Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 7638 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Sophos AV for Mac across networks

nigelh

Because my partner was having all sorts of issues with the AV utility installed on her Windows 7 laptop, I decided to try checkig it using SAV from my Mac via the home network. Because it was pretty slow via WiFi, I hooked up both computers with Ethernet and, I have to say, that ran pretty fast. It managed to check out her whole istallation in about 6-7 hours.

My question is, how valid are the results? No threats were found. I'm assuming that the Sophos utility on the Mac does know about all threats applicable to Windows, but is my assumption a good one?

It's a real pity that Sophos (surprisingly!) do not make an equivalent AV utility for Windows (though I'm sure that most of their software IS applicable to Windows environments), because my partner is having a really hard time finding an internet security package (paid or otherwise) that WORKS properly on Windows, without stupid failures. We're still looking for the optimum solution for her system, but in general, support from the makers of Windows AV/IS software also seems to be quite abysmal!

:1013286


This thread was automatically locked due to age.
  • 0

    The signature files (called IDEntity/IDE files in /Library/Sophos Anti-Virus/IDE) are actually platform neutral - same ones for Windows, Mac, Linux, UNIX, OpenVMS, et al.  The Mac scanner is therefore able to find Windows malware and vice versa.

    Sophos do a 'disposal' Windows virus scanner and cleanup tool called the Virus Removal Tool.  It's basically the same scanner and program as their enterprise-grade software but lacks two things:  it doesn't have a real-time scanner and it doesn't update automatically.  It's designed to be installed (which includes all the latest IDE updates at the time of download) and then run a full scan of a Windows computer.  You can then cleanup anything that is found or uninstall (as the tool becomes out of date after a few days).

    They don't do a 'free' fully functional Windows product because they want you to buy that from them and Windows users don't need too much convincing that they are going to get malware trying to land on their computer at some point.  Sophos only gave Mac AV away free because malware was growing and Mac users were not (and still are not) taking the problem seriously - not seriously enough to part with cash away.

    If you wanted to buy Sophos you could get a one year 'Sophos Anti-Virus - Business' license for 3 computers - see Buy Sophos online for less than 100 users.  You would get full technical support for that price and the computers can be any combination of Mac and Windows.

    :1013292
  • 0

    Many thanks for the reply, Diz, and the confirmation of validity when using SAV for Mac as I described.

    Also, yes, I agree with you fully that there is too much complacency within the Mac community. As someone who regularly exchanges files with Windows-using clients, I'm only too aware of the possibility of malware being transferred to them inadvertently. From experience, though, I've never ingerited malware from anything I've downloaded myself, only from files that those Windows-using clients have sent me! :smileywink: Still, at least that allows me to 'do them a favour' by advising them of the fact that they have a problem!

    Thank you for the link to the page about the paid Sophos products. I did have an online chat with someone in Sophos, via the website, to ask what was available for Windows that might be in any way equivalent to the utility that I'm using on Mac, but they didn't refer to these possibilities at all. Maybe they didn't fully understand that price was not the issue for what I was asking about and thought I was asking for something that was similarly *free*? Anyway, we'll check out these paid options - they're understandably more expensive than most other options, but that isn't necessarily a problem!

    Thanks again!

    :1013304
  • 0

    Hi Diz,

    With reference to your link to the page on Sophos for less than 100 users, I only just got around to downloading the free trial of the endpoint software, but then ran into a slight problem. If I've understood correctly, the Management Enterprise Console is designed to run on a network server and end-user computers are installed from there - which makes a lot of sense for business environment sysadmins who are dealing with a large number of end-user machines physically spreaf all over a large office building.

    So, what I'm wondering is, if one wanted to use the endpoint software on a couple of computers on a home network, obviously one doesn't want to go to the expense and hassle of buying and running an MS Server(!), just to install and run this endpoint software. What to do then? I note that the info says that the Console CAN be run on unsupported platforms (ie non-server systems) - and when I tried to install it on one Windows 7 laptop here, the check did say that it was an unsupported OS - but is that necessary, or would it be better and easier to just manually install the endpoint software modules directly onto the target computers?

    At this stage, it does seem to me that, as all of the modules necessary for the endpoint software installation obviously exist, the only thing preventing them from being installed on end-user or home computers is the lack of a simplified installer - so I'm wondering why it is that Sophos don't choose to compete in the home market with such a simplified (but still paid for) package?

    I realise that I may well be overlooking one thing though: namely, that perhaps the server is also required when the endpoint software is running on the end-user computers? Is it that that is where the database(s) of malware info are stored and used when endpoint scans are being carried out?

    I'd be grateful for some clarification at this point!

    :1013719
  • 0

    Hello nigelh,

    the management part  is only available for Windows and requires a server or high-end workstation OS (Windows 7 Enterprise/Professional), details are here. AFAIK all licenses also include the stand-alone versions for the platforms covered by the license. But frankly, a managed version is more fun :smileyvery-happy:.

    the server is also required when the endpoint software is running

    No, all the necessary software and data is stored on the client. Policies (aka 'settings' or 'preferences') can be configured on the server and distributed to the clients and the clients report their status and alerts and events (i.e. detections and resulting actions or errors). Also the server downloads updates from Sophos and provides them on a network share or a web folder (there is some limited implementation of this functionality available for other platforms). This has (or had) also the advantage for Sophos as it significantly reduces the load on (and costs of) the updating infrastructure. Things have changed, the HE version does update from Sophos (but consider the number of Mac users who want AV compared to Windows users) and recently a Cloud product has been released. One remaining reason to not (yet) target the home market is support - paying users would expect some sort of direct support.    

    Christian 

    :1013725