Sophos Compensation for Shh/Updater-B false positive update debacle.

I don't know about compensation, but I'm not as Pro-Sophos as I used to be.

I just received their latest email which states:

The root cause analysis is now available on our website, linked from our knowledgebase article. In it we explain how this event occurred and what changes Sophos has already made—or will make in the near future—to ensure this kind of incident does not happen again.

Clicking on the link takes you to a page where none of the above is stated???

Absolute rubbish and unprofessional. I will be looking at other Anti-Virus products when our contract is up. I think one of the problems with Sophos is they're trying to do too much. They should just concentrate on the thing they 'used' to do best.

Oh and another thing that also pushes me away from them, is how they give MAC users FREE AV software???

Yeah... See ya Sophos.

After reading the report what I find particularly disturbing is that the test phase for false positives is run on a Linux environment!  Which is  abit odd as the software mainly runs on a windows one! School boy error to say the least!

"False positive tests. In parallel to the IDE test, Sophos conducts a false positive test on any IDE release candidate. The false positive test environment (or "rig") consists of a very large number of parallel systems. These systems use our most recently released threat detection engine and rules, with the release candidate IDE added, to scan more than 10 million "good" files and terabytes of data. The set of test files is regularly updated and includes all Microsoft operating system files, many popular applications (such as Java, Adobe, and Google Maps), a large number of business applications, and all current and previous releases of Sophos products.

The threat detection engine is compiled on and supported on multiple platforms including Windows and many Linux/UNIX variants. Because the test is designed to be comprehensive and because there is such a huge data set, the false positive tests are executed on Linux servers. The vast majority of Sophos rules and identities are designed to be cross-platform and run identically across multiple operating systems, including Linux, Windows, Mac OS, and UNIX. The core purpose of the false positive test was to identify false positives, not to confirm cross-platform operability of the IDE. This rule was a rare example of one that was written by the analyst to operate only in Windows environments. Since the false positive rig operates only on Linux servers, the tests did not flag the Shh/ false positives because the rule with the underlying error was specifically flagged for.

Kerry 

Maybe the link should take you to the 'root cause analysis' first???

The information you are immediately presented with, we all know, only too well, as we the consumer had to DEAL with it.

As for the MAC free version. If people are stupid enough to pay 3x as much for 1/2 of what a windows pc can do, and they are SOLD on the basis that there are no viruses blah blah blah.. Then why should we 'the paying consumer' help fund something to give them something for FREE, when they obviously have more money than sense anyway.

Just concentrate on getting your MAIN product right, which we PAY a LOT of money for.

People.... thanks for the comments but I really need to push the compensation issue as we are considerably out of pocket and already have a few clients who due to this issue now want us to look into offering some kind of reduced price on their licence or replacing Sophos with one of their competitors when the licence is due for renewal.

Unless resolved there is no incentive for us as a re-seller to re-enforce Sophos's position in the security market specially to sceptical clients.

Further thoughts...???

you need to talk direct to Sophos.  But to me if you have suffered a material loss (and it looks like you probably have) then you should be compensated.  And on the face of it reading the report you could argue from a legal point of view Sophos have would be liable.

One for the lawyers I think if you don't get any joy

Sorry for going off on a tangent, but it does show that SOPHOS read your post about compensation, seeing as they replied... Albeit to me and not you, which doesn't surprise me...

But it looks like we got their attention for you if nothing else.

Good Luck cat-systems and keep us all appraised of your progress.

Oh look..

Sophos have now REMOVED their post.. :/

Not to worry.. I have a screenie of it if you need it 'cat-systems'

Sure NSheld do that... i'll PM them if I can.

I wish Sophos were as good at avoiding problems as they are at avoiding my e-mails...!!!

Hi,

First, I removed that post because I didn't think that focusing on the fine detail of message delivery at that point in a discussion like this was going to help. There was nothing sinister behind it, I promise, and we certainly wouldn't remove a post from someone from outside Sophos in that way ("inappropriate" content aside).

Second, this isn't really a very good forum for claims for compensation, as we're all Technical Support guys here. We do appreciate how much work and annoyance this has caused (we've been working direct with customers since the false positive happened), but have no involvement with that aspect of the business. I have, however, flagged up this thread. In general, your account managers are the best place to start, as they best understand your particular circumstances, and can take the discussion further.

Best regards,

spike.