Sophos beefs up Anti-Virus

 

Gallery

Posted on 28 Sep 2006 at 14:08

Security firm Sophos is upgrading its endpoint security solution with application control features.

The upgrade allows enterprises to block applications such as peer-to-peer, VoIP and instant messaging clients full stop, or on a per user or per group basis.

No software needs to be installed, as the upgrade consists of adding signature files for the various applications in the same way as signature files for new viruses are added. And managing applications can be done through the existing centralised console in the Sophos endpoint security solution.

Should attempts be made to install or run blocked programs, the client will be flagged as doing so at the management console, alerting sysadmins to the problem.

In an online survey conducted by Sophos among its customers, more that four in five of the 460 respondents said they wanted to be able block these types of applications being used on their hardware, and more than three in five thought it essential.

In addition to these applications, Sophos's senior technology consultant Graham Cluley said that customers had also wanted the ability to block games, toolbars and distributed computing projects, such as the SETI@home project to search for extraterrestrial life.

Not only do these applications present a security risk, dent productivity or gobble up bandwidth, many companies simply didn't want the bother of having to deal with non-essential applications.

'The primary thing is the management,' said Cluley. 'If the lunatics are running the asylum and installing what they want, then how do you offer tech support for that?'

It's a pretty straightforward move for an antivirus company, specialising in preventing unwanted activity on the network. 'We don't care what it is,' said group product manager John Shaw. 'We're simply saying, "Here's an extra chunk of stuff you can stop".'

The system can block the various versions of different applications, sometimes with a generic signature or an individual one. Microsoft's Live! Messenger was different enough from the MSN version to warrant a signature of its own, for example.

However, the extra signature load has little impact on the existing database that needs to be handled by the software. 'We're scanning well over 100,000 pieces of malware already. Another 20? It's nothing,' said Shaw.

Sophos also claims application management is unique. 'No other company is doing anything like this,' said Cluley. 'McAfee comes close. You can tell it a particular file and it will block that. But then all the user needs to do is to rename it to something like lumpy trousers.'

And while it's not patented per se, it is built on top of complex and patented technology we were told. 'That makes it much harder for others to get to the same point,' said Shaw. 'And it absolutely has to be done by an existing antivirus solution, as it runs an 'on-access' scanner.'

Sophos's other advantage here, claimed Cluley, is that Sophos is an enterprise-only outfit. When you have consumer customers to consider, deciding which applications to block or not is a challenge.

More about Sophos Anti-Virus 6.0 is available from the Sophos website.

Author: Matt Whipp