SAV for Linux Free Edition is Discontinued

Hello Lantizia,

thanks for comprehensive post. This has come up in the Server Protection forum two weeks ago. Oh, BTW, I'm not Sophos.

Fact is, the on-premise products are EOS and will be EOL in 2023. With them the stand-alone (SA) versions will disappear. There was never a free Windows version, the free Mac version has been replaced with Sophos Home which is free for three devices (Windows or Mac) or whatever the current limit is.
In Sophos Central the Linux version is only available for servers (any Linux machine is considered a server) and Central never had the concept of SA versions.

scanning for free
TANSTAAFL. Whatever the motives behind the decision to withdraw the free version Sophos and/or their customers have to bear the costs. Bear in mind that a company normally neither can accept donations nor recover their costs by placing ads on their website or product (hm, a free toilet bowl plastered with advertising labels ...?). 

As for the updating credentials for the free version. The installer requests them on the fly, there was never a need to search for them. Any set created this way works - until Sophos withdraws it from the backend. You suggest that Sophos should withdraw all free credentials immediately to prevent dissemination of a .tar.gz bundled with malware or other undesirable software?

Christian 

QC,

Sure there's Sophos Home that allows limited functionality (likely fine for many people, the real-time feature particularly) for free, but it's just for Windows and Mac.  It'd be a bit better if when SAV for Linux (Free Edition) is properly discontinued (i.e. announced as such)... they added Linux support to Sophos Home... but I doubt they will.

When it comes to the free edition update credentials, I never said I needed to "search for them"... it was just curiosity as to how it worked.  I'm not proposing they stop these credentials from working, just pointing out that a by-product of them continuing to work... might mean people still try to do fresh installs of Free SAV for Linux and thus would need to obtain the .tar.gz somehow if they didn't keep a copy.

EOS (either Sale or Support) and EOL are two very different matters.  Since the Free Edition of SAV for Linux never had any official support (i.e. with a SLA), nor was on sale... EOS shouldn't matter.  The question then remains of if it should be EOL.  Given it is the same product as the standalone SAV for Linux v9 (but with a free license), and the standalone version is going to be around until 2023... then surely it's no difference to Sophos to just keep it around?

You say TANSTAAFL (had to look that one up), sure... but the same can be said to Sophos as well.  You don't magic up customers... you bring them on side.  I can imagine Free SAV for Linux was intended (and likely succeeded... to what extent is unknown... but it certainly wouldn't have had the opposite impact) to spread awareness of Sophos and their products to Linux users... who, for the most part, are a fairly technically minded lot and more likely to be working in positions where their opinion might be sought or required when deciding on network products.

Ultimately... I wouldn't mind if Sophos shut down this "Free Tools" section of the forum (or just made it very clear it's community members only, no staff), but then continued to offer the .tar.gz and allow the free updates to continue.  Zero support for zero payment... but ultimately if people would like support, they can pay for it!  Obviously if the issue is just... " I can't get the .tar.gz file, the form is broken! " and there is nothing on the Sophos website that explain it... then that's not a product support case, that's just a error for the webmaster to fix!

Lantizia

QC,

Sure there's Sophos Home that allows limited functionality (likely fine for many people, the real-time feature particularly) for free, but it's just for Windows and Mac.  It'd be a bit better if when SAV for Linux (Free Edition) is properly discontinued (i.e. announced as such)... they added Linux support to Sophos Home... but I doubt they will.

When it comes to the free edition update credentials, I never said I needed to "search for them"... it was just curiosity as to how it worked.  I'm not proposing they stop these credentials from working, just pointing out that a by-product of them continuing to work... might mean people still try to do fresh installs of Free SAV for Linux and thus would need to obtain the .tar.gz somehow if they didn't keep a copy.

EOS (either Sale or Support) and EOL are two very different matters.  Since the Free Edition of SAV for Linux never had any official support (i.e. with a SLA), nor was on sale... EOS shouldn't matter.  The question then remains of if it should be EOL.  Given it is the same product as the standalone SAV for Linux v9 (but with a free license), and the standalone version is going to be around until 2023... then surely it's no difference to Sophos to just keep it around?

You say TANSTAAFL (had to look that one up), sure... but the same can be said to Sophos as well.  You don't magic up customers... you bring them on side.  I can imagine Free SAV for Linux was intended (and likely succeeded... to what extent is unknown... but it certainly wouldn't have had the opposite impact) to spread awareness of Sophos and their products to Linux users... who, for the most part, are a fairly technically minded lot and more likely to be working in positions where their opinion might be sought or required when deciding on network products.

Ultimately... I wouldn't mind if Sophos shut down this "Free Tools" section of the forum (or just made it very clear it's community members only, no staff), but then continued to offer the .tar.gz and allow the free updates to continue.  Zero support for zero payment... but ultimately if people would like support, they can pay for it!  Obviously if the issue is just... " I can't get the .tar.gz file, the form is broken! " and there is nothing on the Sophos website that explain it... then that's not a product support case, that's just a error for the webmaster to fix!

Lantizia

Hello Lantizia,

I never said
I just used you as indefinite pronoun :). But you are right, not all Linux users are fairly technically minded so there's indeed the risk of "enhanced" packages.

EOS shouldn't matter
dunno how familiar you are with Sophos' Endpoint product line. A few months ago it looked like development of the on-premise finally regained momentum. To me the changes weren't necessary ones, they just looked like the usual minor release that directly or indirectly precedes the next major or even a new version. Why add 2FA to the console when I want customers to migrate to Central rather sooner than later? See my comment in Endpoint for more details.
All on-premise products EOS the free version would have been the last non-Central product available - it's withdrawal should perhaps underline that Sophos is serious with Central is no longer just the future - it's the only present. Well, actually they never said it.

an error for the webmaster to fix
The (sudden) demise of the download is simply collateral damage. The product was correctly marked as unavailable on the backend, free versions essentially being perpetual trials of low-end builds the backend returned the boilerplate unavailable. The rest is, I assume, not an error but simply wilful ignorance - none of the managers will cover the costs with his budget.

Christian

I'm not that familiar with the Sophos product line really. 

On the one hand I'm a member of staff for a non-profit where part of what we do is kind of act like an IT MSP to other non-profits/charities for free (absolutely zero cost without exception).  Often we'll recommend and support open/free software alternatives to keep our clients costs lower (and also offer free hosting to prevent a big bill from the cloud).  Sophos don't really seem to cater to this market, although they did once kind of say (in a live chat) that the XG Home Edition would be acceptable for non-profit use, but it just didn't feel quite right as they couldn't point to anything which actually stated this was OK licensing-wise.

On the other hand I work full-time for a mid-sized UK ISP, which is all geared towards Fortinet products when it comes to network security offerings (previously Stonesoft before that).  Whenever the topic of alternatives comes up though... I'm always there to pitch Sophos as I think some of the ways they go about doing things, solve problems that Fortinet are not solving.  Additionally (until perhaps now) I was under the impression that Sophos was a good friend to the Linux community, unlike Fortinet who have been known to commit GPL violations.

But I don't have a vast amount of experience with Sophos as I've never been in workplace environment that uses their commercially licensed products.

Which is why the Free SAV for Linux was good, it gives people like me a taste of things... and with that warm fuzzy feeling I can then recommend that someone (be that my employer, a client or chat with another techie) should at least look at Sophos before making a decision.

If anyone at Sophos is reading this, reconsider.

Especially as (please read my last post where I mentioned this) it shouldn't really add any costs or support time to you at all... the standalone version of SAV for Linux v9 is going to be supported until 2023 anyway!

Hi Lantizia,

I guess the confusion (for the most part) stems from the dates on when the product reached end of sale/support (or whatever the S in EOS is). You are probably correct in saying that it should not apply to the free version since it's neither for sale nor do users receive technical support.

I've seen the thread in the Server protection forum mentioned by QC along with another thread I found under Free tools and both were addressed by Shweta. So to end the confusion (and the question), let's settle with the free version is simply discontinued by Sophos. If Linux users like us want to continue using Sophos Antivirus for Linux, then the only way to go is to pay for a license.

The only other choices we have left in terms of free are (probably just) either Comodo or ClamAV. Unfortunately, an old test done by AV Test puts Comodo to nearly useless with very low detection rates of Linux threats. On the other hand, ClamAV appears to be a better option, but only if stacked against Comodo. Either we pay (Sophos) or go completely open source (with ClamAV). After all, some security is better than none at all.

It's very unfortunate to learn about this development, but it's beyond our control. It's just a fact of life when it comes to proprietary freeware: it can be taken away anytime. After all, Sophos is a corporation and not a charitable foundation.

I can't find any non-free standalone SOPHOS product for linux once the free version goes EOL in 2023.  Is there one, and if so what's it called?

Hi pastim 

So far, I have not heard about Sophos changing its mind, so there is none. You can read the exact words of their community support engineers through the threads I have quoted as links in my last response.

First they abandon Linux users. Next they abandon Android Go edition users. Don't be surprised if more of their offerings will disappear in the coming months. Simply put, Sophos no longer cares.

Pretty sure the point I was trying to make in my original post... is that Sophos consider the free edition for Linux to be EOL... 

NOW

Not in 2023 :) 

If it does continue to work (or update) for longer, that's a happy co-incidence that you shouldn't be relying on and they can pull the plug at any time.

Hi all,

The free Linux product will continue to receive updates; and will do so for the foreseeable future. The removal of the download for the free edition was inline with the EoS of our other products. 

Regards,

Stephen

Is there a non-free version that will continue past 2023?  I can't find it.

The product in Sophos Central will continue beyond July 2023

Forgive me for being ignorant, but what does that mean?  Is there, or is there not, any standalone version that will continue?  What does Sophos Central entail? I've looked, but am struggling to understand.  It seems to me that Sophos really don't want non-business users.  There are pretty pictures of screens, but I can't work out what runs where.  If I have a linux laptop, and carry it around, can it have an anti-virus system on it, or does it need to be on a network all the time?  

I am, as the above no doubt illustrates, baffled and dim.