Updated LU Security Software

[aebrown]

It would appear that every month to 4 months, Sophos has to do a major update of itself. I wonder what that's like.

Where did you hear that? My stake has been on Sophos for over 5 months, and I never noticed any major update that took an exceptionally long time. Since it updates almost every time you start up the computer, I don't see how it would get that far behind.

[aebrown]

I noticed today that it's taking a few seconds longer to boot the computer. So there's definitely an impact with the new Sophos AV/Firewall.

Well, there's no free lunch. With Symantec, you had to do manual updates. With Sophos, you get automatic updates. For units on broadband, those updates are done at startup, so it does take a little more time. But the benefits of staying current, and not having to run around to all the computers in the stake applying updates manually, are well worth a few extra seconds.

[techgy]

Well, there's no free lunch. With Symantec, you had to do manual updates. With Sophos, you get automatic updates. For units on broadband, those updates are done at startup, so it does take a little more time. But the benefits of staying current, and not having to run around to all the computers in the stake applying updates manually, are well worth a few extra seconds.

That's certainly encouraging. The updates must be occuring before the desktop appears. It's possible that the updates are downloaded during operation and then installed at the next boot, which would take a few extra moments.

The fact that you've been using it for 5 months give me some hope that we're embarking on well-proven path.

[jdlessley]

That's certainly encouraging. The updates must be occuring before the desktop appears.

The updates, whether it is for the virus definitions or program updates occur in the first few minutes after a user logs on. You can tell by checking the Sophos system tray icon. It is a shield with a green stripe while it is updating. For more information about the system tray icon and what its display means look here.

For FHC computers the on-access scanning is disabled. This is evidenced by the gray system tray icon. I am not sure about administrative computers. I did not yet checked the color of the system tray icon since the installation. You can read more about on-access scanning here.

[techgy]

The updates, whether it is for the virus definitions or program updates occur in the first few minutes after a user logs on. You can tell by checking the Sophos system tray icon. It is a shield with a green stripe while it is updating. For more information about the system tray icon and what its display means look here.

For FHC computers the on-access scanning is disabled. This is evidenced by the gray system tray icon. I am not sure about administrative computers. I did not yet checked the color of the system tray icon since the installation. You can read more about on-access scanning here.

It's odd that the on-access scan would be disabled for FHC computers. I would believe that the same protection would need to be available there as with the administrative boxes.

Anyway, thanks for the tips!

I still have 5 administrative computers to update with Sophos and the CM software upgrade. I'm going to give the wards a few days before I make the changes. The two machines at the stake were both upgraded yesterday and they're working fine aside from the slightly slower boot times and the fact that they both forced me to disable the Symantec services prior to the Sophos install.

BTW I had the occasion to contact MLS support yesterday morning on another issue and while I was on the phone I asked the tech if his department was responsible for the Sophos Package Installer and he confirmed that it was. I then mentioned the problem with the installer not shutting down Symantec and they are apparently aware of it.

[russellhltn]

Where did you hear that?

This page

Please note: We do not provide IDEs for versions of Sophos Anti-Virus that are more than three months old.

It appears there are two parts to the program. The version and the IDE files. The IDE is what updates on a daily basis. Installing the IDEs (virus signature files) will not upgrade your version. So somewhere along the line, you'll have to upgrade the version.

How major the version upgrade is, I don't know. On broadband, it may be trivial. Dial-up seems to be a different story. Our system keeps trying to download a file that it says will take 50-60 minutes to download on a 52Kb link shared with MLS.

[russellhltn]

Well, there's no free lunch. With Symantec, you had to do manual updates. With Sophos, you get automatic updates. For units on broadband, those updates are done at startup,

That has more to do with the way the church configured Symantec. Symantec is perfectly capable of updating itself over broadband as proven by the FHC version of the installs.

My best guess is that the church was trying to use the same configuration for both broadband and dial-up. Not finding a satisfactory solution for dial-up, they disabled updating altogether.

My concern is that the Church bought into a salesman's claims of smaller updates (4-14MB vs. 67MB) and didn't realize the issue of having to upgrade every few months vs. upgrading every few years. I know how easy it is to get burned on those details. (BTDT - got the T-shirt)

I'll be happy to eat my words, but the proof is in an effective process for dial-up users. I can think of a few ways that could be done, but there'll be some issues with each approach. We'll just have to see how this plays out.

[aebrown]

It appears there are two parts to the program. The version and the IDE files. The IDE is what updates on a daily basis. Installing the IDEs (virus signature files) will not upgrade your version. So somewhere along the line, you'll have to upgrade the version.

What do you mean by "you'll have to upgrade the version"? Surely you don't mean it will have to be done manually. I assume you just mean that there will be a somewhat larger download periodically as part of the automatic update process.

As you noted earlier, the version of Sophos that is installed by the new anti-virus installer is 4.47E. It then automatically updates itself to 4.49E the first time you restart, if you are on broadband. So it is clear that the automatic update mechanism updates not only the IDEs within a level, but actually upgrades the version as well.

My guess is that the big download you are seeing on your dial-up system is indeed a version upgrade from 4.47 to 4.49. That upgrade takes only a few minutes on a broadband system, but of course would be much slower on dial-up.

My concern is that the Church bought into a salesman's claims of smaller updates (4-14MB vs. 67MB) and didn't realize the issue of having to upgrade every few months vs. upgrading every few years.

I don't understand at all how you can claim that there are upgrades "every few months". My experience, and the Sophos page you linked to, both indicate that there is a version upgrade every month. Note that the versions are dated 200910, 200911, 200912, 201001. That sure looks like every month to me.

But the fact is that the Symantec upgrades were much larger on a daily basis than for Sophos. That daily update is the bigger factor than an occasional version upgrade (which Symantec did more often than "every few years", BTW). I don't think you have the facts on your side to insinuate that the Church got taken by a salesman.

[russellhltn]

What do you mean by "you'll have to upgrade the version"? Surely you don't mean it will have to be done manually. I assume you just mean that there will be a somewhat larger download periodically as part of the automatic update process.

The generic "you" as a system designer.

Yes, on broadband, it is done automatically. What will eventually be worked out for dial-up users is unknown. I would not rule out a manual process at this point.

I don't understand at all how you can claim that there are upgrades "every few months". My experience, and the Sophos page you linked to, both indicate that there is a version upgrade every month. Note that the versions are dated 200910, 200911, 200912, 201001. That sure looks like every month to me.

Yes, there is a version every month. But you can stay current with the definitions (IDE) for up to 3-4 months. Beyond that, one has no choice but to either upgrade or let the thing go stale. So "every few months" if you want to try and minimize the number of upgrades yet stay current on the virus definitions.

But the fact is that the Symantec upgrades were much larger on a daily basis than for Sophos.

Out of curiosity, do you know what the size is for a weekly update? The size I gave was for the manual download process which covers a lot more ground. I do remember the comment made that there was an issue if too many smalls ones were missed that the update file became rather large.

occasional version upgrade (which Symantec did more often than "every few years", BTW).

While Symantec did do version upgrades, they were rarely (if ever) required to be able to run the current virus definition files.

I don't think you have the facts on your side to insinuate that the Church got taken by a salesman.

I have yet to see Sophos do anything that couldn't be done by Symantec. Of course it's also possible that the church just got a better deal from Sophos. Budgets are still a very real consideration.

[pricer]

Just a comment, We recently changed to Sophos anti-virus at my work where I am the system administrator. Sophos is the best anti-virus/malware software I have ever used. It has caught more malware and virus attacks than any previous software I have used. I am very pleased with the choice of Sophos anti-virus to protect the Stake and Wards computers.