using AMTSO's anti-malware feature checks

Just tested this and the results are all blocked apart from my number three (the Potentially Unwanted Application test).

I'm running Sophos Anti-Virus for Mac version 9 which is the latest version for Mac OS X 10.6 and above.  Version 9 has Web Protection and so browsers are protected. Version 8 doesn't have the Web Protection feature.  It's a free upgrade to 9 and you're better protected.  If you're not running version 9 you may get different results.

Download version 9 here: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition/download.aspx

Thank you. I checked and my SAV was at version 8. Hm, how'd I miss that?

I installed version 9 and got results similar to yours, ruckus, except that for test 5 ("Test if my cloud protection is enabled"), the download file cloudcar.exe is downloaded (to the Downloads folder) with no notice by SAV. I checked my SAV preferences and both options for "Web Protection" are ON and there are no entries in the Exceptions tab.

I don't doubt your results. I just wish I could reproduce them on my machine (mid-2009 13" MacBook Pro running Mac OS X 10.9.2).

Thanks again -- Bob

---

Bob_Stromberg wrote:

Thank you. I checked and my SAV was at version 8. Hm, how'd I miss that?

---

Version 8 hasn't been automatically upgraded to 9 yet.  Version 8 is retiring in April 2014 so we'll then be upgrading users to 9 then.  Until that point it's optionally, though recommended, to upgrade your own installation.  See the thread below for more information.

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Support-ending-for-SAV-for-Mac-version-8-in-April-2014/td-p/15331

---

Bob_Stromberg wrote:

for test 5...the download file cloudcar.exe is downloaded...with no notice by SAV.

---

Detection can be a funny thing.  :smileyfrustrated: I tried the test over and over and managed, on one occasion, to experience SAV not detecting during test 5 the download.  Demo:

Note:  I had clicked all the 'Restore Default' buttons prior to testing to discard any customizations I may of made previously.  Example:

Maybe if you try the test multiple times with the default settings the behavior will alter slightly.

Hi ruckus, thanks for the careful testing and the clear description. I am not getting the "scan with Sophos" option on right-click so I can't test quite the same way. This computer is also suffering from quite slow response, even freezes, so I have reset SAV to all default preferences, will watch for a day of normal use, then start turning off functions and see if the freezes go away.

I'm impressed with the TLC your team give to customer input on this forum. Too bad the product-and-platform combination is so temperamental!

--Bob

One thing I noticed, is that Sophos failed Test #4 re: Phishing site, however, at the time, I could see that Sophos was auto-updating its database. After it had finished, it passed Test #4 presenting the dialogue of an unsafe site, as it should. However, I've been trying the tests on the site for some time due to a problem I'm having on a Windows PC using the Chrome browser. Using Firefox, I was alerted by the installed security system, but I never was in Chrome on the PC. I went to one of my Macs, all running Sophos (yes all of them are home computers...I'm retired actually) and the Phishing site was detected. It was only the one instance when Sophos was updating itself, that I was able to proceed to the pseudo-phishing page. Which makes me wonder if in fact, our systems are entirely secure during the Sophos update period?

I'm running a scan now, after having re-installed Sophos due to the server issue, but I will try to recreate the updating/phishing site access scenario when Sophos next needs an update (if my old eyes can catch it updating!) and post the results.

Bob

A FYI, two of those downloads are .exe, Windows only, which won't run on a Mac anyway. So, using those two to test is worthless.

Not necessarily worthless if you have windows machines on your home network as I do. I'd certainly like to know that an .exe file that I downloaded to my UPS to access later with my windows machines contains a virus. There's certainly no harm that will come to OS X of course, but many people use windows on a bootcamp partition or share files on their home network with PC's. 

As an aside, today, Sophos is not picking up the phishing page threat at all for some reason, and it's not updating right now either, so either it has "learned" that the AMTO phishing test site is not harmful afterall, or it needs to learn that it may be?

---

phubai wrote:

Not necessarily worthless if you have windows machines on your home network

---

Agreed.  If you only have a Mac environment then Windows binaries won't affect your network.  However if you have a mixed network and/or pass files to remote users (like email to friends with attachments) then scanning for threats to Windows on a Mac is important.

---

phubai wrote:

As an aside, today, Sophos is not picking up the phishing page threat at all for some reason, and it's not updating right now either, so either it has "learned" that the AMTO phishing test site is not harmful afterall, or it needs to learn that it may be?

---

Just test again and it's blocking the page for me...

...check Web Protection is enabled would be the first thing.

I don't believe there are any updating problems at the moment server-side (and my Macs are working OK).  If it's not updating check the log for any problems and consider any recent network/computer/firewall changes.

This link has a video that (if you skip the first two minutes because you know you have the 'Home Edition' - a lot of users aren't sure) explains a bit of log analysis for updating problems.

I only meant that those .exe files were worthless as a test of the SAV protection with OSX.

 BTW:  Though there is no on-access scanner PUA detection in SAV for Mac, you can do PUA on-demand scanning with the sweep program...

Just thought I'd mention it.