DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 24, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 77 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

Google security researcher says Sophos antivirus is not safe

Posted on Wednesday, November 07 2012 @ 18:08:34 CET by


Google logo
Google security engineer Tavis Ormandy speaks out against Sophos in a 30-page analysis called "Sophail: Applied attacks against Sophos Antivirus". In the report, Ormandy details several flaws in the antivirus software caused by "poor development practives and coding stanards". The security researcher advises companies to stay away from Sophos software, unless Sophos can avoid easy mistakes and issue patches faster. Full details at CSO.
One of the exploits Ormandy details is for a flaw in Sophos‘ on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the “wormable, pre-authentication, zero-interaction, remote root” affected all platforms running Sophos.

Ormandy released the paper (PDF) as an independent security researcher and concludes: “[I]nstalling Sophos Antivirus exposes machines to considerable risk. If Sophos do not urgently improve their security posture, their continued deployment causes significant risk to global networks and infrastructure.”

The Google security engineer courted controversy two years ago after he released attack code for a Microsoft Windows XP bug just five days after reporting it to Microsoft. He appears to have made no such error this time, giving Sophos two months to fix the flaws.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba