Advice Request Sophos Home Premium?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
F

ForgottenSeer 58943

I’m thinking of installing it on my personal laptop soon.

Regarding Sophos home, my mother works as a social worker with UNRWA and she was given Samsung Tab4 which came with Sophos preinstalled.

Sophos has a strong footprint in heathcare, education and some advocacy organizations.

Norton/Symantec and Bit Defender have strong footprints in 403B organizations because you can basically get near-free unlimited licenses for either of those from TechSoup for 403B's.

Trend Micro, McAfee have strong penetration in Fed organizations. Symantec is strong in Department of Defense/MIL areas. At least a few years ago CENTCOM used SEP, not sure about now.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I am also considering this as my daily driver.. Free license for life is a bit hard to ignore.. But also, it's performed well in my testing, feels light, and the HMP+HMPA integration is spot on. I won't need any sort of second opinion on-demand scanner with this since HMP will fill that bill nicely. I won't need anti-exploit boosters, HMPA fills that bill rather well.

I suppose VS would be a great pair because of the VT scanning, right? Is that your thoughts here?



I considered this, but I am seeing very very low telemetry from this. So low, it reminds me of corporate solutions when we test them. For example Trend Micro EP, WF and OfficeScan has WAY less telemetry than their consumer offerings. I'm thinking its the consumer stuff that gets hit and the corporate stuff has kid gloves on for spying/telemetry.

I have around a half dozen free lifetime or extended licenses hanging around so it's not an easy decision of what to use on the daily drivers.
That's great to read regarding the tellementry. I don't even notice it running on the other system I have it on. The webguard is great, HMP+HMPA+Sophos own sigs and cloud is an impressive team. I'm extremely indecisive when it comes to security software, it's not that I don't know what to use it's that I'm spoilt for choice so I'm never really fully content with my setup because I'm always thinking of other setups/Combos.
 
F

ForgottenSeer 58943

That's great to read regarding the tellementry. I don't even notice it running on the other system I have it on. The webguard is great, HMP+HMPA+Sophos own sigs and cloud is an impressive team. I'm extremely indecisive when it comes to security software, it's not that I don't know what to use it's that I'm spoilt for choice so I'm never really fully content with my setup because I'm always thinking of other setups/Combos.

You aren't alone.. Security Musical Chairs is pretty common. You should see me, it extends up to expensive gateway appliances, sandboxing hardware, switches and complete infrastructure designs. I think this stems from the fact most people are content with mediocrity and others are only content with perfection.

IMO the WebGuard is EXTREMELY potent with Sophos Home Premium. Any testing of it without testing the WebGuard aspect should be highly suspect as it's not testing the real-world protection afforded by that potent module.

Also note, Sophos has DNS protection under the hood, including DNS Spoofing, DNS Redirect and DNS Poisoning protection. What Sophos does under the hood is take a quick look at the DNS entry of a website you are going to visit and ensure it's in the true DNS scope for that website as cross referenced in their own databases. That's some powerful under the hood protection that once again might NOT be reflected in simple file scanning tests.
 
F

ForgottenSeer 58943

I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

censored.png
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

View attachment 187059
How would you rate SHP's Webguard against Forti's?
 
F

ForgottenSeer 58943

How would you rate SHP's Webguard against Forti's?

SHP's is stronger for one primary reason, the heuristic analysis of web treats via TCP streams.

Fortinet = Strong web signatures/database. World Class.
SHP = Strong Heuristics and Stream Analysis, average database (so far)

SHP functions more like Heimdal with traffic analysis, which impresses the heck out of me, and actually might render Heimdal unnecessary. If I go with SHP I would probably let Heimdal expire because they both perform traffic analysis and DNS protection.

What I find interesting, stuff SHP triggers on, Heimdal does as well. Is there a link there?
 
F

ForgottenSeer 58943

What bothers me is that HMPA is really outdated with SHP v1.2.22
HMPA Changelog
It's Build 723 (2017-11-22) (4 versions old)

View attachment 187062

I think you will find this common among enterprise or enterprise-like products. The reason is, upgrades/updates have to be carefully tested, carefully considered and cannot impact the functionality of businesses.

FortiClient for example has a glacially slow development time, so it doesn't impact businesses negatively. Trend Micro Worry Free is VERY slow. For example this is STILL the interface to the latest Trend Micro Worry Free, which hasn't had a front end overhaul in over half a decade.

Trend-Micro.jpg


In roughly 4 years there hasn't been any major module results other than 8 months ago they rolled out Machine Learning, and last month they rolled out BEC protection.. That's four years! Also each of those features had extensive test periods, and when rolled out defaulted to OFF.

Not justifying it, but saying there are probably very valid reasons for this and it likely has to do with the engineering required with HMPA to reduce/eliminate false positives under business conditions.
 

Lord Ami

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 14, 2014
1,026
I think you will find this common among enterprise or enterprise-like products. The reason is, upgrades/updates have to be carefully tested, carefully considered and cannot impact the functionality of businesses.

FortiClient for example has a glacially slow development time, so it doesn't impact businesses negatively. Trend Micro Worry Free is VERY slow. For example this is STILL the interface to the latest Trend Micro Worry Free, which hasn't had a front end overhaul in over half a decade.

View attachment 187064

In roughly 4 years there hasn't been any major module results other than 8 months ago they rolled out Machine Learning, and last month they rolled out BEC protection.. That's four years! Also each of those features had extensive test periods, and when rolled out defaulted to OFF.

Not justifying it, but saying there are probably very valid reasons for this and it likely has to do with the engineering required with HMPA to reduce/eliminate false positives under business conditions.
Thanks for the explanation. I was had pretty much the same idea in my mind about why it has not been updated.

For testing purposes I've installed it and so far like it :)
 
F

ForgottenSeer 58943

So what's the consensus.. Solo with this and all of the modules, or pair it with something else?

Zero mentions VS. Someone else mentioned OSArmor. I believe with the heuristic traffic scanning and DNS protection in Sophos would make Heimdal redundant. Given it as Sophos, Sophos Heuristic Traffic Scanner, Sophos DNS protection module, Sophos Web Filtration, HitmanProAlert I'm not fully confident I actually need an adjunct product other that perhaps sysHardener and uBlock?
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
I'm getting absolutely superb results with this as well. As long as you don't pick and choose modules, but leave them all activated and working as an integral component it's protection seems extraordinary.

On the test machine, DMZ'd, no other protection, and a 'auto-browser' running it's picked up some infected legitimate websites. Interestingly, I cross referenced those sites with other scanners which seem to miss it.

Sophos appears to implement a heuristic in-stream web scanner as well. I censored this one as the link has an offensive word in it, but if anyone would like to see a generic infector on the site I will provide the link privately. Heimdal is the only other product that seems to pick it up for now.

View attachment 187059
i just got rid of heimdal ...........
f. hell
and forticlient doesn't like me either
sophos' malware protection is supbar so it's not a viable option to me at all
 
  • Like
Reactions: Al-Faqir

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
I'm just about to install it on my daily driver machine and team it up with VS or CF

You'll have to use VS since Sophos by default uses WF, at least in Sophos Free when I used it. I tried it with CF and Windows let me know about it. I used Tinywall when I used the Free version. Most excellent web blocker though. - that's why i was torn switching to CF + WD.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
You'll have to use VS since Sophos by default uses WF, at least in Sophos Free when I used it. I tried it with CF and Windows let me know about it. I used Tinywall when I used the Free version. Most excellent web blocker though. - that's why i was torn switching to CF + WD.
I've got CF running with SHP great here I just set up exclusions. I really like Sophos Home Premium its light, it's web settings are extensive as is it's webguard. You really can't go wrong with Sophos sigs+cloud+HMP+HMPA+InterceptX can you. I've got a free one years license too so I'm going to leave it on my main system for a while and see how it goes.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I rather go with Bitdefender Free over Sophos Home Premium.
Really? BD free over something with HMP+HMPA+ A great webguard, decent sigs and cloud and interceptX? There are free AV's I'd go with but BD free not a chance. BD paid is a bug fest and BD internet security gets bypassed a fair bit in the hub. To be honest I think WD+CF is all that's needed but SHP does offer a LOT more than BD free.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top