I work for a reseller of Sophos antivirus (not going to mention any names).
I use it day in day out at lots of different companies, varying in size.
And yes, its hopeless:
a) The program itself - server and client - are very unstable, they crash a
lot, having problems updating, are a nightmare to fix when they go wrong,
and generally not reliable enough.
b) As for its detecting virusses, it appears to get most but ONLY it is up
to working and up to date - the problem is it fails so often that you
generally find virusses find their way into your network. (By the way there
is a setting to scan 'normal' or 'extensive', i always set it to extensive,
but the default - 'normal' might not pick them all up)
c) When you install it, BY DEFAULT it doesnt take any action when it finds
a virus. It finds it, tells you about it, and does nothing. True you can
change a setting so it either deletes, shreds, or moves it, but this is a
pain if you have more than say 10 PCs. There is an option to change it from
the server console on the corporate edition but guess what - it rarely
works!!
d) The virus signatures (defininitions in NAV terms) only update once a
month, compared to all the other antivirus products that seem to update each
week or more.
e) Sophos technical support are rubbish, usually after 45 minutes on the
phone, we give up with them and e v e n t u a l l y fix the problem
ourselves.
"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b22f610d02f7a8498a5a0@news-server.columbus.rr.com...
> In article <40b9120a_5@127.0.0.1>, mailman@anonymous.org says...
>> Leythos wrote:
>>
>> > You need to look at two things right away:
>> >
>> > Firewall - use a firewall that allows for SMTP attachment filtering.
>> > This one feature can eliminate 99% of the virus infected inbound email
>> > to your system. This only works if you have your own email server(s),
>> > but I'm assuming that you do.
>>
>> I am getting a bit fed-up with Leythos' "advice". In the best case it is
>> off
>> topic (the OP was asking about Sophos, not opinions on security in
>> general), now it's outright misleading.
>
> You don't have to like my advice, I didn't charge you for it. The OP
> described a problem that presented more than just an AV issue - he
> specifically said he was getting infected many times over.
>
>> By definition a firewall has no mail filtering function. What you
>> describe
>> above is an SMTP proxy + anti-virus filtering. They'll both work fine
>> without any firewall whatsoever, exactly as any firewall will work
>> without
>> any proxies being involved.
>
> There are a few firewall appliances that have all sorts of PROXY
> services built into them - HTTP, SMTP, etc... They make a security
> managers job easier and don't really increase the cost of the appliance
> in comparison to other appliances without them.
>
>> Unfortunately an SMTP proxy will be effective only if you make sure your
>> users have no access to ANY other mail servers - which PHBs are less than
>> likely to accept ("I occasionally absolutely unconditionally NEED to look
>> at my private HotMail/AOL/Whatever account!").
>
> I was under the impression that he was asking about a company based
> problem, not a simple POP based solution outside the company. If a
> employee needs to check his home/aol account during the course of
> business they can have the business related email sent to their company
> account. If you want to do personal things while at work, well too bad.
> The availability of personal email (from non-company servers) while at
> work is just another hole in the security layer.
>
>> > Anti-Virus - get Norton AV corporate edition and use it. Setup the
>> > updates for every 4 hours on the server and have the server push the
>> > updates to the desktops. We have Symantec AV Corporate edition setup to
>> > FORCE updates and scan's of users computers. You can even install
>> > (push)
>> > the AV software to every desktop using the remote installer (right from
>> > the server).
>>
>> In my experience Norton has repeatedly failed to identify viruses. Even
>> worse, their way of filtering mail raises serious questions about data
>> security and confidentiality. There are enough good anti-virus programs
>> that will update automatically (or on command) and filter well without
>> passing your confidential information through Symantec's servers, not to
>> mention their outrageous subscription fees.
>
> And as I said, NAV Corporate and SBE provide all that you state SOPHOS
> does. Virus protection software is mostly reactive, meaning that a def
> is not available until after the virus is created, but some AV products
> can find suspicious files and applications based on things other than
> definitions.
>
>> BTW - in a proxy role Sophos can be quite effective: after all what you
>> need
>> is just to identify the presence of a virus (in order to block the
>> attachement/message), not clean it.
>
> I don't care about cleaning it, all I care about is removing the virus
> infected file/attachment from the system/email, and SBE make's it very
> easy to do this.
>
>> > Using these two methods we've eliminated ALL (100%) of inbound virus
>> > attachments from all the companies we manage.
>>
>> Just means you were lucky. No anti-virus can catch 100% for the simple
>> reason that a virus needs to be seen and analysed before a signature can
>> be
>> defined. Anyone who _guarantees_ to block 100% of incoming stuff is a
>> good
>> candidate for buying prime beach-front property in northern Mali.
>
> No, it means that we understand the threat fully, have found reliable
> methods to control it, and still are able to do business without any
> hindrance.
>
> We didn't even have a problem when the Zip's infections came out - they
> started as password protected Zip files and our rules block unscannable
> Zips while letting scannable (uninfected) Zips in.
>
>> All of this completely ignores the at least as serious issues of worms
>> and
>> trojans - which most anti-virus programs (including your beloved NAV)
>> will
>> not identify at all.
>
> I never said that NAV/SBE would be the only solution, I said that it was
> part of the solution which includes PROPER FIREWALL RULES/METHODS. I've
> found that NAV Corporate will catch more than just plain old virus
> files, it even catches ones that spawn from malicious web sites when
> people use IE without patches. We tested 8 different products before
> choosing NAV Corporate, and cost was not part of the factor, strictly
> based on protection ability.
>
>> > After you do the above, you need to look at HTTP filtering, filtering
>> > what sites users are permitted to access, and blocking ALL outbound
>> > access that is not strictly for business needs. You can even block IM
>> > and those sharing apps that people like to run from their computers to
>> > connect to home.
>>
>> At last some reasonable advice: do not allow indiscriminate outgoing
>> connections (your users will scream bloody murder at this point: "Are you
>> out of your mind? No IM and no Kazaa?"), use a filtering proxy for
>> outgoing
>> HTTP, disable all ActiveX (again a less than popular thing), disable
>> executable content (HTTP downloading).
>
> Actually, you might be surprised to learn that very few people actually
> have a business requirement for browsing the web, downloading files from
> non-approved sites, sharing files with unknown persons or running IM
> while at work. After implementing web blocking for clients we found a
> marked increase in productivity at most offices - funny how that works.
>
> There are a lot of things that can be done, and AV software is only a
> part of it. Just because I have found a reliable, easy to use, very
> effective AV product that has a proven track-record in use across world.
> While you may like SOPHOS, I like NAV Corporate and SBE for Exchange for
> clients and servers.
>
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
| I work for a reseller of Sophos antivirus (not going to mention any names).
| I use it day in day out at lots of different companies, varying in size.
|
| And yes, its hopeless:
| a) The program itself - server and client - are very unstable, they crash a
| lot, having problems updating, are a nightmare to fix when they go wrong,
| and generally not reliable enough.
Depends upon how stable the PC is/was when the software was installed. In all the years I
have monitored AV News groups, yours is the first real Sophos complaint while have read
gundreds on NAV.
| b) As for its detecting virusses, it appears to get most but ONLY it is up
| to working and up to date - the problem is it fails so often that you
| generally find virusses find their way into your network. (By the way there
| is a setting to scan 'normal' or 'extensive', i always set it to extensive,
| but the default - 'normal' might not pick them all up)
Many AV software are configurable. For example, all file type or selected file types and
scan archive files. Both settings can influence teh catch rate of the AV application.
| c) When you install it, BY DEFAULT it doesnt take any action when it finds
| a virus. It finds it, tells you about it, and does nothing. True you can
| change a setting so it either deletes, shreds, or moves it, but this is a
| pain if you have more than say 10 PCs. There is an option to change it from
| the server console on the corporate edition but guess what - it rarely
| works!!
YMMV -- you experience tthis, other may not.
| d) The virus signatures (defininitions in NAV terms) only update once a
| month, compared to all the other antivirus products that seem to update each
| week or more.
Not True. There is an a engine update per month and daily (and I can tell if it is done
multiple times per day) there are WEB IDE updates.
| e) Sophos technical support are rubbish, usually after 45 minutes on the
| phone, we give up with them and e v e n t u a l l y fix the problem
| ourselves.
When NAI bought McAfee their support went down the tubes. Now that McAfee has sold of the
Sniffer didvision and is cconcentrating on core compentenbcies, their support is improving.
Symantec's support has always SUCKED ! Actually, good support is hard to find and in short
supply these days.
Dave
PS: If you /*REALLY*/ want to discuss this, post your findings in; alt.comp.virus
| "Leythos" <void@nowhere.com> wrote in message
| news:MPG.1b22f610d02f7a8498a5a0@news-server.columbus.rr.com...
>> In article <40b9120a_5@127.0.0.1>, mailman@anonymous.org says...
>>> Leythos wrote:
>>>
>>>> You need to look at two things right away:
>>>>
>>>> Firewall - use a firewall that allows for SMTP attachment filtering.
>>>> This one feature can eliminate 99% of the virus infected inbound email
>>>> to your system. This only works if you have your own email server(s),
>>>> but I'm assuming that you do.
>>>
>>> I am getting a bit fed-up with Leythos' "advice". In the best case it is
>>> off
>>> topic (the OP was asking about Sophos, not opinions on security in
>>> general), now it's outright misleading.
>>
>> You don't have to like my advice, I didn't charge you for it. The OP
>> described a problem that presented more than just an AV issue - he
>> specifically said he was getting infected many times over.
>>
>>> By definition a firewall has no mail filtering function. What you
>>> describe
>>> above is an SMTP proxy + anti-virus filtering. They'll both work fine
>>> without any firewall whatsoever, exactly as any firewall will work
>>> without
>>> any proxies being involved.
>>
>> There are a few firewall appliances that have all sorts of PROXY
>> services built into them - HTTP, SMTP, etc... They make a security
>> managers job easier and don't really increase the cost of the appliance
>> in comparison to other appliances without them.
>>
>>> Unfortunately an SMTP proxy will be effective only if you make sure your
>>> users have no access to ANY other mail servers - which PHBs are less than
>>> likely to accept ("I occasionally absolutely unconditionally NEED to look
>>> at my private HotMail/AOL/Whatever account!").
>>
>> I was under the impression that he was asking about a company based
>> problem, not a simple POP based solution outside the company. If a
>> employee needs to check his home/aol account during the course of
>> business they can have the business related email sent to their company
>> account. If you want to do personal things while at work, well too bad.
>> The availability of personal email (from non-company servers) while at
>> work is just another hole in the security layer.
>>
>>>> Anti-Virus - get Norton AV corporate edition and use it. Setup the
>>>> updates for every 4 hours on the server and have the server push the
>>>> updates to the desktops. We have Symantec AV Corporate edition setup to
>>>> FORCE updates and scan's of users computers. You can even install
>>>> (push)
>>>> the AV software to every desktop using the remote installer (right from
>>>> the server).
>>>
>>> In my experience Norton has repeatedly failed to identify viruses. Even
>>> worse, their way of filtering mail raises serious questions about data
>>> security and confidentiality. There are enough good anti-virus programs
>>> that will update automatically (or on command) and filter well without
>>> passing your confidential information through Symantec's servers, not to
>>> mention their outrageous subscription fees.
>>
>> And as I said, NAV Corporate and SBE provide all that you state SOPHOS
>> does. Virus protection software is mostly reactive, meaning that a def
>> is not available until after the virus is created, but some AV products
>> can find suspicious files and applications based on things other than
>> definitions.
>>
>>> BTW - in a proxy role Sophos can be quite effective: after all what you
>>> need
>>> is just to identify the presence of a virus (in order to block the
>>> attachement/message), not clean it.
>>
>> I don't care about cleaning it, all I care about is removing the virus
>> infected file/attachment from the system/email, and SBE make's it very
>> easy to do this.
>>
>>>> Using these two methods we've eliminated ALL (100%) of inbound virus
>>>> attachments from all the companies we manage.
>>>
>>> Just means you were lucky. No anti-virus can catch 100% for the simple
>>> reason that a virus needs to be seen and analysed before a signature can
>>> be
>>> defined. Anyone who _guarantees_ to block 100% of incoming stuff is a
>>> good
>>> candidate for buying prime beach-front property in northern Mali.
>>
>> No, it means that we understand the threat fully, have found reliable
>> methods to control it, and still are able to do business without any
>> hindrance.
>>
>> We didn't even have a problem when the Zip's infections came out - they
>> started as password protected Zip files and our rules block unscannable
>> Zips while letting scannable (uninfected) Zips in.
>>
>>> All of this completely ignores the at least as serious issues of worms
>>> and
>>> trojans - which most anti-virus programs (including your beloved NAV)
>>> will
>>> not identify at all.
>>
>> I never said that NAV/SBE would be the only solution, I said that it was
>> part of the solution which includes PROPER FIREWALL RULES/METHODS. I've
>> found that NAV Corporate will catch more than just plain old virus
>> files, it even catches ones that spawn from malicious web sites when
>> people use IE without patches. We tested 8 different products before
>> choosing NAV Corporate, and cost was not part of the factor, strictly
>> based on protection ability.
>>
>>>> After you do the above, you need to look at HTTP filtering, filtering
>>>> what sites users are permitted to access, and blocking ALL outbound
>>>> access that is not strictly for business needs. You can even block IM
>>>> and those sharing apps that people like to run from their computers to
>>>> connect to home.
>>>
>>> At last some reasonable advice: do not allow indiscriminate outgoing
>>> connections (your users will scream bloody murder at this point: "Are you
>>> out of your mind? No IM and no Kazaa?"), use a filtering proxy for
>>> outgoing
>>> HTTP, disable all ActiveX (again a less than popular thing), disable
>>> executable content (HTTP downloading).
>>
>> Actually, you might be surprised to learn that very few people actually
>> have a business requirement for browsing the web, downloading files from
>> non-approved sites, sharing files with unknown persons or running IM
>> while at work. After implementing web blocking for clients we found a
>> marked increase in productivity at most offices - funny how that works.
>>
>> There are a lot of things that can be done, and AV software is only a
>> part of it. Just because I have found a reliable, easy to use, very
>> effective AV product that has a proven track-record in use across world.
>> While you may like SOPHOS, I like NAV Corporate and SBE for Exchange for
>> clients and servers.
>>
>> --
>> --
>> spamfree999@rrohio.com
>> (Remove 999 to reply to me)
|
> I work for a reseller of Sophos antivirus (not going to mention any names).
> I use it day in day out at lots of different companies, varying in size.
>
> And yes, its hopeless:
I don't agree.
> a) The program itself - server and client - are very unstable, they crash a
> lot, having problems updating, are a nightmare to fix when they go wrong,
> and generally not reliable enough.
Mine has never crashed. However, they've recently updated the whole
software package and I don't know how this performs. I'm still using
the 3.x version which is supported until the end of the year.
> b) As for its detecting virusses, it appears to get most but ONLY it is up
> to working and up to date
Same can be said for all AV progs.
> - the problem is it fails so often that you
> generally find virusses find their way into your network. (By the way there
> is a setting to scan 'normal' or 'extensive', i always set it to extensive,
> but the default - 'normal' might not pick them all up)
> c) When you install it, BY DEFAULT it doesnt take any action when it finds
> a virus. It finds it, tells you about it, and does nothing. True you can
> change a setting so it either deletes, shreds, or moves it, but this is a
> pain if you have more than say 10 PCs. There is an option to change it from
> the server console on the corporate edition but guess what - it rarely
> works!!
Well it seems to work well enough on our network with thousands of PCs,
but we also have other protection in place like stripping executables
from email. I can only recall one infection (localised and quickly
dealt with) in some years.
> d) The virus signatures (defininitions in NAV terms) only update once a
> month, compared to all the other antivirus products that seem to update each
> week or more.
No. they're updated as and when necessary, often several times a day.
> e) Sophos technical support are rubbish, usually after 45 minutes on the
> phone, we give up with them and e v e n t u a l l y fix the problem
> ourselves.
Can't speak for phone support, but whenever I've sent fresh malware
samples by email they've responded quickly by sending me a definition
file (IDE).
m wrote:
> I work for a reseller of Sophos antivirus (not going to mention any names).
> I use it day in day out at lots of different companies, varying in size.
>
> And yes, its hopeless:
> a) The program itself - server and client - are very unstable, they crash a
> lot, having problems updating, are a nightmare to fix when they go wrong,
> and generally not reliable enough.
We used it for over 4 yrs now - it never crashed our server!
> b) As for its detecting virusses, it appears to get most but ONLY it is up
> to working and up to date - the problem is it fails so often that you
> generally find virusses find their way into your network. (By the way there
> is a setting to scan 'normal' or 'extensive', i always set it to extensive,
> but the default - 'normal' might not pick them all up)
The virus detecter is only as good as the latest "signature" - same for
ALL virus buster!!
> c) When you install it, BY DEFAULT it doesnt take any action when it finds
> a virus. It finds it, tells you about it, and does nothing. True you can
> change a setting so it either deletes, shreds, or moves it, but this is a
> pain if you have more than say 10 PCs. There is an option to change it from
> the server console on the corporate edition but guess what - it rarely
> works!!
There are reasons for doing it - this is where the system administrator
comes in!
> d) The virus signatures (defininitions in NAV terms) only update once a
> month, compared to all the other antivirus products that seem to update each
> week or more.
Please read your manual or call Sophos! Our "signature" file is updated
every hour (if there is one - system checks the Sophos server for
updates, and they do work 24 hours!)
Are you in change of the system, or you just a user? Someone in "your"
work place needs to have their skills updated!
> e) Sophos technical support are rubbish, usually after 45 minutes on the
> phone, we give up with them and e v e n t u a l l y fix the problem
> ourselves.
>
>
>
From my own experience, l am quite happy with Sophos
>
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b22f610d02f7a8498a5a0@news-server.columbus.rr.com...
>
>>In article <40b9120a_5@127.0.0.1>, mailman@anonymous.org says...
>>
>>>Leythos wrote:
>>>
>>>
>>>>You need to look at two things right away:
>>>>
>>>>Firewall - use a firewall that allows for SMTP attachment filtering.
>>>>This one feature can eliminate 99% of the virus infected inbound email
>>>>to your system. This only works if you have your own email server(s),
>>>>but I'm assuming that you do.
>>>
>>>I am getting a bit fed-up with Leythos' "advice". In the best case it is
>>>off
>>>topic (the OP was asking about Sophos, not opinions on security in
>>>general), now it's outright misleading.
>>
>>You don't have to like my advice, I didn't charge you for it. The OP
>>described a problem that presented more than just an AV issue - he
>>specifically said he was getting infected many times over.
>>
>>
>>>By definition a firewall has no mail filtering function. What you
>>>describe
>>>above is an SMTP proxy + anti-virus filtering. They'll both work fine
>>>without any firewall whatsoever, exactly as any firewall will work
>>>without
>>>any proxies being involved.
>>
>>There are a few firewall appliances that have all sorts of PROXY
>>services built into them - HTTP, SMTP, etc... They make a security
>>managers job easier and don't really increase the cost of the appliance
>>in comparison to other appliances without them.
>>
>>
>>>Unfortunately an SMTP proxy will be effective only if you make sure your
>>>users have no access to ANY other mail servers - which PHBs are less than
>>>likely to accept ("I occasionally absolutely unconditionally NEED to look
>>>at my private HotMail/AOL/Whatever account!").
>>
>>I was under the impression that he was asking about a company based
>>problem, not a simple POP based solution outside the company. If a
>>employee needs to check his home/aol account during the course of
>>business they can have the business related email sent to their company
>>account. If you want to do personal things while at work, well too bad.
>>The availability of personal email (from non-company servers) while at
>>work is just another hole in the security layer.
>>
>>
>>>>Anti-Virus - get Norton AV corporate edition and use it. Setup the
>>>>updates for every 4 hours on the server and have the server push the
>>>>updates to the desktops. We have Symantec AV Corporate edition setup to
>>>>FORCE updates and scan's of users computers. You can even install
>>>>(push)
>>>>the AV software to every desktop using the remote installer (right from
>>>>the server).
>>>
>>>In my experience Norton has repeatedly failed to identify viruses. Even
>>>worse, their way of filtering mail raises serious questions about data
>>>security and confidentiality. There are enough good anti-virus programs
>>>that will update automatically (or on command) and filter well without
>>>passing your confidential information through Symantec's servers, not to
>>>mention their outrageous subscription fees.
>>
>>And as I said, NAV Corporate and SBE provide all that you state SOPHOS
>>does. Virus protection software is mostly reactive, meaning that a def
>>is not available until after the virus is created, but some AV products
>>can find suspicious files and applications based on things other than
>>definitions.
>>
>>
>>>BTW - in a proxy role Sophos can be quite effective: after all what you
>>>need
>>>is just to identify the presence of a virus (in order to block the
>>>attachement/message), not clean it.
>>
>>I don't care about cleaning it, all I care about is removing the virus
>>infected file/attachment from the system/email, and SBE make's it very
>>easy to do this.
>>
>>
>>>>Using these two methods we've eliminated ALL (100%) of inbound virus
>>>>attachments from all the companies we manage.
>>>
>>>Just means you were lucky. No anti-virus can catch 100% for the simple
>>>reason that a virus needs to be seen and analysed before a signature can
>>>be
>>>defined. Anyone who _guarantees_ to block 100% of incoming stuff is a
>>>good
>>>candidate for buying prime beach-front property in northern Mali.
>>
>>No, it means that we understand the threat fully, have found reliable
>>methods to control it, and still are able to do business without any
>>hindrance.
>>
>>We didn't even have a problem when the Zip's infections came out - they
>>started as password protected Zip files and our rules block unscannable
>>Zips while letting scannable (uninfected) Zips in.
>>
>>
>>>All of this completely ignores the at least as serious issues of worms
>>>and
>>>trojans - which most anti-virus programs (including your beloved NAV)
>>>will
>>>not identify at all.
>>
>>I never said that NAV/SBE would be the only solution, I said that it was
>>part of the solution which includes PROPER FIREWALL RULES/METHODS. I've
>>found that NAV Corporate will catch more than just plain old virus
>>files, it even catches ones that spawn from malicious web sites when
>>people use IE without patches. We tested 8 different products before
>>choosing NAV Corporate, and cost was not part of the factor, strictly
>>based on protection ability.
>>
>>
>>>>After you do the above, you need to look at HTTP filtering, filtering
>>>>what sites users are permitted to access, and blocking ALL outbound
>>>>access that is not strictly for business needs. You can even block IM
>>>>and those sharing apps that people like to run from their computers to
>>>>connect to home.
>>>
>>>At last some reasonable advice: do not allow indiscriminate outgoing
>>>connections (your users will scream bloody murder at this point: "Are you
>>>out of your mind? No IM and no Kazaa?"), use a filtering proxy for
>>>outgoing
>>>HTTP, disable all ActiveX (again a less than popular thing), disable
>>>executable content (HTTP downloading).
>>
>>Actually, you might be surprised to learn that very few people actually
>>have a business requirement for browsing the web, downloading files from
>>non-approved sites, sharing files with unknown persons or running IM
>>while at work. After implementing web blocking for clients we found a
>>marked increase in productivity at most offices - funny how that works.
>>
>>There are a lot of things that can be done, and AV software is only a
>>part of it. Just because I have found a reliable, easy to use, very
>>effective AV product that has a proven track-record in use across world.
>>While you may like SOPHOS, I like NAV Corporate and SBE for Exchange for
>>clients and servers.
>>
>>
>>--
>>--
>>spamfree999@rrohio.com
>>(Remove 999 to reply to me)
>
>
>
>
>
>
Re: SOPHOS Antivirus 
Linear Mode
