03-17-2012 03:10 PM
Some Mac users said "Sophos should be avoided, as it could actually increase your Mac's vulnerability" because it runs with root privileges. Is that true?
03-19-2012 09:57 AM
Thanks for asking. The poster of that article at Macrumors is characterizing a theoretical problem (and does point out an actual exploit in a product offered by a different company).
There are no such issues with the security of the Sophos product.
The poster's theory goes that if the Sophos software is exploited then malicious software (which exploits a Sophos program) could run with elevated privilges e.g. would be able to modify system settings and software, but you'd never be prompted to confirm those actions.
Its ok to have this concern, however the poster has mischaracterized it to sound much more ominous than it really is for running Sophos software. This potential risk is true for any software which runs as "root". If you open up Activity Monitor and show all processes, you'll see many processes running as "root". The risk described by the poster at Macrumors applies to any of those including those provided by Apple (e.g. Time Machine, Spotlight, etc.).
Everyone running as "root" has an obligation to insure they don't become the vector for malicious software. We (as a responsible security company) are constantly improving our software.
(btw I'm the guy responsible for the software development team for SAV for Mac, and I really appreciate you asking questions; let me know if any of that either doesn't make sense or needs more detail)
03-19-2012 03:37 PM
Thank you very much for the clarification.
Mac users said Clamxav does not run with elevated privileges; therefore, it is recomended. I am hesitate to use Clamxav because its definition update function is not working as good as Sophos. More importantly, Sophos is a corporate grade AV sofware.
Will you develop a non-root-running version anytime soon? Why is it necessary for Sophos to run with root privileges?
03-20-2012 09:59 AM
There are two reasons we have processes that must run as root:
1) on-access scanning;
2) full system scanning in the background.
For the first item, best protection requires intercepting malicious software as soon as possible. It makes no sense to scan for malicious software after its already been installed; its better and safer to catch it just after its downloaded or copied to disk. Doing this requires elevated privilges.
For the second item, scanning every file and folder on your disk requires elevated privilges (we call it a "full system scan"). It makes no sense to scan only where a regular user can go, as malicious software could hide in all sorts of interesting places normally not reachable. And we want to do this in the background, without requiring a user to authorize that scanning operation every time.
For that reason, our product will always have some portions that run as root. We won't compromise our strategies for best protection just because someone thinks running as root is theoretically less secure than running as an unprivileged user. But we are always looking to improve the security of our software and running some subsystems with lower privilges is certainly one strategy to achieve this. So yes, don't be shocked when you see, over time, some of our software running as a non-root user.
Hope that helps!
03-20-2012 03:28 PM
I understand. That makes a lot of sense.
I have used Microsoft OS since DOS 5.0. As I know, Windows security software work the same way.
Yes, if we rely on an agent to guard our home, she needs to have access to most if not all areas of the house. If she's not well (is sick) then we're in trouble. So, your job is to make sure the agent is always healthy and well-trained.
Thank you very much for your time.