Within the framework of an NRW state license agreement, institutions of the RWTH Aachen University can use the virus scanner “Sophos Antivirus” as well as the corresponding management console “Sophos Enterprise Console” free of charge. In addition, members of the RWTH are allowed to use the software privately.
Now the company “Sophos” has discontinued the on-premises variants of its virus scanner as well as the management console “Sophos Enterprise Console” on July 20, 2023. Starting then, these products will no longer be provided with updates by the manufacturer. To find out if and/or how this is relevant to you, continue reading this blog post.
To-Do: Migration to “Sophos Central” and “Sophos Home Premium”
What does this mean if you want to continue using Sophos Antivirus? The existing installations of “Sophos Antivirus” and “Sophos Enterprise Console” must be replaced by the corresponding successor products by July 20, 2023, at the latest.
For RWTH institutions, a free migration to the cloud-based successor platform “Sophos Central” is available. For private users, a free migration to “Sophos Home Premium” is possible within the framework of the NRW state license agreement.
Background: Rapid Development of Malware
In the past, malware detection was largely based on so-called signatures. These are unique patterns of already known malware. These signatures are provided by the manufacturers of antivirus software with the help of continuous updates, which the local scan engine uses to identify malware.
However, with this technique, even slight changes to the malware are often enough for the signature to no longer fit. A virus “mutates” and is thus able to change its own code slightly. This makes it more difficult to identify.
Due to different variants of a virus, signatures need to be constantly updated. However, this process is further complicated by the rapid development of malware. With each virus variant, the signature becomes potentially less accurate, which in turn can lead to false positives.
At the same time, the threat scenarios themselves are changing. Hackers, for example, exploit security gaps in installed software or use administration tools installed by default for their attacks.
Solution Approach: Cloud Systems
Modern antivirus software uses additional techniques to detect and prevent attacks, such as behavioural analysis. This method analyses the behaviour of processes on a computer and detects abnormalities. On the one hand, this is computationally intensive, and on the other, the database of a single system is not sufficient for such an assessment.
For this reason, manufacturers are using cloud systems in conjunction with artificial intelligence. This enables a broad database for behavioural analysis with the help of the extensive cloud resources. It also speeds up the detection of new attack patterns and the deployment of appropriate countermeasures.
For more information and guidance on the transition, visit IT Center Help.
The IT Service Desk is also available by phone at +49 241 80 24680, by e-mail, and via chat.
Responsible for the content of this article are Jelena Ćulum and Michael Wirtz.