App Review Sophos Home Premium beta - Review and test

[Parsh]

Hey Kev, just watched it.. awesome tour video You're right, it's overall light but with some lags caused when many malware are detected. That's it.

The management console and provisions are laudable. I'm sure you liked the tour of options just like I did
Though having no option to configure offline (an ON/OFF toggle with maybe a password could do) can be problematic. You temporarily deactivate it, (if) a fairly long connection loss occurs —> you'll get mad at it!
It sometimes takes good amount of time to reflect changes of configuration, even on 4G.

GUI bugs and 'Quarantine' aside, Unlike most other AVs, it doesn't wipe the original sample out in most cases as we saw. Instead it blocks/cleans the triggered malicious process. Won't that be a problem if the malware file remains on your disk and you've to share its parent folder with someone?!
Getting to know which file triggered the malware can be an issue after the triggered malicious process is cleaned (since GUI logs are cleaned), though you can access the logs from the web portal.
It's basically meant for those users who regularly (can/do) rely on network access for such tasks. And quite handy to monitor remotely for sure.

 

[Azure]

I kinda have a weird feeling about this, it seems like they took HMPA and HMP and put a different UI / web management panel on it.

That's a given considering they bought Surfright
HitmanPro.ALERT Support and Discussion Thread

 

[mekelek]

That's a given considering they bought Surfright
HitmanPro.ALERT Support and Discussion Thread

I'm aware of that, but it still looks like a whack job..

 

[Parsh]

I kinda have a weird feeling about this, it seems like they took HMPA and HMP and put a different UI / web management panel on it.

Except that BD and Kaspersky engines from HMP aren't included.. and some traditional Sophos features are present.

That's a given considering they bought Surfright
HitmanPro.ALERT Support and Discussion Thread

But how they intend to use HMP or change their approach is unpredictable. If they intend to use HMP completely (In-house + Kasp + BD) they would have already done that. But the focus here, for the AV part, is Sophos engine, accompanied by HMPA.
If they add Kasp + BD engines for any modes of protection, that would be great!

 

[mekelek]

Except that BD and Kaspersky engines from HMP aren't included.. and some traditional Sophos features are present.


But how they intend to use HMP or change their approach is unpredictable. If they intend to use HMP completely (In-house + Kasp + BD) they would have already done that. But the focus here, for the AV part, is Sophos engine, accompanied by HMPA.
If they add Kasp + BD engines for any modes of protection, that would be great!

sooo it's a worse version of HMPA, meanwhile HMPA is getting a big update.
well that's underwhelming.

 

[Parsh]

sooo it's a worse version of HMPA, meanwhile HMPA is getting a big update.
well that's underwhelming.

I did not write regarding HMPA's performance/version. But the company must be integrating the latest of HMPA into their 'Premium Home Beta' since it's intention clearly is upping their game!
Only if they wish to test HMPA individually and then include that version in Premium Home Beta, then what you said could be possible; but I think they shouldn't be doing that, since this new Premium Home is 'Beta' ..

 

[mekelek]

I did not write regarding HMPA's performance/version. But the company must be integrating the latest of HMPA into their 'Premium Home Beta' since it's intention clearly is upping their game!
Only if they wish to test HMPA individually and then include that version in Premium Home Beta, then what you said could be possible; but I think they shouldn't be doing that, since this new Premium Home is 'Beta' ..

I know.
Well they seem to have a different product with the "older" (newer meaning the beta of HMPA) HMPA atm. I wonder if they will just change up the UI a bit more and keep it like that while HMPA is getting different updates.

Or are they gonna put HMPA's recent versions under this "Premium Home" product and target a different audience?

 

[Parsh]

I know.
Well they seem to have a different product with the "older" (newer meaning the beta of HMPA) HMPA atm. I wonder if they will just change up the UI a bit more and keep it like that while HMPA is getting different updates.

Or are they gonna put HMPA's recent versions under this "Premium Home" product and target a different audience?

Our thoughts converged at the same question. I'll try contacting them or get some details on their forum.

 

[mekelek]

Our thoughts converged at the same question. I'll try contacting them or get some details on their forum.

got this answer on the other forum:

I'm not positive how the update process with work with Sophos Home and HMPA; if they will be updated simultaneously or on their own schedule. That said, I would say it's safe to assume that improvements to HMPA would also happen to Sophos Home. Both products are under the Sophos roof and we want to utilize good tech that we have.

doesn't seem like they know it yet either

 

[Janl1992l]

I kinda have a weird feeling about this, it seems like they took HMPA and HMP and put a different UI / web management panel on it.

Well, they use there own av/webblock methode. They have a silent hips too and some proactive module. Sophos is well known in the industrie and one of the rare good ones for the industrie, like Norton. U can be sure that the new sophos will be way more than only hmpa and hmp combiend with a different ui. i tested it abit and well, it does realy, realy well against malwares and not only because hitmanpro alert or hitmanpro. I am almost 100% sure that it will be a keeper and a top home security product. Sophos is a quality company, trust me. Just look at there products like the xg firewall. They are outstanding.

 

[_CyberGhosT_]

I did not write regarding HMPA's performance/version. But the company must be integrating the latest of HMPA into their 'Premium Home Beta' since it's intention clearly is upping their game!
Only if they wish to test HMPA individually and then include that version in Premium Home Beta, then what you said could be possible; but I think they shouldn't be doing that, since this new Premium Home is 'Beta' ..

Hey Parsh
what i think they may be doing, is they will see which way the users go with HMPA major updates and Sophos Home Beta popping up
and the one that generates the most interest or revenue will be the "keeper" the other will silently fade into the background.
This is not uncommon and makes sense for Sophos seeing both are viable products.
We may see a "weeding out" of sorts coming on the horizon. Interesting to watch play out either way.

 

[Sunshine-boy]

Our thoughts converged at the same question. I'll try contacting them or get some details on their forum.

u can do it here:
Sophos Home

 

[mekelek]

Well, they use there own av/webblock methode. They have a silent hips too and some proactive module. Sophos is well known in the industrie and one of the rare good ones for the industrie, like Norton. U can be sure that the new sophos will be way more than only hmpa and hmp combiend with a different ui. i tested it abit and well, it does realy, realy well against malwares and not only because hitmanpro alert or hitmanpro. I am almost 100% sure that it will be a keeper and a top home security product. Sophos is a quality company, trust me. Just look at there products like the xg firewall. They are outstanding.

I'm not questioning this, although the results of Sophos Home in the Malware testing section is supbar at best at the moment.

Hey Parsh
what i think they may be doing, is they will see which way the users go with HMPA major updates and Sophos Home Beta popping up
and the one that generates the most interest or revenue will be the "keeper" the other will silently fade into the background.
This is not uncommon and makes sense for Sophos seeing both are viable products.
We may see a "weeding out" of sorts coming on the horizon. Interesting to watch play out either way.

that would make sense if HMPA wouldn't be having a Beta that has all the new fancy features

 

[Parsh]

Hey Parsh
what i think they may be doing, is they will see which way the users go with HMPA major updates and Sophos Home Beta popping up
and the one that generates the most interest or revenue will be the "keeper" the other will silently fade into the background.
This is not uncommon and makes sense for Sophos seeing both are viable products.

Oh, I get it! That can be the case as you said such methods are used elsewhere too. They may keep some differences b/w HMPA standalone and the one integrated in Home Beta for their own reasons of evaluation.

But they should continue to keep HMPA in Home at its best. Be it anything, Sophos Premium Home (B) should be kept at optimal advancements to get the best feedback from the fast growing users.

 

[Parsh]

the results of Sophos Home in the Malware testing section is supbar at best at the moment.

While the performance still seems subpar compared to others for sure, they've made significant improvements with some decisions that has upped their position for sure.

Many AVs having powerful signatures and heuristics detect Trojans and other threats (speaking of Trojans because most of those undetected by Sophos were Trojans) are detected by matching earlier ie. static ways.
Sophos has been having weak signatures and so it leaves a good no. of malware after static scan.

1. However, it is possible than not all Trojans (and others) carry out malicious actions soon after launch (and these were probabky already detected by static scans by other AVs irrespective of when would they have carried out malicious actions) and hence Sophos didn't act immediately.
I know it doesn't apply to many malware and this might not be true in most cases, but this is possible.

2. Based on point 1, I think Sophos doesn't act immediately if strong evidence or action is not observed by its behavior monitor. Some PUAs and probably harmless scripts on MH (yeah, that happens since not all are always malicious) are skipped entirely leading to smaller count of detections.
Many AVs detect files based on small suspicious behaviors while Sophos might not always.

Just my observations and thoughts on what can be some reasons behind smaller detection ratios. Small or big, infections are not tolerable and Sophos still has to improve, and it will, with their long Beta and improvement plans.

 

[Parsh]

I have sent an email requesting some information.. but I'm not able to login with my Sophos email ID and pwd (that I used for applying for Premium Home Beta) to login to the Sophos Community for support discussions. Email id isn't recognized.

@mekelek any idea, if Sophos Community login require some different/new ID?
One needs it to log-in before posting.

 

[mekelek]

I have sent an email requesting some information.. but I'm not able to login with my Sophos email ID and pwd (that I used for applying for Premium Home Beta) to login to the Sophos Community for support discussions. Email id isn't recognized.

@mekelek any idea, if Sophos Community login require some different/new ID?
One needs it to log-in before posting.

no idea, but it's kinda standard nowadays that they have a separate database for the product and for the forum in case the forum CMS has a hole in it.

 

[JM Safe]

Great video @kev216 ! Thanks for the review

 

[lobo001]

Thanks for the review. Good job!!

 

[Windows_Security]

Video review is way better than the comparison on Sophos website , something is missing

P.S. not native English speaking, but should not 'Comparisons' be 'comparison'' ?