Monday, December 13, 2021

Sophos Home Premium

If you've ever wished shopping for antivirus could be simpler, Sophos just might appeal. There are no jargon-packed comparison tables, no pricing schemes so complicated you need Excel to figure them out: the company has one product, one plan, and that's it.

Sophos Home Premium is an unusual Windows and Mac antivirus which focuses on simplicity, yet still manages a decent feature list: real-time and on-demand virus protection, anti-ransomware, anti-phishing, parental control-type content filtering, keylogger protection and more.

Sophos Home doesn't have a mobile app, but users can protect their devices with free Android and iOS versions of Sophos' Intercept X app, instead.

(There was once a Sophos Home Free version, too, but unfortunately, it's now been dropped. Which makes your choice even easier: it's Home Premium or nothing at all.)

Pricing is simple, too. There's one plan which covers up to 10 Windows or Mac systems. One year's coverage costs $60, rising to $100 for two years, or $140 for the full three years. Looks like good value to us: Bitdefender Antivirus Plus costs $80 to cover 10 devices for a year, and Kaspersky Antivirus' charges $130.

If you're still unsure, there's a free trial available. Payments can be made via card or PayPal, and if you sign up and regret it, there's a no-questions-asked 30-day money-back guarantee.

Installation

(Image credit: Sophos)

Setup

Download the Sophos Home Premium trial, hand over your email address and within a couple of minutes it'll be installed and running a first system scan.

This isn't a speedy process, with the app taking 52 minutes to scan our 50GB of test executables, 21:22 on the second run. Most antivirus take 15-30 minutes first time, and by scanning only new and changed files, later runs can be very fast (Bitdefender dropped to under a minute.)

We were surprised to find Sophos Home had added around 1.5GB of files to our system (we're seen far more powerful suites use much less.) 

Sophos Home also left up to 18 background processes and a handful of drivers running in the background, more than we've seen in any recent review.

PCMark

(Image credit: PCMark)

Running top benchmark PCMark Professional before and after installing an antivirus gives us a measure of its performance impact, and Sophos Home Premium sapped our speeds by 5.9%. That's significantly more heavyweight than most of the competition, who typically show a speed drop of around 1-2%.

There's another potential downside in having so many active processes, in that this could give malware more opportunity to attack and perhaps disable your protection. We test this in several ways – by trying to kill or stop processes, delete key files, pause or remove services, unload filter drivers and more – but Sophos' tamper protection did its job, blocking everything we tried.

UI

(Image credit: Sophos)

Interface

Double-click the Sophos Home system tray icon and the program's very simple interface appears. There's status information (last update, last scan time), a Scan Computer button, and a handful of other buttons for lesser functions (management, settings and a few other bits and pieces – more on those later).

Tap the Scan button and Sophos Home runs a full system scan on your PC. There's no upfront way to customize the scan, and no quick scan, or removable device scan, or indeed any other scan type.

Sophos adds a right-click option to Explorer, which is useful as a way to scan a particular file, folder or drive. Unlike Bitdefender and Kaspersky, though, this doesn't support simultaneous scans. If it's busy running a lengthy system scan, and you try a right-click scan from Explorer, you're warned that 'a scan is already running, try again later.'

Scan Progress

(Image credit: Sophos)

Sophos also adds an icon to your system tray, but it doesn't do very much. You can left-click it to launch the program, but that's it; there's no right-click menu with shortcut options, and the icon doesn't change to reflect the app state (scanning, virus found, and so on.)

This simplicity certainly means that Sophos Home is easy to use, but if you're looking for any level of power or control over the app, expect to be disappointed.

Scan Report No Details

(Image credit: Sophos)

Antivirus options

Sophos Home does have some security options and settings, but they're only available via a web interface. Tap the Settings button, for instance, and a browser tab opens at the Sophos website. Log in and you can then begin configuring the program.

If you're thinking this is a little inconvenient, we agree. But once you're logged in, it doesn't take any more time, and it does at least mean the support pages are only a click or two away, if you need them.

This kind of central management is also good news if you're intending to use Sophos' remote device management features. If your family aren't technical types, for instance, you don't have to worry about them messing with low-level antivirus settings, because the client doesn't have any. If there's a problem, they can contact you, and you're able to log on and make whatever tweaks you need within a couple of minutes.

The Sophos Settings pages open at the Protection tab, where there are tools to schedule scans and exclude particular drives, files and folders from checks.

Advanced options include the ability to enable or disable multiple techniques used by Sophos to block common exploits. There's specific exploit protection for browsers, browser plugins, Java and more; prevention of privilege escalation, code cave utilization and APC violations; and further layers to fool sandbox-aware malware, prevent backdoor traffic, protect against DLL hijacking, and more.

These lists are interesting, and it's good to see Sophos covering so many common attack vectors. But as almost all of these settings are highly technical, and turned on by default, they're unlikely to help most users.

For example, even if you know that the 'APC violation' switch aims to 'prevent attacks from using Application Procedure Calls (APC) to run their code', would you be confident enough to know when it should be turned off, and what the consequences might be? (It's okay, we're not even slightly qualified to decide that, either.)

It's good to see that Sophos Home Premium has at least some configuration options, and the ability to schedule scans and exclude particular objects is helpful. But the other settings won't make much difference to anyone, and overall, the package is still distinctly short on genuinely useful settings and tweaks.

Test Reports

(Image credit: MRG Effitas)

Protection

We normally check an antivirus’ results with all the main testing labs to get an idea of how it performs. That's a challenge with Sophos Home as it's not covered in all the labs we follow, but there are enough mentions to give a feel for its abilities.

SE-Labs Home Anti-Malware Protection tests have covered Sophos for a while, with some mixed results. The Q1 2021 test saw Sophos placed equal first with 100% Total Accuracy Rating; by the Q3 2021 report, it was last with a Total Accuracy of 94%.

MRG Effitas 360 Assessment & Certification measures how well business antivirus products protect against ransomware, banking malware and other threats. It's looking at a different product - Sophos Intercept X rather than Home Premium - but it's still reassuring to see the Q3 2021 360 Assessment report finding Sophos amongst the best of the contenders.

Threat Detected

(Image credit: Sophos)

We ran further tests of our own. These started with behavioral monitoring checks, where custom executables exploit common Windows tools and tricks to weaken security settings and download malicious files.

Sophos Home Premium seemed unconcerned about most of this, ignoring the behavior and allowing our executables to keep running. Trend Micro was much tougher on our apps, spotting their unusual actions and closing them down immediately, and Bitdefender and Kaspersky weren't far behind.

The engine did immediately detect and quarantine any malicious files, though. And Sophos' detection is so good that even our custom ransomware was blocked before it could touch our test documents. (Some antivirus only realize there's a threat after it begins encrypting files, many never detect it at all.)

Sophos clearly performs well in some areas, then, not so much in others. There's not a lot of data to go on, though, and we would like to see Sophos Home covered at AV-Comparatives and AV-Test to get a clearer idea of how it compares to the competition.

Web Filter

(Image credit: Sophos)

Blocking malicious URLs

Sophos Home Premium includes a simple web protection layer which aims to keep you safe from dangerous websites. That's great, but beware, it only works with the most common browsers (Chrome, Firefox, Edge, Safari, Internet Explorer.)

We tried to visit some up-to-date malicious links provided by top security company MRG Effitas and Sophos caught them all, raising desktop notifications to highlight the problem.

The app didn't falsely flag any websites during testing, but if that happens to you, there's no 'let me in anyway' button or other quick way to bypass Sophos and load the page.

To get around the block you must open the Sophos Home Premium console, click Settings > Web and enter the URL or domain you'd like to whitelist. Not difficult, at all, but it could still be a hassle if it happens regularly.

Of course, if you're looking to impose restrictions on someone else – maybe your kids or employees, for example – making it more difficult to get around this web protection could be a real plus. Just keep in mind that if they install and use an unsupported browser, such as Brave, they won't be restricted at all.

Content Filtering

(Image credit: Sophos)

Content filtering

Sophos Home Premium has one of the shortest feature lists in the antivirus world, but poke around in the web-based Settings menus for a while and you'll find one unusual extra: a simple parental controls-like content filtering system.

Don't get excited – it's extremely basic. There are three lists of site types: 'Adult & Inappropriate', 'Social Networking & Computing' and 'General Interest', and these include various content areas which you might like to block: 'Drugs', 'Violence', 'Networking' and so on. All areas are enabled by default, but you can disable any with a click.

It doesn't take long to begin spotting issues. There's no single item to block social networking sites, for instance. And while there's a site whitelist for domains which should never be blocked, Sophos Home doesn't provide a blacklist to specify sites which should never be available.

Still, it's easy enough to get started, and you can limit access to the worst of the web in a very few clicks.

Once the system is set up, attempting to visit a site in a no-go category got us a desktop notification, and a message in our web browser explaining that Sophos Home had blocked access to the site.

While that sounds good, there's a problem. As with the malicious URL filter, the content filtering system blocks access from the top browsers only, so if a user installs something like Brave they'll be able to view whatever content they like.

Tech-savvy teenagers will bypass Sophos Home Premium without much difficulty, then. But if you're just looking for something to protect very young children from discovering web nastiness by accident, this feature could still be useful.

Webcam Alert

(Image credit: Sophos)

Webcam hijacking

Although the Sophos Home Premium interface lists Privacy as one of its layers of protection, this only includes a single item: monitoring for webcam hijacking.

We tried grabbing a frame from the webcam with a custom app of our own. A very obvious alert appeared in a blue band across the center of our screen, much better than the small (and quick-to-disappear) desktop notifications you'll get with some products.

The alert asked us whether we'd like to block or allow our app to access the webcam. We tapped Allow, and our app was able to grab its frame.

That's all good news so far, but once again, there's a catch or two.

The first problem is webcam access alerts aren't consistent. The warning generated by our application was very clear, but when we tested webcam use via a website, Sophos Home only displayed a small notification that 'Host Process for Windows Services 10' required access, and didn't give us a Block/ Allow choice. A user might easily assume that this is a legitimate Windows process and so not an issue.

The second issue is even more fundamental: Sophos Home Premium doesn't maintain a blacklist or whitelist of our decisions, and instead, every time we ran our webcam frame-grabbing app, it asked us if we'd like to approve access again.

Sophos' webcam protection can keep you safe to a degree, then, but it's extremely basic, and some users may eventually turn it off to avoid annoying alerts.

Bonus Features

(Image credit: Sophos)

Bonus features

Sophos lists several other features as a part of Home Premium's armory, but they're not always easy to test.

The company says, 'Sophos Home supports password security by preventing malware from stealing your usernames or passwords stored in your machine’s memory', for instance, but we don't have a meaningful way to measure that. 

The company claims Home can 'secure your banking and credit card information against malicious third parties and keylogger software.' We're unclear how they're protecting users from 'malicious third parties', but the keylogger claim is easier to check.

We ran a keylogger of our own, launched Chrome and logged into a couple of sites. Checking the logs, Sophos had done its job; our keylogger recorded a character for everything we typed, but it was scrambled, so for instance 'password' became '7xhnkw63.' 

This didn't work everywhere. It scrambled our keypresses in Chrome, for instance, but not in Outlook or on the Windows desktop. Still, even that is a very handy extra feature, and a positive way to end the review.

Final verdict

The lack of features and configurability may be a problem for experienced users, but Sophos Home could be worth a look if you're after a simple centrally managed antivirus to protect several desktop PCs. It helps that the price is right, too.

We've also highlighted the best antivirus

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Categories

Blog Archive