Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 4582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does this product contravene UK consumer protection legislation?

Oldwilliam
This seems to be a very useful software tool for patching/warning the home user about vulnerabilities and about malware such as trojans, but as it's labelled as an "anti-virus" product, and no-one has ever yet demonstrated the existence of a virus for a *nix-based operating system (or else they would have claimed the substantial prize offered for many years by Netproject for infecting a properly-configured Linux box with a virus!), does this product breach UK consumer protection legislation? It certainly claims, by implication, that *nix viruses exist, the truth of which Sophos would have to demonstrate publicly (e.g. to the Advertising Standards Authority) if a complaint was made.
:1000073


This thread was automatically locked due to age.
Parents
  • 0

    OldWilliam, as one sample of a virus for OS X, I'd like to bring your attention to the Macarena/MachOMan virus, which, while proof-of-concept, is a Mac OS X virus that infects Mach-O binaries.  The author breaks down exactly how it works on his website, and I think you'll agree that it definitely exhibits virus-like activity.  While the replication method is not the same as that used on Windows, neither was the replication method for classic Mac viruses (which yes, didn't have privelege separation).

    I'll also note that he published it in October 2006.  Sophos products detect it.

    There are always mechanisms for self-replication on a computer system; the only difference from one model to another is how many and what systems have to be subverted in order to achieve it (sometimes, the end user has to be tricked into privelege escalation as part of the infection process).  On Unix/Linux systems, usually the virus has to be executed as root or some other priveleged user, which means a secondary process (rootkit) needs to be invoked first in order to escalate priveleges.  I'm sure you'll agree that there are definitely rootkits for Unix/Linux.  However, on OS X, you can actually have processes running at the user level (from ~/Applications/, for example), and these processes have full access to userland data, even if they can never touch files at the system level.  Hardware memory management definitely helps, but it can still be manipulated.

    I'll also add that while the technical use of "virus" in computer security refers to self-replicating malware that infects a host file/system, the use of the term by the general public (similar to the use of virii as a plural form) is accepted in the vernacular to mean malicious and/or unauthorised software that replicates through any mechanism, similar to how the term "hacker" refers to one who takes a product designed for one use and uses it for another, but is generally used by the public to refer to someone who abuses weaknesses in computer systems to gain illegal access.

    However, it's my guess (not my knowledge) that SAV for Mac is so named because it uses the same detection engine as the rest of Sophos' SAV line, which has been around since before malware other than viruses were very prevalent on computer systems.

    I hope this answers some of your concerns.

    :1001007
Reply
  • 0

    OldWilliam, as one sample of a virus for OS X, I'd like to bring your attention to the Macarena/MachOMan virus, which, while proof-of-concept, is a Mac OS X virus that infects Mach-O binaries.  The author breaks down exactly how it works on his website, and I think you'll agree that it definitely exhibits virus-like activity.  While the replication method is not the same as that used on Windows, neither was the replication method for classic Mac viruses (which yes, didn't have privelege separation).

    I'll also note that he published it in October 2006.  Sophos products detect it.

    There are always mechanisms for self-replication on a computer system; the only difference from one model to another is how many and what systems have to be subverted in order to achieve it (sometimes, the end user has to be tricked into privelege escalation as part of the infection process).  On Unix/Linux systems, usually the virus has to be executed as root or some other priveleged user, which means a secondary process (rootkit) needs to be invoked first in order to escalate priveleges.  I'm sure you'll agree that there are definitely rootkits for Unix/Linux.  However, on OS X, you can actually have processes running at the user level (from ~/Applications/, for example), and these processes have full access to userland data, even if they can never touch files at the system level.  Hardware memory management definitely helps, but it can still be manipulated.

    I'll also add that while the technical use of "virus" in computer security refers to self-replicating malware that infects a host file/system, the use of the term by the general public (similar to the use of virii as a plural form) is accepted in the vernacular to mean malicious and/or unauthorised software that replicates through any mechanism, similar to how the term "hacker" refers to one who takes a product designed for one use and uses it for another, but is generally used by the public to refer to someone who abuses weaknesses in computer systems to gain illegal access.

    However, it's my guess (not my knowledge) that SAV for Mac is so named because it uses the same detection engine as the rest of Sophos' SAV line, which has been around since before malware other than viruses were very prevalent on computer systems.

    I hope this answers some of your concerns.

    :1001007
Children
No Data