Sophos: the early years

Filed Under: Malware, Spam

It's Sophos's 25th birthday, which seems as good an excuse as any to take a look back.

Jan Hruska and Peter Lammer, the two founders of Sophos, met in Oxford in the mid-1980s. Viruses weren't really a problem back then, although a handful did exist. Interested in technology, they chose to work together and formed a company called Sophos. (The name, by the way, stems from Ancient Greek meaning "Wise or Learned" - in modern Greek it reportedly means "Smart Ass").

Jan Hruska and Peter Lammer in the 1980s

Kidlington house
(Yes, I know they look like a pair of private detectives from a 1970s TV show, but that's how people dressed in the mid-1980s, okay?)

The two started working together, based in a semi-detached house in Kidlington, Oxford. It was just the two of them, a grand piano, and a German Shepherd dog.

Their first venture, however, wasn't anti-virus software as you might expect.

Instead, they created a "portable" computer called the AC-86. It was no larger than many of today's notebooks, just thicker. It had a CMOS 8086 chip, made by Harris Semiconductors (under licence from Intel), to give it some processing grunt, and was designed to run DOS version 1.

As you can see in the following image from the archives, the Sharp LCD graphics screen was very small by today's standards (more like a letterbox) with support for 14 lines of 80 characters.

A portable computer from Sophos?

Unfortunately, production costs were very high, and the desire for portable computers were still very low. The pair only created one prototype of their portable computer, and it was never sold publicly.

The timing was just plain wrong for the two budding entrepreneurs. Maybe software would be more of a success?

The two then ventured into encryption software for the disk operating system (DOS), and developed encryption (DES and RSA) and authentication (ISO 8731) modules.

In the dark days of DOS, people commonly shared computers (because of expense) and there weren't passwords and user accounts built into the operating system.

In other words, all users could see everything being done by other computer users. People wanted privacy for their files and encrypting them seemed like a good solution.

After a few years of Sophos selling encryption products, a Norwegian distributor mentioned that securing against the growing number of viruses could be a growth area.

By the late 1980s, many anti-virus companies, including Sophos, had been established around the world. These were small firms, usually with two or three people. The software consisted of simple scanners that performed context searches to detect unique virus code sequences.

And the rest, as they say, is history..

Co-founders Jan Hruska and Peter Lammer continue to serve on Sophos's board of directors. As you can see, the intervening 25 years haven't changed them at all..

Jan Hruska and Peter Lammer today

Today, Sophos has offices around the world and does much more than just protect your computers against malware. Over 100 million business users are protected by our solutions, helping to secure computers in hundreds of countries around the globe.

25The-powers-that-be at Sophos are offering non-profit organisations the chance to benefit from 25 free licences for Sophos Endpoint Security & Control as part of our 25th birthday celebrations.

25 free licences for 12 months are available for 25 charities worldwide, just answer a simple question if you'd like to be put in the hat.

What an amazing 25 years it's been - who can guess what will be the state of computer security will be in another 25 years? If you have any thoughts, or simply want to wish us a happy birthday, leave a comment below.

, , , ,

You might like

8 Responses to Sophos: the early years

  1. Shahbaz Ahmed · 1800 days ago

    is a good product. sophos should introduce the automatic backup in simple steps for management servers, database server.

    Memory consumption is too much it affect the system performance. should think about it. 20-120MB right now. while others like Kaspersky is not using too much.

  2. ♫♪♫ Happy Birthday ♫♪♫ haha reading this was fun ... I remember when ... although I was into computing in the early 80's (a commodore -- lol) I was and am not into coding although I have always had computer 'geeks' around to help and have found it all very interesting! Thanks for your warnings and help on social network items .... I find Grahams blogs to be current, easy, and on the mark .... cheers!

  3. Lawrence · 1796 days ago

    First came across Sophos on military computers in 1993. I believe that it is the best AV product available in the world. I frequently recommend it to other companies. My regret is that it is not something (I don't think) that is readily available to individual users.

  4. Dave · 1795 days ago

    Happy Birthday, I guess you're not still using that bunch of Amstrad PC512s(?) that were swapped for some licences as your early develop / test machines back then! And thanks for the ongoing Facebook scam warnings that I hope my kids actually read when I pass them on. Dave

    • Paul Ducklin · 1795 days ago

      The memories (all 512KB of them)! They were PC-1512s, IIRC.

      I joined Sophos in 1995, and we had several working ones in use then - I even had one at home, for those weekend research moments, and there were one or two in the virus lab. They were useful because they had an 8086 (not an 8088) CPU.

      In the DOS and early windows 95 days, malware often used tricks which were CPU-specific. And the various chips available all had pecadilloes in how certain instructions were implemented, and in how long the prefetch queue was. (That was important when you were dealing with self-modifying code which adjusts itself just ahead of the instruction pointer.)

      I made sure I had access to at least one of 8088, 8086, 80186 [*], 80286, 80386, 486 and the new-fangled Pentium (which autoflushed the prefetch queue if you wrote to it, giving it an effective "immutable future instruction queue" length of zero).

      So by 1995, they were already all but surplus to requirements, I'm afraid. I no longer have "mine" - I forget when it was returned to Sophos HQ for permanent retirement, but it definitely didn't survive my move to Australia in 2001.

      [*] An 80186, honestly! HP200LX. The best (and the worst!) netbook I ever had.

  5. Patti · 1795 days ago

    Thanks for sharing the story of Sophos humble beginnings...and congrats on your 25th Anniversary! We have been using Sophos since the early 90's! Keep up the great work!

  6. Alison · 1440 days ago

    Very interesting story and glad you are still around - happy birthday.

  7. scott · 177 days ago

    We introduced Sophos to our office back in the very early 90's based on the recommendation of some large mining clients.

    That was before most people even knew about Windows, modems, browsers, and that the internet was some US DoD thing!

    Since 1992, not a single virus has successfully made it onto network. In fact, I can't think of any Sophos user who ever got infected etc OR a time where I needed to spend more than 5 minutes confirming an attempted breach failed.

    It's been great to watch the years go by and see our global IT team adopt Sophos throughout the organisation.

    Is Sophos still Her Majesties preferred anti-virus? I recall the UK Royalty adopting it some 10+ years ago.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley