Sophos Assistant - Feedback and Experiences

Hi,

I have never used the Assistant, so I cannot comment on its functionality or use. What I can comment on is its annoying presence in the DUI windows. Secondly it does not appear to be part of the back/restore process. I rebuilt my XG115W, performed a restore only to find the Assistant was still functional, it was enabled in the backup.

There appears to have been considerable effort put into developing what appears to be security risk to your XG/S installation. The development effort would have been more value in building IPv6 functionality or fixing the failure to automatically renew IP addressing after a wan link failure, but marketing obviously had a big say in the development of the Assistant that adds nothing to the security functionality of the XG/S.

My 10c worth.

Ian

Ian i would disagree about this one. What do you mean by security risk? Do you see whatfix (external partner) as a vulnerable vendor? Can you backup this theory? 

And this external integration is something, which is not provided or maintained by the firewall development team. So it actually did not extract development effort what so ever. 

LuCar,

you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

If the firewall development team were not involved how was the functionality imported and QA tested in the XG? Sort of leaves the Dev team support not having a full underetasting of the security risks involved and how to investigate any issues arising?

Ian

Whatfix offers a Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos. Whatfix will simply create workflows within the html page. So the tool and the way, this tool works, is not build by Sophos. 

All Vendors are approved and revisit by several teams within Sophos. See: assets.sophos.com/.../sophos-data-processing-terms-for-suppliers.pdf

I have never used it because my opinion is such 3rd Party data collections directly on the user front end must not be in a security product. As it tracks many things you do while doing your job on the firewall, I find it most suspicious. Especially when you notice, it sends data to non-Sophos URL - here whatfix and usersnap.

When ou launched it, it was just there, no information about it, nothing could be adjusted nor could it be disabled.

So one of the first things was to block it on our firewalls.

Now with some of the later versions, it can be disabled but I do not trust it. As written, I don't want hard coded 3rd party integrations in a firewall. Sophos now sometimes communicates to do your feature requests with that widget to some anonymous data bucket. Hm, no.

One of the older threads about it.

community.sophos.com/.../xg-is-contacting-whatfix-com-when-i-change-firewall-rules

didn't used it.
Security-problem: Every code loaded into a webpage/tab has additional rights ... like recognizing/collecting keyboard activity and others.

rfcat_vk said:

you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

The answer "... Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos..." may be correct, ...

but .... "you are allowing an external third party source which you have no control over to access the configuration page of your Network security device while admin is logged on ...

I can't find the "option to opt-out of the Sophos Assistant" (from 19MR1 release notes). 

Hi,

the feature does not appear to be part of the backup/restore process, because mine was enabled after a rebuild and a restore.

Ian

I have never used it. Bit the same as the other answers, why would I trust something like this. Besides that I assume most admins should know how to setup basic things like remote access and site-to-site VPN pretty well.
When a more sophisticated question arises, then I have always relied on the community forum which usually provides me with very rapid and knowledgeable answers.

I didn't learn before how to turn it off, but now thanks to the the screenshot by rfcat_vk  I have immediately turned it off.

The assistant is a bit of of solution to a non-existing problem IMHO.

With the recent backdoor that was found on Juniper networks, it makes sense why users do not trust anything that could be exploited from the outside. A few years ago there was also an SQL injection vulnerability that was used to gain access to the XG firewalls webadmin and user portal. Do we really need another reason?

Do not forget: You(the person commenting) are actually/most likely not the target group of this tool. 

I learned this by talking to several admins and partners. Because i could not understand, why somebody use a wizard, if you can gradually setup it yourself. But most people use this tool simply due the fact, they have to do a job and do not have the time to read something. 

So "most admins should know..." is a not valid statement, if you have one firewall and a partner, which setup your box and you want to do something at your own after one year of runtime.