Sophos UTM Home Edition and UTM Essential Firewall #44
Comments
|
Sorry, but I don't like Sophos products after reading Tavis Ormandy's "Sophail" report, nor AV solutions for Mac in general. Therefore, I would rather not recommend these products for advanced users. |
|
I don't know where we can talk a bit without reopening an issue... please tell me. What do you to protect you or your correspondants/colleagues against viruses on email, usb drive...? Today, malware are even coming from
Not having an AV is quite irresponsible, even if seldomly some are the targets of attacks. Thanks, |
|
I disagree - advanced users may be increasing attack surface by running AV software, such as Sophos products. The current anti virus offerings for Mac which I've seen have seen are poorly written (e.g., references to Windows registry keys in the code) and I would rather not recommend them, and instead give practical advice for avoiding compromise. I agree one size doesn't fit all, so I will leave this issue open for comment for a little while. |
|
I have ClamXav installed but only run it every 3 months or so. It doesn't have live protection, so it shouldn't grab resources when not running. Now, admittedly, I don't know how good the code or threat detection are. |
|
I regard AV as snakeoil and agree with @drduh |
|
@jzorn As an addendum, I've caught malware on the Mac. Of course I knew I was downloading something I really wanted from a shaky source. |
|
I don't claim there is no malware for Mac OS X. I'm just saying that AV won't necessarily protect you from it but might give you a false feeling of safety. |
|
ClamXav is quite weak, specially if you go six-feets under... Be careful, like for VPN, Hostings or AV, lot of review sites are just affiliates crap. BitDefender on Mac, Window$ and Android is really nice, all tests are very good and updates are fast. Avast does not go well with LittleSnitch for the Web protection. If you had never used ad blockers, most have also list of malware sites, not just ads or trackers. I have remove avira, sophos and avg, I think because not stable and avg not very effective. There is also http://www.virustotal.com, check files and url with 50+ AV. |
|
It is different if you are alone with your mac, of if you have exchanges with poor window$ victims. |
|
I do not recommend using AV. Also, I don't follow the protection-for-others reasoning. |
|
And what do you do with this kind of threat? It happens on Google Play and App Store... what's next, printer drivers. |
|
If I remember correctly, XCodeGhost and applications infected by XCodeGhost were not picked up by AV anyways - AV would have not helped you. |
|
But affected developers/apps or apple/ms/google/hadware-manufacturers... would not/never react as fast as and 'good' antivirus company, which can stop the spreading and warn/clean already infected user's devices. good = a company big enough to have either lots of feedbacks or employees to enhance their AV asap. See Google plans to change how updates/patches are made to Android, without having to wait for phone-manufacturers which in most cases send an 'oem' updates months after, no matter how dangerous is the problem... The daily news about malware and Co is frightening... |
|
Okay, so you are afraid to catch a printer driver in the wild that will infect your system, but you trust an AV product? How can you be sure that your download of the virus scanner is not infected? Even worse, AV usually runs with super user rights, while most other user space programs does not require this. |
|
:-) funny, but you trust Apple..., see above and subscribe to Apple Security List... frightening too. |
|
As a matter of fact, I don't. Anyways, this discussion sidetracked and I don't believe that either of us has any new relevant information. Maybe @drduh should make a decision on that matter. |
|
Thanks for the rich discussion. Obviously, AV is a double-edged sword which provides benefits to some users, but poses a risk to others. One of the reasons I wrote this guide is so that more advanced Mac users wouldn't need to use AV software, because they would be protected by hardening measures and be empowered by a few good lessons on opsec. I'll keep this issue open to solicit any more comments, and I'll definitely include a more in-depth AV section in the upcoming El Capitan guide, which will go into the threat model and risks, as well as cite some recent failures in commercial products. One article which comes to mind is https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/ |
|
The only thing AV software does on the modern internet is expose a huge attack surface and waste resources. If you are in a corporate environment (IT-managed machines), the choice isn't yours to make and this guide probably isn't for you. |
|
@bryson funny guy... all soft are offering huge surface. A better idea to stop spreading? |
|
@TraderStf Please stop it. You have made your point clear as day, and so has everyone else. There is no single one answer or truth to this. As it has already been pointed out, an AV program adds an attack surface and potentially removes some. There's as far as I can tell noone here that doesn't understand that tradeoff. Whether AV is right for you or not depends on your specific needs and requirements. There's no single answer. I wish everyone could stop whining about this now. What there is to say has probably been said. |
|
My thoughts are now reflected in the guide. I apologize for the advanced/novice user dichotomy on this matter, but it's just how I feel. I referenced this issue; if anyone has any objections, please reopen and comment. |
|
Antivirus Software while it increases the attack surface - isn't a bad idea for macOS users who have less technical knowledge. Some anti-virus software (Sophos products do this, not sure about other vendors) have a blacklist of malware/phishing URLs to prevent it from ever being downloaded. Of course how you secure your system is largely dependent on your threat model and the users running the system. |
Don't know where to add this two free applications...
UTM Home Edition
https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
Requires a dedicated newly formatted PC, not a Mac.
I like this feature: can use multiple Internet connections at the same time, giving you more bandwidth.
UTM Essential Firewall
https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx
Free version of the Sophos UTM software and offers fundamental security functions to help protect any business network. Start today and implement a firewall into your company’s IT environment—without charge and no strings attached.
The text was updated successfully, but these errors were encountered: