This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Sophos protect against any exploits which utilize vulnerabilities in unsupported OSs?

Since I am still running 10.8 and booting occasionally to 10.6, both of which are no longer supported by Apple, I would like to know if Sophos can protect against any exploits utilizing any of the unpatched vulnerabilities present in these OSs? 


I realize that Sophos can not by itself patch OS vulnerabilities, that's up to Apple. But does Sophos protect against any exploits made possible by way of these vulnerabilities in unsupported OSs? Or does Sophos, regardless of the OS, protect only against known, cataloged malware (trojans) and adware?



This thread was automatically locked due to age.
Parents
  • The current product technology for file scanning and web filtering provides protection against known exploits actively in use in the wild. Such exploits we detect and block may or may not be applicable on older versions of OS X. I don't have an easy way to find out, as we don't categorize threats by OS version.

    I don't think its possible for any product to guarantee protection against unknown exploits for any version of OS X (despite any marketing claims).

    The real risk (the root of your question) is the existence of an exploit that is used in the wild, but only against a very small number of targets. This increases the chance that such an exploitation will never hit the radar of security researchers nor does it trip any existing detection technology. Its unknown how to answer such a question with absolute certainty, so instead you have to consider the possibility of the existence of unknown exploits.

    Given that Apple stopped supporting, and presumably has stopped testing these older versions of OS X, the chance of unknown exploits being discovered (and used by bad actors) is likely somewhat higher. How high? Hard to say, but by past experience the risk is not very much higher than the supported versions of OS X. Can't guarantee it though - only Apple could do that, and seems unlikely they will say much on the topic.

    Hope that helps.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • Follow up question then, can I take what you have said to mean that "exploits" are not narrowly defined by Sophos only if there are specific trojan (or adware) signatures, either by name or content?

    And, second, as examples only, since, when they were current, I quickly applied patches to my 10.6 for both of these from outside of Apple. (Currently running mainly 10.8,  also unsupported now. Still occasionally boot to 10.6.) But would Sophos have protected, or does it protect, against Shellshock http://www.zdnet.com/article/first-attacks-using-shellshock-bash-bug-discovered/

    Or against the NTP vulnerability

    http://www.zdnet.com/article/major-ntp-security-holes-appears-and-are-being-exploited/


    They issued patches for some OSs higher up, but Apple did nothing for 10.6 for either of these. Did (does) Sophos protect against any attacks based on either of these vulnerabilties found in the wild?


    Or is it possible for you to give an example of an exploit proceeding from an unpatched vulnerability for which Sophos does offer protection?

    >>"I don't think its possible for any product to guarantee protection against unknown exploits for any version of OS X (despite any marketing claims)."

    Yes, definitely, and not asking for that. Asking to what extent Sophos does protect against known exploits which issue from unpatched vulnerabilities. And yes, I am aware that some of this stuff is used in targeted attacks, especially by state actors against political adversaries, or for targeted corporate theft. Not generally worried about being the victim of one of those.


    Bottom line question, does Sophos take up any of the slack that Apple ignores?

  • Hi ,

    We've received your question and we'll get an answer to you next week. Have a great weekend!

    Bob
Reply Children
No Data