I'd count myself amongst the last people to defend Sophos, but it does seem irresponsible that an engineer employed by Google would give only 5 days notice about a critical bug before releasing an exploit.
Google bod exposes Sophos Antivirus' gaping holes
A security researcher has discovered embarrassing and critical vulnerabilities in Sophos' enterprise protection software. Tavis Ormandy, an information security engineer at Google, published a paper along with example attack code to highlight flaws present in Windows, Linux and Mac OS X builds of Sophos' antivirus product. …
-
Tuesday 6th November 2012 21:11 GMT siersema
The QA at Sophos has been poor in the last year. Two major problems caused by Sophos. The only plus was that they communicated constantly during the last problem, though that only goes so far since it's the second problem they've caused for us. I can't say I was a huge fan of McAfee when my organization used them but after these Sophos issues I am ready to look at other options.
-
-
Wednesday 7th November 2012 00:06 GMT Anonymous Coward
Sophos are pretty terrible
Their last balls up over a month ago is still causing us problems with machines today.
They completely and royally screwed up, released code that killed it's own auto-updater and many others which stopped it working properly. Their initial response actually caused even more damage with their suggestion and they kept saying they were throwing their resources at it but as their support staff finished their 8hour shift and handed over many Network admins we into their 12+ hour shift trying to sort it out.
The explanation showed that the problem passed successfully through 5 separate QA systems that all should have picked it up and didn't.
How much compensation have they offered? Nothing!