Wednesday, July 1, 2009

Sophos Anti-virus

I just cannot recommend Sophos Anti-virus as a corporate grade protection system. The product just has too many design flaws and bugs.

I also find their support method of providing support only over email vaguely disturbing. Sure, you can call them and try to get your assigned support person onthe phone to discuss the case, but they will never call you and will only send you emails. Most of the time I prefer to talk to somebody in a support situation and use email for the transfer of raw data. Maybe that's just me though.

When getting their overpriced professional services out for a "Health Check" and general fixing session, the guy broke as much as he fixed and weeks later I'm still trying to fix issues that have been plagueing us for months. The results of the "Health Check" were very meager and mostly consisted of data recorded or exported from the system that I could have obtained myself.

Their AD synchronisation will not clean up computers removed from AD and their client/server system cannot handle this because thousands of message files build up and fill the hard disk!

The inability to assign a policy to a machine that registers as "Unassigned" just makes me shake my head in awe and mutter "What were they thinking?"

Some of their error message make no sense! What the heck does "Requested value '.' doesn't exist" mean? The current directory doesn't exist?

The reporting is almost non-existant**, providing reports only on alerts. No reports on versions, last contact or anything really useful. Let's face it, if the machine has reported an alert, you know it's working. It's the machines not reporting in that I would worry about. I had to write my own SQL code to get useful information straight from the database.

Even their competitor removal tool is flawed, forcing me to script around its failings. That should've been my first warning. (I'm picturing the robot from 'Lost in Space' shouting 'Warning Will Robinson!")

Their remote installer relies on scheduled tasks, which would be cool if that didn't have
bugs of it's own that can prevent it from functioning correctly.

Almost worst of all is their flawed distribution system, which has no method to allow a mobile machine to detect its closest distribution point. If I take my notebook from Sydney to Brisbane, do you think it will update from Brisbane? Nope, it'll update over the WAN from Sydney. Their solution to this is to suggest we use DFS, which is a valid solution, but doesn't make me think their product is robust when their competitors offer inbuilt solutions to this issue.

"Warning Will Robinson!"


** Edit: Sophos now have a new updating system that uses "Fixed Versions" representing the previous three monthly releases for each operating system that are updated with new threat detection data, and have new labels that incorporate "Recommended", "Previous" and "Oldest" versions of the software. They also have more reports available in version 4.0 of their Enterprise Console.


No comments:

Post a Comment