is a very dynamic place and we don't always find the bad sites before they are used in an attack like the NYT situation. Nobody has prefect clarity, so it may be that we might not detect the bad IP. Same applies to all DNS-based protection (you can't block what you don't know about). This is why blocking via content inspection (e.g. scan the content before the browser gets it) is also important.

    Hope that helps.

    :1013004
Children
No Data