A reputed security researcher has published the results of his analysis of Sophos' anti-malware solution and concluded that the product is substandard.
In his report [pdf
] entitled "Sophail: A Critical Analysis of Sophos Antivirus
," Google security engineer Tavis Ormandy describes the multiple shortcomings he discovered when reverse engineering the product's internals.
Even though Ormandy works for Google, this analysis was not sanctioned by the search giant. The researcher makes it clear in the report that "the views expressed in this paper are mine alone and not those of my employer
It's not clear why the researcher chose to inspect Sophos Antivirus which is a business-only product with a relatively small market share. The analysis of a more popular, consumer-oriented solution would have probably had a bigger impact.
Nevertheless, Ormady found that Sophos is relying on a weak encryption algorithm to secure many of its internal communications, that most of its protection relies on static signatures whose format is weak, and that its buffer overflow protection is inadequate.
"Sophos demonstrate considerable naivety in many topics key to the efficacy of their product
," the security researcher writes.
"The promise of antivirus is that users will be less dependent on making good trust decisions. While certainly desirable, Sophos appear ill equipped to keep this promise with their current technology
," he concludes.
Sophos responded to the report by claiming that Ormandy's findings do not directly impact or threaten the security of its customers. The company also said that it is in the progress of addressing some of the issues identified.
"Tavis has questioned an encryption algorithm we use in a few cases. This algorithm is being phased out
Graham Cluley, senior technology consultant at Sophos, while also noting that a vulnerability in the update mechanism will be fixed in the next release.
"We appreciate the help from Tavis Ormandy, and others like him in the research community, in working with us to make our products stronger and more secure
," the Sophos spokesperson concluded.