Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sophos UTM Home Edition and UTM Essential Firewall #44

Closed
TraderStf opened this issue Oct 6, 2015 · 23 comments

Comments

@TraderStf
Copy link
Contributor

commented Oct 6, 2015

Don't know where to add this two free applications...

UTM Home Edition
https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.

Requires a dedicated newly formatted PC, not a Mac.
I like this feature: can use multiple Internet connections at the same time, giving you more bandwidth.

UTM Essential Firewall
https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx
Free version of the Sophos UTM software and offers fundamental security functions to help protect any business network. Start today and implement a firewall into your company’s IT environment—without charge and no strings attached.

@drduh

This comment has been minimized.

Copy link
Owner

commented Oct 6, 2015

Sorry, but I don't like Sophos products after reading Tavis Ormandy's "Sophail" report, nor AV solutions for Mac in general. Therefore, I would rather not recommend these products for advanced users.

@drduh drduh closed this Oct 6, 2015
@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 6, 2015

I don't know where we can talk a bit without reopening an issue... please tell me.

What do you to protect you or your correspondants/colleagues against viruses on email, usb drive...?
Common sense is not enough, some malware are quite hidden and as most people are in hurry, overloaded, lack of time to do all secure steps to be safe... there is no other solutions than AV or similar.

Today, malware are even coming from

Not having an AV is quite irresponsible, even if seldomly some are the targets of attacks.
AV are protecting more than they are adding new risks. If you go by that principle, you should get rid of all popular software as they would be the first target as they will provide more victims.

Thanks,

@drduh

This comment has been minimized.

Copy link
Owner

commented Oct 6, 2015

I disagree - advanced users may be increasing attack surface by running AV software, such as Sophos products. The current anti virus offerings for Mac which I've seen have seen are poorly written (e.g., references to Windows registry keys in the code) and I would rather not recommend them, and instead give practical advice for avoiding compromise. I agree one size doesn't fit all, so I will leave this issue open for comment for a little while.

@drduh drduh reopened this Oct 6, 2015
@xkvcr

This comment has been minimized.

Copy link

commented Oct 8, 2015

I have ClamXav installed but only run it every 3 months or so. It doesn't have live protection, so it shouldn't grab resources when not running. Now, admittedly, I don't know how good the code or threat detection are.

@ghost

This comment has been minimized.

Copy link

commented Oct 8, 2015

I regard AV as snakeoil and agree with @drduh

@xkvcr

This comment has been minimized.

Copy link

commented Oct 8, 2015

@jzorn As an addendum, I've caught malware on the Mac. Of course I knew I was downloading something I really wanted from a shaky source.

@ghost

This comment has been minimized.

Copy link

commented Oct 8, 2015

I don't claim there is no malware for Mac OS X. I'm just saying that AV won't necessarily protect you from it but might give you a false feeling of safety.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 8, 2015

ClamXav is quite weak, specially if you go six-feets under...
http://www.av-comparatives.org
https://www.av-test.org/

Be careful, like for VPN, Hostings or AV, lot of review sites are just affiliates crap.

BitDefender on Mac, Window$ and Android is really nice, all tests are very good and updates are fast.
Free Avast (web, mail, file) is great on mac.
Both are 'invisible' and use almost no resource.

Avast does not go well with LittleSnitch for the Web protection.
All internet accesses are reported as from Avast proxy... annoying.
For the web, ublock, ghostery are ok on top of those include in almost all browsers.

It is up to you if you are very paranoid or not ;-)
I also tried AVGuard, also a proxy, which is an application, so covers all browsers, no need of plugin.
Same problem that Avast with LittleSnitch.

If you had never used ad blockers, most have also list of malware sites, not just ads or trackers.

I have remove avira, sophos and avg, I think because not stable and avg not very effective.

There is also http://www.virustotal.com, check files and url with 50+ AV.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 8, 2015

It is different if you are alone with your mac, of if you have exchanges with poor window$ victims.
Precautionary principle, an 'important' AV company will always react faster, update its AV, than a single user who has to figure out what to do, specially if he is not security addicted.

@ghost

This comment has been minimized.

Copy link

commented Oct 11, 2015

Latest Avast RCE

I do not recommend using AV. Also, I don't follow the protection-for-others reasoning.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 11, 2015

And what do you do with this kind of threat?
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/

It happens on Google Play and App Store... what's next, printer drivers.
Remember, I think, HP was infected and several 'official' disks were spreading malware.

@ghost

This comment has been minimized.

Copy link

commented Oct 11, 2015

If I remember correctly, XCodeGhost and applications infected by XCodeGhost were not picked up by AV anyways - AV would have not helped you.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 11, 2015

But affected developers/apps or apple/ms/google/hadware-manufacturers... would not/never react as fast as and 'good' antivirus company, which can stop the spreading and warn/clean already infected user's devices.

good = a company big enough to have either lots of feedbacks or employees to enhance their AV asap.
AV companies are now sharing some info to avoid mayhem.

See Google plans to change how updates/patches are made to Android, without having to wait for phone-manufacturers which in most cases send an 'oem' updates months after, no matter how dangerous is the problem...

The daily news about malware and Co is frightening...
https://www.exploit-db.com
http://www.scmagazine.com

@ghost

This comment has been minimized.

Copy link

commented Oct 11, 2015

Okay, so you are afraid to catch a printer driver in the wild that will infect your system, but you trust an AV product? How can you be sure that your download of the virus scanner is not infected? Even worse, AV usually runs with super user rights, while most other user space programs does not require this.
In my opinion, common sense is a great defense against malware - AV just brings down your natural doubt.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 11, 2015

:-) funny, but you trust Apple..., see above and subscribe to Apple Security List... frightening too.
For the driver was HP which install it in its products... probably they did not used an AV ;-)
Have a nice week-end.

@ghost

This comment has been minimized.

Copy link

commented Oct 11, 2015

As a matter of fact, I don't. Anyways, this discussion sidetracked and I don't believe that either of us has any new relevant information. Maybe @drduh should make a decision on that matter.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 12, 2015

Agree, suggest like it was made for Safari ~if you use safari, you can use this.. that
So at least those who want an AV have some advices to avoid mistakes or useless settings.
@jzorn and myself bend in front of our master: @drduh 👑

@drduh

This comment has been minimized.

Copy link
Owner

commented Oct 12, 2015

Thanks for the rich discussion. Obviously, AV is a double-edged sword which provides benefits to some users, but poses a risk to others. One of the reasons I wrote this guide is so that more advanced Mac users wouldn't need to use AV software, because they would be protected by hardening measures and be empowered by a few good lessons on opsec.

I'll keep this issue open to solicit any more comments, and I'll definitely include a more in-depth AV section in the upcoming El Capitan guide, which will go into the threat model and risks, as well as cite some recent failures in commercial products. One article which comes to mind is https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/

@bryson

This comment has been minimized.

Copy link

commented Oct 14, 2015

The only thing AV software does on the modern internet is expose a huge attack surface and waste resources. If you are in a corporate environment (IT-managed machines), the choice isn't yours to make and this guide probably isn't for you.

@TraderStf

This comment has been minimized.

Copy link
Contributor Author

commented Oct 14, 2015

@bryson funny guy... all soft are offering huge surface. A better idea to stop spreading?
Do some stats before sorry for my English telling your truth.

@rawtaz

This comment has been minimized.

Copy link

commented Oct 14, 2015

@TraderStf Please stop it. You have made your point clear as day, and so has everyone else.

There is no single one answer or truth to this. As it has already been pointed out, an AV program adds an attack surface and potentially removes some. There's as far as I can tell noone here that doesn't understand that tradeoff. Whether AV is right for you or not depends on your specific needs and requirements. There's no single answer.

I wish everyone could stop whining about this now. What there is to say has probably been said.

@drduh drduh closed this in 4e48233 Oct 20, 2015
@drduh

This comment has been minimized.

Copy link
Owner

commented Oct 20, 2015

My thoughts are now reflected in the guide. I apologize for the advanced/novice user dichotomy on this matter, but it's just how I feel. I referenced this issue; if anyone has any objections, please reopen and comment.

@nsuchy

This comment has been minimized.

Copy link
Contributor

commented Aug 18, 2017

Antivirus Software while it increases the attack surface - isn't a bad idea for macOS users who have less technical knowledge. Some anti-virus software (Sophos products do this, not sure about other vendors) have a blacklist of malware/phishing URLs to prevent it from ever being downloaded. Of course how you secure your system is largely dependent on your threat model and the users running the system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.