Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 49 replies
  • Subscribers 6 subscribers
  • Views 158304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus for Mac version 9.0 Preview

bobcook

Hi everyone,

Today we published Sophos Anti-Virus for Mac version 9.0 Preview for your evaluation and use.

The headline feature for version 9.0 is Web Protection, offering protection to make web browsing safe. This is the same technology used by our corporate customers, learn more from our website: http://www.sophos.com/en-us/why-sophos/innovative-technology/web-protection.aspx

We've also worked hard to improve the existing features with a number of security and stability fixes. Version 9.0 supports Mac OS X 10.6 and up. This means we've discontinued support for all PowerPC systems and 10.4/10.5 Intel systems going forward.

This is a "preview" release. The product has passed all of our internal quality assurance testing but we are looking for additional feedback from real users in the real world. Barring any undiscovered defects, this version provides the same protection as version 8 plus protection for web browsing. The product will get regular updates too.

Download the version 9.0 Preview installer here: http://downloads.sophos.com/home-edition/savosx_90_he.zip

SHA-256 checksum of the 9.0.0 zip file: 0252e80845d38e43c9638983900d3f9a91dac4b2e9c028e787e4a8e40018d4c1

SHA-256 checksum of the 9.0.1 zip file: 4719154788e5e4251dc76bfecde842ea7fd08db32e36ecef0072335ca156bb4a

You can upgrade an existing version 8 installation, or set up a brand new installation with the same installer. Either way, just download and run the installer app. Today you need to "opt-in" by manually running the installer but later this year we'll migrate all version 8 installations.

If you find problems, please post about it here. If you don't have any problems we'd also love to hear that too. If you find a showstopper issue, please let us know and then reinstall version 8 until we can fix it.

Note that the version 8 installer is still available from our main website: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

Regarding the Web Protection feature, you can test the two different types of protection with these two links:

URL reputation blocking: http://www.sophostest.com/ then click the "Malware" link about half-way down the page

Malicious content blocking: http://www.eicar.org/download/eicar_com.zip

In both cases, you will get a notification page instead of the real content when the protection features are enabled in the preferences.

Thanks in advance for your feedback.

:1012410


This thread was automatically locked due to age.
  • 0

    My experience (2009 dual core iMac) is that many news sites (which often have complex content) are slow to fully load whether or not Web Protection is enabled.  And the CPU load from Safari is much much greater than that of Sophos.  Whilst I am sure that Sophos must cause a tiny bit of slowing, I can't measure a consistent difference in page loading.  Using an ad blocker will most likely improve performance more than turning off Sophos components.  

    Have you tried adding the Washington Post to the 'allowed web sites'?    Or you could use http://www.guardiannews.com :-)

    :1012594
  • 0
    gilby101 wrote:

    My experience (2009 dual core iMac) is that many news sites (which often have complex content) are slow to fully load whether or not Web Protection is enabled.  And the CPU load from Safari is much much greater than that of Sophos.  Whilst I am sure that Sophos must cause a tiny bit of slowing, I can't measure a consistent difference in page loading.  Using an ad blocker will most likely improve performance more than turning off Sophos components.  

    Have you tried adding the Washington Post to the 'allowed web sites'?    Or you could use http://www.guardiannews.com :-)

    Actually, having switched back to Sophos 8.0.16C, I'm surprised at how quickly those same web pages appear now. I don't think it's CPU load that's slowing things down since a jump from 0.1% CPU load to 11.2% CPU load is nothing given that the Mac Pro has gone as high as 1,150% CPU load with some applications (6 cores x 2 threads, each capable of 100%). Rather, I suspect that SophosWebIntelligence has to clear each of those links in the page before it lets them through so they seem to appear one at a time. Even when Web Protection was turned off, the difference is notable between the two versions.

    At the same time, I think Web Protection is a good idea and work has clearly been done to optimize it. For example, in forums, the first access of a forum will involve clearing all its components, but once that's done, switching to a different forum in the same family is a lot faster since it looks like, once cleared, the common components are just let through.

    BTW, AdBlock Plus was one of the very first extensions I installed years ago. On occasion I've seen other people's systems where it's absent and it's like seeing a whole different (and not-so-nice) web for the first time. RequestPolicy is also installed to limit cross-site requests so it's possible that, in its absence, SophosWebIntelligence would have even more to do.

    :1012596
  • 0
    ZRL1 wrote:

    I suspect that SophosWebIntelligence has to clear each of those links in the page before it lets them through so they seem to appear one at a time.

    Mostly correct, although we can process things in parallel if the browser does. There are three points where the system does a lot more processing for web traffic: (1) each network socket is filtered by SophosWebIntelligenceD to pick out the URL and the content; (2) the URL is given to SophosSXLD which communicates with our cloud infrastructure; and (3) the content is given to SophosScanD for the anti-malware scan.

    Each of these components is multi-threaded so we can absorb as much work as possible, but the necessary CPU cycles still add up. The URL lookups are backed by a sophisticated caching mechansim to avoid looking up things too often (that would interfere with performance) but often enough to give real-time reaction to threats. We typically see more than 90% caching even for complex sites when you start browsing them, although if you stop browsing then return to the site later we have to requery. We don't bother trying to avoid re-scanning (by caching content) because the browsers do an excellent job of caching themselves. We never re-scan cached content because the browser never fetches it from the remote server. But anything the browser can't or won't cache will get scanned (which is the corrrect behavior).

    Our typical "worst case" sites are like Amazon's front page or Yahoo!'s front page. Both are full of small bits fetched from lots of different servers. The front page of the Washington Post is similar, it references content from more than sixty different servers. Seems like a good site for more performance testing.

    :1012604
  • 0

    Thanks very much for the detailed explanation.

    Knowing more now, I can add a data point. I've got the browsers' cache sizes set to minimal. First, I'm on a 50 Mb/s connection, and second, the boot drive is an SSD. Knowing what an SSD goes through to write anything and the resultant wear, reducing caching of small files to disk when possible makes sense. Page display is very fast none-the-less but it clearly works against smooth operation of the Web Protection procedures. Since more Macs are coming with SSD drives, and how they work is becoming more generally known, that may be something to take into consideration.

    :1012606
  • 0

    Hello,

    I am using your version 9 preview on Mavericks DP3.  It seems to work, but there is a small issue.  When it updates it seems to fail.  Meaning it downloads, right now 63.8 MB and than it seems to hang.  I need to cancel.  But otherwise it seems to work.

    Will there be an updated build soon to support Mavericks better?

    BTW, I firist used Sophos version 8, and it had the same issue but it did not let me use the cancel button.

    Michael

    :1012618
  • 0

    Hi Michael,

    We can't really talk about 10.9 specifically (Apple discourages us from doing that in a public forum) but I can tell you that we are testing it ourselves and working closely with Apple where needed to resolve incompatibilities.

    We are definitely planning to support 10.9 on the day of its release, and maybe some of the improvements coming in various 9.0 maintenance updates over the next several months will be interesting to you to follow.

    Re: the updating issue, does it ever recover? We haven't seen any specific issues ourselves in that area. More details like network config & maybe network trace would be super helpful.

    :1012624
  • 0

    Understood we cannot talk about 10.9.  No need to.  But I wanted you to know that under it Sophos 9 and 8 have issues.  The only issues seen are the updating process.  Which never finishes, although I never waited more than an hour or two before restarting.  With 9 I can cancel but it doesn't seem to work and I restart to clear it.

    I don't know if I will be notified or not when you release updates to 9, but I will try and watch for them.

    Michael

    :1012626
  • 0
    Hi Bob,
    Is the memory consumption is governed by the next Mac OS 10.9?
    At the moment, all 1-2 minutes to start applications need.
    The applications are even loaded, these open very quickly.
    But why is no better regulates the storage, or will this be better then with 10.9, since Apple has spoken management of an improved RAM.
    I very much hope that the Web protection can be accelerated.
    Some days feels dramatic, RAM so I only with-purge-these can give freely again, but unfortunately open then the apps again very slow.
    Giving now on google for Mac News and open different pages from Google's results, they are loaded very slowly.
    :1012802
  • 0

    Quick question that you may not be able to answer.

    I am able to install the *home* version of Sophos 8.0.15C (which autoupdates to 8.0.16C) and then do an in-place upgrade to Preview 9.0.1

    However, if I install the non-home version of Sophos 8.0.15 (which autoupdates to 8.0.16), this does *not* do an in-place upgrade to Preview 9.0.1 -- even though the Preview installer said things installed correctly.   Things remain at 8.0.16.

    (This is under Mac OSX 10.8.4)

    Have only the "home version" installations been tested by Sophos QA and this difference should be expected?

    :1012814
  • 0

    Hi carlos,

    We don't expect any immediate improvements for our memory usage from OS X 10.9 although there are some interesting technologies that could help over time. There are some things we are looking to change in the product later this year to help reduce memory footprint in general for all versions of the OS.

    I need some more information about the slow application launches e.g. what application, what OS, what h/w spec, etc. plus need to know what version of SAV you are running (9.0.1 is the latest, 9.0.2 will be out this week).

    For Web Protection, there is a feature in Safari (and similar features in other browsers) that lets you time the page loads. Can you post some details (the whole graph would be useful) for loading any given site with and without Web Protection enabled. Be good to get some visibility into the issue you are seeing.

    :1012816