Researcher finds critical vulnerabilities in Sophos antivirus product

Sophos antivirus should only be considered for low-value non-critical systems, the researcher said

By Lucian Constantin, IDG News Service |  Endpoint Security, antivirus, Sophos

"Sophos claim their products are deployed throughout healthcare, government, finance and even the military," the researcher said. "The chaos a motivated attacker could cause to these systems is a realistic global threat. For this reason, Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient."

Ormandy's paper contains a section that describes best practices and includes the researcher's recommendations for Sophos customers, like implementing contingency plans that would allow them to disable Sophos antivirus installations on short notice.

"Sophos simply cannot react fast enough to prevent attacks, even when presented with a working exploit," he said. "Should an attacker choose to use Sophos Antivirus as their conduit into your network, Sophos will simply not be able to prevent their continued intrusion for some time, and you must implement contingency plans to handle this scenario if you choose to continue deploying Sophos."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness