back to article Sophos SafeGuard anything but – thanks to 7 serious security bugs

Companies running Sophos security clients will want to update their software following the disclosure of seven privilege escalation flaws in the security suite. Sophos says its SafeGuard Enterprise Client, LAN Crypt client and Easy software on Windows are all vulnerable to the bugs, which can be exploited by an attacker to run …

  1. Anonymous Coward
    Big Brother

    Really,,,,

    Guess GCHQ has no further use for these backdoors.

  2. Nick Kew
    Angel

    Contrast

    Once again, the contrast with Kaspersky springs to mind. Is there one of those irregular verbs in security software?

    I protect just fine so long as users stay up to date.

    You patch those flaws that could expose your users to risk.

    They spy on their users.

    1. Anonymous Coward
      Anonymous Coward

      Re: Contrast

      Umm, OK, yes, but I just decided to remove Kaspersky for Mac. It *seriously* gets in the way to the point where there's little added value in letting it run in the background (Safari is redirected to a service which doesn't seem to work). Just running it as a service you'd start up every so often isn't really possible.

      I'll park it for a bit and run it only when I decide the machine needs checking again. Shame, though.

  3. mrobaer
    Windows

    Nettitude blog entry

    The disclosure timeline was interesting to see.

    I wonder if Microsoft schedules a specific Tuesday within sixteen months of having a bug disclosed to them to release a patch?

    1. RyokuMas
      Stop

      Re: Nettitude blog entry

      "I wonder if Microsoft schedules a specific Tuesday..."

      Not really an option when the self-appointed software police decide to go public with the exploit before testing can be completed...

  4. Andy The Hat Silver badge

    Glad to see that all this is all purely "bug" - there can be no infiltration or spying links as Sophos is a good British company and therefore not associated with the nasty Ruskies ... so nothing to see here, patch and move along ...

    1. Sophos GES
      Mushroom

      Few details missing from this article...

      Thanks Andy The Hat!

      Also in true The Register fashion they've also neglected to mention the fact that not only are there no known attacks leveraging those vulnerabilities (or even exploits for them) being available but also this vulnerability can't be executed remotely.

  5. pricey905

    Sophos Safeguard is Whole Disk Encryption

    Sophos Safeguard is their Whole Disk Encryption product and not their endpoint security application so any reference to Sophos Anti-Virus for Mac is probably irrelevant!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like