- Feb 17, 2018
- 870
@ForgottenSeer 58943 @mekelek Lets close this case, its just a AV package and not the end of the world.
Lets grab a beer and move on.
Lets grab a beer and move on.
Sophos Home Premium?
- Thread starter Maschera
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Feb 24, 2017
- 1,661
i'm done, i just dont like to be marked as a shill for having different views.
- May 26, 2014
- 1,339
Not that I care to feed into this nonsense, but I feel this warrants a response because I have a personal distaste for misleading things.. (and people)
I hid Fortinet 'again' as you put it, because my inbox was filled with incessant support questions about Fortinet. I have no problem helping folks here, but it's a time thing.. Here's a sampling from a few days before I removed Fortinet from my profile.. Such a grand conspiracy eh?
It's not abnormal for employees of a vendor to move to another security vendor, people come and go from companies constantly. I know of someone who's worked for ESET for years and then moved to Kaspersky. Engineers may also be running on a contract, and once that contract runs out, they may get a reference and take their experience elsewhere to someone who needs it more or can provide work which will be more interesting to the engineer.
A company may offer someone a better deal for work as well. Employees have left Microsoft for Google or Apple and vice-versa before. Sometimes you may be working for a vendor and dislike the direction they're going in, and then decide to switch when your voice isn't heard.
The posts I read from the Wilders Security link is from a good few years ago, and even if someone were to have worked for Sophos in the past, I don't see how them now working for Fortinet is a problem at all.
Just some food for thought.
A company may offer someone a better deal for work as well. Employees have left Microsoft for Google or Apple and vice-versa before. Sometimes you may be working for a vendor and dislike the direction they're going in, and then decide to switch when your voice isn't heard.
The posts I read from the Wilders Security link is from a good few years ago, and even if someone were to have worked for Sophos in the past, I don't see how them now working for Fortinet is a problem at all.
Just some food for thought.
- Apr 1, 2017
- 1,760
Sophos has very good web filtering(smth close F-secure).I don't want my av to block 100% of threats! there are other layers that everyone has like SRP/firewall/UAC/Anti Exe ...the choices are different.
) is there to monitor user activities. it's not like MH!
I like your test but You tested it on default settings. that product is supposed to run alongside with Sophos XG firewall/UTM.its gonna protect Business Desktops(the pcs are limited via active directory) and users Cant easily run everything they want! also, an It security engineer(like cute OPcode
) is there to monitor user activities. it's not like MH!
Last edited:
- Apr 1, 2017
- 1,760
Sophos Enterprise Console: Frequently asked questions about Application Control - Sophos Community you have to use these features!otherwise, the test is not valid.
all of you have your points
however, malwares don't necessarily come from the internet but from other places like a USB flash drive, sometimes, via messenging services such as facebook, viber,... and attachments In this case, hub results will refect the AV's real capability because web filter is ignored
While in most cases, malwares come from the internet or emails so the real-world test will refect the true result
The hub test and real-world tests have their own limitations
Hub test: mostly ignore web filter, a very important component, first-line defense. Many AVs have great web filters such as forti, kaspersky, sophos,...
The hub is not only there to test malwares but also to find the weaknesses of the AVs => patch them with other softwares
avast: weak against java and scripts
KIS: PUPs
f-secure: hit and miss
hitmanpro.alert: ransomware protection is not good enough
WD: good after being tweaked but not good in default settings. Poor signatures but great post-execution protection
forti: great web filter but the script/exploit protection failed to prevent scripts to download their payloads. Poor post-execution protection. Not effective so-called BB
Real-world: threats don't always come from the internet, maybe users ignore the block message and allow the file to download bypassing the web filter and run the files (they might think they are FPs), it depends on "luck" because we are not always clicking on zero-day malwares that are enough to trouble the AVs and it can be different on different days
When the hub and real-world results are similar => the AV is good both online and offline
When it fails in the hub but performs perfectly in realworld => the proactive components are not good enough but the web filter is extremely good and it saves the day
I have seen users with different AVs got infected
kaspersky: tons of PUPs because users didn't turn on PUP protection (default settings, expected) and we all know KIS is crap against PUPs
norton: I got infected myself years ago by plugging in a USB flash drive and the malware ran without being blocked. A right-click scan with norton detected it but not the realtime protection
MSE: infected. Confirmed only by using a second opinion scanner. The user thought he was fully protected. Another one was heavily infected with browser popping up all the time and was unbearably slow to perform a scan => re-installed the windows
ESET: infected
avast: a few PUPs and malicious toolbars. Avast has no protection against what we install via google/firefox appstore
however, malwares don't necessarily come from the internet but from other places like a USB flash drive, sometimes, via messenging services such as facebook, viber,... and attachments In this case, hub results will refect the AV's real capability because web filter is ignored
While in most cases, malwares come from the internet or emails so the real-world test will refect the true result
The hub test and real-world tests have their own limitations
Hub test: mostly ignore web filter, a very important component, first-line defense. Many AVs have great web filters such as forti, kaspersky, sophos,...
The hub is not only there to test malwares but also to find the weaknesses of the AVs => patch them with other softwares
avast: weak against java and scripts
KIS: PUPs
f-secure: hit and miss
hitmanpro.alert: ransomware protection is not good enough
WD: good after being tweaked but not good in default settings. Poor signatures but great post-execution protection
forti: great web filter but the script/exploit protection failed to prevent scripts to download their payloads. Poor post-execution protection. Not effective so-called BB
Real-world: threats don't always come from the internet, maybe users ignore the block message and allow the file to download bypassing the web filter and run the files (they might think they are FPs), it depends on "luck" because we are not always clicking on zero-day malwares that are enough to trouble the AVs and it can be different on different days
When the hub and real-world results are similar => the AV is good both online and offline
When it fails in the hub but performs perfectly in realworld => the proactive components are not good enough but the web filter is extremely good and it saves the day
I have seen users with different AVs got infected
kaspersky: tons of PUPs because users didn't turn on PUP protection (default settings, expected) and we all know KIS is crap against PUPs
norton: I got infected myself years ago by plugging in a USB flash drive and the malware ran without being blocked. A right-click scan with norton detected it but not the realtime protection
MSE: infected. Confirmed only by using a second opinion scanner. The user thought he was fully protected. Another one was heavily infected with browser popping up all the time and was unbearably slow to perform a scan => re-installed the windows
ESET: infected
avast: a few PUPs and malicious toolbars. Avast has no protection against what we install via google/firefox appstore
Last edited:
- Aug 17, 2013
- 1,905
Sorry @ForgottenSeer 58943 I couldn't resist that one lol.
- Aug 17, 2013
- 1,905
I've installed SHP on my laptop as it's going to get more use on that than it will on my main machine with me moving to mainly GNU/Linux distros. I do genuinely really like SHP it's solid and I will be paying for a license for it when the free one I currently have runs out. I can't even notice it running on my laptops and it's web protection is definitely world class. As I mentioned on another thread I also have Sophos on my Android phone even though I've been infected with anything on my phone I do see Sophos web protection kick in for low reputation app's and, again I don't even notice it running.
Regarding data collection EVERYONE is doing it to some level by default and if we can't see a product collecting data that doesn't necessarily mean they're not collecting it, it could just mean their better at hiding it. I've decided to keep Windows 10 on a small partition on my main machine, but, as I'll only be using Windows now and then I've just enabled Windows defender, set UAC to max, SRP, SUA + CF. That's all most people need but it's more than enough for the usage this system is going to get with Windows 10.
Regarding data collection EVERYONE is doing it to some level by default and if we can't see a product collecting data that doesn't necessarily mean they're not collecting it, it could just mean their better at hiding it. I've decided to keep Windows 10 on a small partition on my main machine, but, as I'll only be using Windows now and then I've just enabled Windows defender, set UAC to max, SRP, SUA + CF. That's all most people need but it's more than enough for the usage this system is going to get with Windows 10.
Agreed. So far I am impressed.
In related news;
‘Deep learning’ added to anti-exploit solution | IT-Online
“Intercept X is now enabled to learn, in a very real sense, to recognise patterns in digital representations of sounds, images and other data. This results in a higher accuracy rate for the detection and remediation of both existing and zero-day malware which exploit previously unknown security vulnerabilities.”
Also they released their new XG series to coincide with the Invincea components coming live;
Small is beautiful: meet our new desktop firewall and UTM appliances
Sophos XG Firewall for Wi-Fi Access Points, Software Installation, Virtual Environments and Remote Ethernet Devices | Sophos NGFW
Last edited by a moderator:
- Aug 17, 2013
- 1,905
the latest Sophos acquisition (hitmanpro cyberoam and invincea) helped the company to create a unique bundle of software for the business users ,maybe they will implement some of those technologies in their product for home users , I think Sophos will be a great product because using their firewall technology and their web filtering will help to stop most of threats also adding a layer from intercept x AI and ML to the home users will give them an important market share , I've heard that Sophos is preparing a cloud based technology for the home users maybe their strategies evolves to cover business/home products ,I think this is possible as I know most of companies share some databases of threats and vulnerabilities this is why Sophos are offering a free version of their av to collecte some data to help them protects business users and we know that their home solution isn't good this is why I think they will improve it to have more visibilities on the growing sophisticated threats by analyzing and covering home users in better way
- Aug 17, 2013
- 1,905
A big
SHP runs flawlessly here.
I'm very torn right now, between SHP and SEPC. I have licenses for both now (gratis). One advantage of SEPC is the fact it includes mobile licenses so I can put SEPC on my Android's.
SHP- Great portal. Nice combination of Sophos+InterceptX technologies. HMPA integration is a big added bonus. Nice portal, easy to use, easy to understand, flexible as heck. Seemingly lightweight on systems. Astounding heuristic traffic scanning. No mobile support. No true firewall. 100% encrypted traffic.
SEPC - Convoluted portal. Mobile support. Lightest weight possible of any suite. Incredible firewall. ALL of the Norton/Symantec technologies in full glory with zero bloat. Exceptional AI/ML and Sandbox Emulation technologies not seen in other Norton/Symantec products. 100% encrypted traffic.
I'm probably not going to run any consumer suites as my primary. I like the added security, zero bloat, low logging/telemetry and encrypted communications of the enterprise/corporate suites. So the question is, which of these do I want. Generally speaking, even without a suite my security is stronger now than it's ever been. Keeping in mind all inbound HTTP/HTTPS traffic is scanned with Virus-Total (ScoutIQ) and Bit Defender on the gateway via local root certificate interception at the appliance level. I have multiple layers of security with Pi-Hole DNS, Zvelo, etc. So the lightweight aspects of SEPC are very attractive in that regard.
@ForgottenSeer 58943 sepc has a cloud based sandbox ? I think ony 3 vendrors offer this tech Fortinet Sophos with sandstorm and checkpoint
- Jul 3, 2015
- 8,153
- Status
Similar threads
