Advice Request Sophos Home Premium?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
F

ForgottenSeer 58943

Barakah said:
I’m thinking of installing it on my personal laptop soon.

Regarding Sophos home, my mother works as a social worker with UNRWA and she was given Samsung Tab4 which came with Sophos preinstalled.
Click to expand...

Sophos has a strong footprint in heathcare, education and some advocacy organizations.

Norton/Symantec and Bit Defender have strong footprints in 403B organizations because you can basically get near-free unlimited licenses for either of those from TechSoup for 403B's.

Trend Micro, McAfee have strong penetration in Fed organizations. Symantec is strong in Department of Defense/MIL areas. At least a few years ago CENTCOM used SEP, not sure about now.
 
  • Like
Reactions: illumination, Jack, Deleted member 65228 and 3 others
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
ForgottenSeer 58943 said:
I am also considering this as my daily driver.. Free license for life is a bit hard to ignore.. But also, it's performed well in my testing, feels light, and the HMP+HMPA integration is spot on. I won't need any sort of second opinion on-demand scanner with this since HMP will fill that bill nicely. I won't need anti-exploit boosters, HMPA fills that bill rather well.

I suppose VS would be a great pair because of the VT scanning, right? Is that your thoughts here?



I considered this, but I am seeing very very low telemetry from this. So low, it reminds me of corporate solutions when we test them. For example Trend Micro EP, WF and OfficeScan has WAY less telemetry than their consumer offerings. I'm thinking its the consumer stuff that gets hit and the corporate stuff has kid gloves on for spying/telemetry.

I have around a half dozen free lifetime or extended licenses hanging around so it's not an easy decision of what to use on the daily drivers.
Click to expand...
That's great to read regarding the tellementry. I don't even notice it running on the other system I have it on. The webguard is great, HMP+HMPA+Sophos own sigs and cloud is an impressive team. I'm extremely indecisive when it comes to security software, it's not that I don't know what to use it's that I'm spoilt for choice so I'm never really fully content with my setup because I'm always thinking of other setups/Combos.
 
  • Like
Reactions: Al-Faqir and oldschool
F

ForgottenSeer 58943

ZeroDay said:
That's great to read regarding the tellementry. I don't even notice it running on the other system I have it on. The webguard is great, HMP+HMPA+Sophos own sigs and cloud is an impressive team. I'm extremely indecisive when it comes to security software, it's not that I don't know what to use it's that I'm spoilt for choice so I'm never really fully content with my setup because I'm always thinking of other setups/Combos.
Click to expand...

You aren't alone.. Security Musical Chairs is pretty common. You should see me, it extends up to expensive gateway appliances, sandboxing hardware, switches and complete infrastructure designs. I think this stems from the fact most people are content with mediocrity and others are only content with perfection.

IMO the WebGuard is EXTREMELY potent with Sophos Home Premium. Any testing of it without testing the WebGuard aspect should be highly suspect as it's not testing the real-world protection afforded by that potent module.

Also note, Sophos has DNS protection under the hood, including DNS Spoofing, DNS Redirect and DNS Poisoning protection. What Sophos does under the hood is take a quick look at the DNS entry of a website you are going to visit and ensure it's in the true DNS scope for that website as cross referenced in their own databases. That's some powerful under the hood protection that once again might NOT be reflected in simple file scanning tests.
 
  • Like
Reactions: Al-Faqir, oldschool, Barakah and 3 others
F

ForgottenSeer 58943

I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

censored.png
 
  • Like
Reactions: Al-Faqir, Andrew999, oldschool and 4 others
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
ForgottenSeer 58943 said:
I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

View attachment 187059
Click to expand...
How would you rate SHP's Webguard against Forti's?
 
  • Like
Reactions: Al-Faqir and Barakah
F

ForgottenSeer 58943

ZeroDay said:
How would you rate SHP's Webguard against Forti's?
Click to expand...

SHP's is stronger for one primary reason, the heuristic analysis of web treats via TCP streams.

Fortinet = Strong web signatures/database. World Class.
SHP = Strong Heuristics and Stream Analysis, average database (so far)

SHP functions more like Heimdal with traffic analysis, which impresses the heck out of me, and actually might render Heimdal unnecessary. If I go with SHP I would probably let Heimdal expire because they both perform traffic analysis and DNS protection.

What I find interesting, stuff SHP triggers on, Heimdal does as well. Is there a link there?
 
  • Like
Reactions: Al-Faqir, ZeroDay, harlan4096 and 1 other person
F

ForgottenSeer 58943

Lord Ami said:
What bothers me is that HMPA is really outdated with SHP v1.2.22
HMPA Changelog
It's Build 723 (2017-11-22) (4 versions old)

View attachment 187062
Click to expand...

I think you will find this common among enterprise or enterprise-like products. The reason is, upgrades/updates have to be carefully tested, carefully considered and cannot impact the functionality of businesses.

FortiClient for example has a glacially slow development time, so it doesn't impact businesses negatively. Trend Micro Worry Free is VERY slow. For example this is STILL the interface to the latest Trend Micro Worry Free, which hasn't had a front end overhaul in over half a decade.

Trend-Micro.jpg


In roughly 4 years there hasn't been any major module results other than 8 months ago they rolled out Machine Learning, and last month they rolled out BEC protection.. That's four years! Also each of those features had extensive test periods, and when rolled out defaulted to OFF.

Not justifying it, but saying there are probably very valid reasons for this and it likely has to do with the engineering required with HMPA to reduce/eliminate false positives under business conditions.
 
  • Like
Reactions: Al-Faqir, Sunshine-boy, Barakah and 2 others
Lord Ami

Lord Ami

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 14, 2014
1,036
ForgottenSeer 58943 said:
I think you will find this common among enterprise or enterprise-like products. The reason is, upgrades/updates have to be carefully tested, carefully considered and cannot impact the functionality of businesses.

FortiClient for example has a glacially slow development time, so it doesn't impact businesses negatively. Trend Micro Worry Free is VERY slow. For example this is STILL the interface to the latest Trend Micro Worry Free, which hasn't had a front end overhaul in over half a decade.

View attachment 187064

In roughly 4 years there hasn't been any major module results other than 8 months ago they rolled out Machine Learning, and last month they rolled out BEC protection.. That's four years! Also each of those features had extensive test periods, and when rolled out defaulted to OFF.

Not justifying it, but saying there are probably very valid reasons for this and it likely has to do with the engineering required with HMPA to reduce/eliminate false positives under business conditions.
Click to expand...
Thanks for the explanation. I was had pretty much the same idea in my mind about why it has not been updated.

For testing purposes I've installed it and so far like it :)
 
  • Like
Reactions: Sunshine-boy, upnorth, oldschool and 1 other person
F

ForgottenSeer 58943

So what's the consensus.. Solo with this and all of the modules, or pair it with something else?

Zero mentions VS. Someone else mentioned OSArmor. I believe with the heuristic traffic scanning and DNS protection in Sophos would make Heimdal redundant. Given it as Sophos, Sophos Heuristic Traffic Scanner, Sophos DNS protection module, Sophos Web Filtration, HitmanProAlert I'm not fully confident I actually need an adjunct product other that perhaps sysHardener and uBlock?
 
  • Like
Reactions: Al-Faqir, Lord Ami, oldschool and 1 other person
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
ForgottenSeer 58943 said:
I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

View attachment 187059
Click to expand...
i just got rid of heimdal ...........
f. hell
and forticlient doesn't like me either
sophos' malware protection is supbar so it's not a viable option to me at all
 
  • Like
Reactions: Al-Faqir
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
ZeroDay said:
I'm just about to install it on my daily driver machine and team it up with VS or CF
Click to expand...

You'll have to use VS since Sophos by default uses WF, at least in Sophos Free when I used it. I tried it with CF and Windows let me know about it. I used Tinywall when I used the Free version. Most excellent web blocker though. - that's why i was torn switching to CF + WD.
 
  • Like
Reactions: Al-Faqir and ZeroDay
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
oldschool said:
You'll have to use VS since Sophos by default uses WF, at least in Sophos Free when I used it. I tried it with CF and Windows let me know about it. I used Tinywall when I used the Free version. Most excellent web blocker though. - that's why i was torn switching to CF + WD.
Click to expand...
I've got CF running with SHP great here I just set up exclusions. I really like Sophos Home Premium its light, it's web settings are extensive as is it's webguard. You really can't go wrong with Sophos sigs+cloud+HMP+HMPA+InterceptX can you. I've got a free one years license too so I'm going to leave it on my main system for a while and see how it goes.
 
  • Like
Reactions: Barakah and oldschool
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
SumTingWong said:
I rather go with Bitdefender Free over Sophos Home Premium.
Click to expand...
Really? BD free over something with HMP+HMPA+ A great webguard, decent sigs and cloud and interceptX? There are free AV's I'd go with but BD free not a chance. BD paid is a bug fest and BD internet security gets bypassed a fair bit in the hub. To be honest I think WD+CF is all that's needed but SHP does offer a LOT more than BD free.
 
  • Like
Reactions: maka, Gandalf_The_Grey, Barakah and 2 others
Status
Not open for further replies.

Similar threads

Gidiyorsun
    • Like
    • Applause
Extended Trial 15x Heimdal Premium Security Home - 6 months free
Replies
50
Views
5,870
Giveaways, Promotions and Contests
Gidiyorsun
Gidiyorsun
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Guardio Premium
Replies
13
Views
1,423
Video Reviews - Security and Privacy
Jonny Quest
Jonny Quest
JB007
    • Like
Advice Request 1Blocker for Safari
Replies
3
Views
186
Web Extensions
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top