Sophos Cloud Optix
Regular readers of Naked Security will know that we aren’t terribly prone to commercialism.
We don’t think we need to be.
The brand we represent is pretty obvious, after all.
We have the domain name nakedsecurity.sophos.com, and our corporate logo appears on every page, where we say, “Award-winning news, opinion, advice and research from SOPHOS.”
Nevertheless, we’d like to offer you some free Sophos stuff.
Here’s why.
You may have seen our popular article entitled DO THESE 3, where we give you three ways to boost the safety and security of your on-line life.
The first task we ask you to do, especially if you act as unofficial home IT support for friends and family, is to get serious about keeping malware out.
Of course, that’s a bit like saying to a student with a examination coming up, “Don’t forget to do your revision!”
It’s well-meant advice, but it begs the questions, “How? What tools and techniques would you recommend? Where do I start?”
So here is a brief and, we trust, unpushy list of four free tools you can find on our website.
Sophos Virus Removal Tool
This is a simple and straightforward tool for Windows users. It works alongside your existing anti-virus to find and get rid of any threats lurking on your computer.
It does its job without requiring you to uninstall your incumbent product first. (Removing your main anti-virus just when you are concerned about infection is risky in its own right.)
Download and run it, wait for it to grab the very latest updates from Sophos, and then let it scan through memory and your hard disk. If it finds any threats, you can click a button to clean them up.
Sophos Anti-Virus for Mac Home Edition
Yes, Macs get viruses too.
And even if you never see a virus that directly attacks your Mac, the chances are good that you’ll encounter malware from your Windows-using friends (or even from your own Windows partition, if you dual-boot your Mac).
Sophos for Mac stops threats for Windows and Mac alike, protecting you and those you share files with.
Choose from blocking viruses in real time (on-access protection), scanning at scheduled times, or running a check whenever you want.
Sophos Mobile Security for Android
Our Sophos Mobile Security app protects your Android device without reducing performance or battery life.
Using up-to-the-minute threat data from SophosLabs, we automatically scan apps as you install them.
As well as malware protection, you’ll also get: loss and theft protection with remote lock and wipe; a security advisor to alert you if you inadvertently activate risky configuration settings; security scanning of SMSes you receive and of web pages you visit; plus a privacy advisor to help you decide whether an app is asking for too many permissions.
Sophos UTM Home Edition
You’ll need a spare computer to install it on, and you’ll probably want to get your unofficial home support techie to set it up for you, but if you do, you’ll have our award winning network security device for businesses, 100% free for home use.
That includes all the Sophos UTM features: email scanning, web filtering, a VPN, web application security, and everything you need to keep up to 50 devices on your home network secure.
In you live in a shared house, or you have children to look out for online, this could be just the product you need.
Better yet, you get 12 free licences for Sophos Anti-Virus for Windows that you can install and manage throughout your household, right from the UTM web console.
You can get any or all of these tools free of charge from our website.
So, if you’ve been thinking, “I really ought to get more serious about cybersecurity,” just remember that there’s no time like the present.
Image of counting hands used on Facebook courtesy of Shutterstock.
Hi, thanks for your efforts to incease security. Speaking of Sophos stuff, is Free Encryption still available?
Well, now…it is, and it isn't 🙂
You won't find it listed on the Free Tools page any more.
But if you follow the direct download link in this article:
http://nakedsecurity.sophos.com/guest-blog-sophos…
Then (as at 2013-10-16T05:40Z) ) you can still grab yourself a copy.
Are there really 12 free licenses for endpoint protection with UTM Home?
I Love the product and its great to keep the family safe. But mine says
12 ( 10 licensed Users + 2 free Users )
So I have not bothered to replace the Antivirus solution I use with these endpoints. How do I enable all?
Ah. That confused me at first, too. IIRC. If it just said. "You have 12 licensed users," or "You have 12 free users," it would be a bit more obvious.
IIRC, the free UTM download comes with two licences hard-wired into it. When you activate the licence code that we send you when you register, then 10 more are added.
So you do indeed have 2 free and 10 licensed users, it's just that the 10 licences were free as well 🙂
Hope this makes it clearer – in short, ignore the licensed-versus-free distinction and go with the line that says "Max Users: 12."
Thanks for the clarification. Will tonight go around the house and swap endpoint protection. This is a real treat!
Why do you need a spare computer to install the Sophos UTM Home Edition? How many people have a spare computer laying around? I don't understand this.
The Sophos UTM is a full-on network gateway/firewall – like the router you probably have plugged into your internet connection, but with loads more features, stronger protection, regular and automatic updates, etc.
It's designed to sit *between* your network and the internet, keeping the good stuff in and the bad stuff out, in the same sort of way you might have a security grille in front of the entrance to your house or apartment, even if you already have a lock on the door itself.
The idea is to give you protection over and above the endpoint security software such as anti-virus that you have on your regular computer, for example by scanning your web downloads and removing infected content before it even reaches your PC.
It also provides protection for devices that don't have protection already installed – such as computers your friends might bring round, or mobile phones and eReaders your kids are using.
That means it's a self-contained server, and runs on a separate computer on your network.
As for spare computers – quite a few people do have spare hardware (that laptop you replaced back in 2011, for example), and, at least in my experience, it's often just lying around, waiting for "a cool project to use it with" 🙂
So…here is just such a cool project!
(You could even consider buying one of those bare-bones miniPCs specially to run the UTM, if you're keen. It needn't be more expensive than buying a dedicated top-end home router, which is separate computer.)
If it sits "between", doesn't that imply two network ports?
I'm even more confused. Aren't most peoples routers also wireless. How then does the network traffic get routed through Sophos UTM?
A typical home Internet setup would have something like an ADSL router plugged into the wall. The ADSL router would then be connected to a wireless ehternet router with a CAT5 cable. Your laptops and tablets would then connect to the wireless router using WiFi. The UTM sits between the ADSL router and the wireless router.
Well, one typical home Internet setup is as you describe, but another typical setup is where the ADSL router is also the wireless access point. Not knocking you making this product freely available, just pointing out the obvious!
Yes.
You can run a network filtering appliance with a single port and two IP numbers (what MS calls "multihomed," if memory serves), but with two network cards, everything is much safer.Packets from inside *must* pass through the appliance to get to your internet-facing router/modem.
A second network card is reasonably cheap, though. On most home networks, you don't need a fast or modern LAN card on the internet side – no need for a gigabit ethernet port if it's connected to a 20Mbit/sec ADSL line.
Frys, for example, offered me a PCI 10/100 adapter for $8 and a USB ethernet adapter for $13.
Thank you Paul.
The "multihomed" was a concept I considered but was unaware it existed in MS.
The extra adapter was obvious to me as I have used in on a Linux platform unrelated to UTM. The extra few dollars spent on and additional adaptor is worth the expense.
Why can't I download Sophos Mobile Security for Android to my PC for later installation to my Android devices?
As I receive your emails on my main PC, I don't get to see them on any of the Android devices so can't use a link. What I always do is download the software to my PC and then install via a USB cable to my Android devices. Means I only need to download once and not multiple times. That save data allowance and is overall quicker.
We publish the app in the Play Store. For 99% of our users, that's exactly where they want and expect to get it. It's only a 9MB download; you don't need to enable the "Allow installation of apps from unknown sources" option; and if it's not from the Play Store, you know it's not ours.
That means the process of telling people where to go and how to get it is really simple and straightforward – there is only one way to do it, you can do it straight from your device, and we don't have to contend with leech sites ripping it off and offering it as their own.
(I'll also be perfectly honest and say that if you plan to install it on several devices, we'd like that to be reflected in the Play Store with several downloads, in return for giving you the app for free. Sound fair? Seems like you're talking about *lot* of devices if 9MB each would cause a data allowance problem 🙂
If you're determined only to download it once from the Play Store, I suppose you could always back up the APK file from the device on which you installed it and then push it out with ADB onto your other devices.
But you will have to download it at least once from the Play Store. Don't worry about not having the link – just hit "search" and type "sophos".
I would love to see a version not requiring a x64 capable cpu. I currently have IPCop firewall installed on a Pentium 3 1GHZ pc that only uses 35W of power and is running on a 4GB compact flash card. The requirements for this UTM Home Edition are very high for a "spare computer". My good old P3 is a spare computer. Anything x64 based is hardly a spare computer.
To be fair to Sophos here, our UTM isn't IPCop. (And IPCop doesn't claim to turn a spare computer into a UTM – it claims to turn an *old* computer into a basic SoHo firewall 🙂
The Home Edition UTM is exactly the same server product we make for business use – with all the features available for free, including spam and web filtering, intrusion prevention, gateway anti-virus, web application firewall – plus 12 free Sophos for Windows licences thrown in.
Our business customers generally don't even have 32-bit servers any more, so we decided to stick to 64 bit only. (Backward compatibiltiy and legacy support are all very well, but sometimes – Windows XP springs to mind here – you just have to let go, especially if both performance and security are improved by doing so)
I don't think it's unreasonable to assume that for a sizeable proportion of our readers, the "spare computers" they might have will have 64 bit capable CPUs – 32-bit-only CPUs died out, what, 7 or 8 years ago?
Is Sophos Virus Removal Tool compatible with BitDefender Total Security?
Thanks.
The Virus Removal Tool (VRT) is specifically intended to avoid the worries that have led to the rule of thumb "don't install two anti-viruses at the same time in case they go to war with each other."
The problem of warring anti-viruses is caused when both of them are busy doing on-access scanning (a.k.a. real time scanning) at the same time, trying to keep track of files as they come and go. That's because they both try to "hook into" the same parts of the operating system, and if either or both are inexact or overexuberant about how they do this, you can end up in trouble.
But the VRT isn't an active scanner – in other words, it doesn't have an on-access component at all, thus avoiding potential conflict.
That means you shouldn't use it *instead* of a regular anti-virus (it isn't for virus prevention, just for detection and removal of threats other products missed), but you can use it *as well as* another product, BitDefender included.
Think of it as a quiet and politely professional second opinion that you consult wen you feel the need…
Why is Sophos offering its UTM Home Edition for free? It seems way too good to be true or free from attached strings… When we're offered something for free it generally means that WE are the product.
I know there is nothing you can tell me to ease my suspicions but in the wake of the recent revelations about the three letters agencies practices I can't stop thinking such free, closed-source products would be the most effective and easiest way to deploy mass surveillance over the Internet.
So anyway, is Sophos doing this just for advertising (making its name known to the general public) or is Sophos doing this because it truly cares about anyone safety? Or…
Sophos sells products to business customers and not to home users. The products are very much the products.
Offering free home use products and free tools helps to build name recognition, doesn't cannibalise the customer base and allows users to experience what it's like to work with Sophos products.
We hope you'll try the UTM and be so impressed you'll wonder how much easier your life would be if you used the not-free one at work too. Sales people are ready and waiting to take your call ; )
Several years back I recommended and installed Sophos (on a per individual basis) at our company. As a perk Sophos provided free home use for those office users. I no longer work for that company and am pleased that Sophos has addressed its home user base in this current way.
I have another virus protection package (at a cost) but am backing it via a concurrent run of Sophos Virus Removal Tool. Now that I understand the home UTM I will be migrating there.
I'm an iPad owner and often worry about cyber Security. I did depend on my work techie unofficial support but now I'm retired and moved away from where I was working I don't have access to a reliable source of guidance. I'm interested in your article but why do I feel it doesn't apply to me or am I missing something???
It *does* apply to you and, in my opinion, you are *definitely* missing something, namely Apple's willingness to let third party security companies innovate on its mobile devices.
For example, Apple's rules for App Store programs enforce a bunch of restrictions that aren't so bad for regular apps, but which prevent you writing a proper anti-virus.You just aren't allowed to stick your oar into the operating system at a point where you could write software to prevent threats. All you can do is scan some parts of the device for some sorts of threat, some of the time – usually after the damage is done.
In fact, this limitation applies to OS X and the Mac too, which is why the Mac Anti-Virus listed above isn't in the App Store – to get it there we'd have to emasculate it almost to the point of uselessness.
But for iPads and iPhones, there's only the App Store, so there'd be no way to distribute an anti-virus for iOS, even if Apple would give us the information and access so we could write it in the first place.
Heigh ho.
My own hope is that Apple will open the kimono a bit more, at least for security developers, to give us access to the operating system itself and allow us to be a bit more innovative.
In the meantime, iPads and iPhone users have to rely heavily on Apple's own vetting process for the App Store. which aims to keep the bad stuff out of the supply chain up front.
To be fair, it's worked pretty well so far, so iOS is a fairly safe plaftorm…
…but the scientist and software engineer in me just keeps thinking, "I wish we could do more!"
I also have a Windows 7 phone. Any plans for a product?
Not that I'm aware of. (I imagine one of my colleagues will correct me if I am wrong 🙂
I have been meaning to test-drive Sophos UTM for a while now (strictly business) but since it is free for home use I will give it a drive first at home 🙂
One question though, I want to start with a VM installation then move to hardware, in this case is the license transferable?
Thanks for the excellent article.
I'm pretty sure you can transfer the licence code…I seem to recall doing it between two VMs myself after a foolish mistake with the "Remove" function in VirtualBox…but if that doesn't work, you can always request another one 🙂
These are some great products you have! Very helpful article Paul.
Question is though, is this extra sense of feeling safe worth the price tag of keeping another machine running 24/7 essentially (cost of electricity)?
A good free option is the Open VPN client for mobiles. It will only protect your web activity not calls, texts – but web usage is a big part of the mobile experience today
What is the base OS for this product? Is it safe to assume it is running on a custom Linux distro? What are the hardware requirements? I do a lot of streaming, often on 3 to 4 devices simultaneously and I’m worried about constant buffering do to all traffic being scanned not only by you product but also other parties AV.
I’ve been using Sophos Home UTM for a few years (since it was called “Astaro UTM”, and it runs great! I’ve tried similar products such as IPCop, Smoothwall, ClearOS, etc… But they can’t even come close to competing with this wonderful product. 🙂
Sophos UTM is truly a dream come true <3
why isn’t there a sophos for windows (consumer edition)? I know there’s a business edition but I’d prefer to use sophos rather then other AV (even NOD32).
Especially with sophos for mac and android I’d look like a logical step wouldn’t it?
As mentioned above…if you go for the Sophos UTM Home Edition, you can get up to 12 Sophos Anti-Virus for Windows along with it.
That’s not exactly what you are asking for, but it’s not 1,000,000 miles away, either 🙂
I use both the removal tool and Mobile app on my Android phone. Will you ever consider releasing a free home use anti-virus for Windows/Linux?
If you download the Sophos UTM Home Edition, it includes 12 free licences for Sophos Anti-Virus for Windows. (Those computers are protected with a regular Sophos installation, so they aren’t protected only when they are on your home network.)
Tell sophos to sell a small appliance with the UTM for home and i’ll gladly buy a few units for the family(s) i’m supporting. Imagine the web filtering and protection they’re getting all for a simple price of one appliance (i prefer an appliance as its sleeker, slicker, easier. Just dont forget to include Wifi AP into it and you’ve got yourself a deal(er)) !
And look on the bright side; small business’s can buy this and pay more for a better All-In-One package too!
We do sell small appliances (SoHo router form factor), offer secure Wi-Fi addones (and great branch office support through our Remote Ethernet Device).
There’s a cool/short video (disclaimer – I made it 😉 here:
http://nakedsecurity.sophos.com/2013/07/07/branch-office-security-in-the-spotlight/
If you want to roll your own appliance just buy a small form factor PC (a Mac Mini? 🙂 and install the UTM ISO onto it. It’s pretty much an automatic, hands-off install. You can try it out in VirtualBox (how I run my UTM), VMWare or similar first.
If you are interested in becoming a dealer, that’s possible. too..head to http://partners.sophos.com/
Actually i’ve been playing around the software abit. Its why i’m looking for an appliance suitable for the UTM software.
my corner of the world; such form factors are not financially viable and getting a proper SOPHOS appliance solves a few things
– Form Factor
– Product conformity / compatibility
– Reliability *(as opposed to building off the shelf with unreliable networking equipment)
What i mean is; SOPHOS should sell a UTM / RED/ ROUTER with decent wifi BUILT-IN just for SOHO / Small office use. So far the USB ADD-on’s dont convey much confidence in terms of Wifi coverage size (not security). Building one is not an option since such form factor (motherboard, LAN ports, Wifi, chipset, CPU) is equivalent to several months salary and almost the same price as a Sophos 100 series with a Wifi/AP purchased separately. *(But that could be me not digging the product catalogue deep enough?)
Love the UTM product, used for a while until I hit that pesky 50 IP limit. With more and more media devices coming into a house these days they should have a 100 user home version.
Shame the UTM product doesn’t run on raspberry pi, that’s all I’ve got spare at the moment!
I thought the whole idea of Pis was that they were always “there to be spare” so that you always had hacking tools handy 🙂
Is there any way to get the antivirus app without going through Google Play? Their site doesn’t recognize my Kindle as an Android device.
Is the UTM a good solution to stop the crypto-ransomware virus? I am looking for something that stops that from spreading inside a network.
The answer is…it depends.
Imagine a common scenario where you have 50 computers on a network (wired, Wi-Fi or a combination), and then a UTM acting as a secure router between that network and the internet.
In that arrangement, the 50 computers will be able to exchange network traffic without going through the UTM, so the UTM won’t be able to protect the computers from each other.
However, if you divide up your 50 computers into subnetworks, e.g. 15 in finance and admin; 10 in IT; 25 in sales and marketing, and segregate those parts of the network from one another with UTMs, then you can protect those subnetworks from each other.
A lot of companies don’t do that because it’s more complex and usually more xepensive…but “divide and conquer” can work well in improving computer security.
Incidentally, even in the one-UTM-between-you-and-the-internet sceanrio, a UTM _may_ be able to protect your computers from being wiped out by ransomware if it can detect that ransomware “calling home” for a data-scrambling encryption key. (Some ransomware won’t actually trigger at all until it’s able to call home for a key, so stopping the call-home stops the malware in its tracks, too.) But that’s not the same as prevening malware from spreading inside the network.