Sophos AV Ends Support for Mac OS X 10.6 and 10.7

Sophos Anti-Virus is ending support for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) on October 31, 2015. Computers running those operating systems will stop receiving Sophos updates after that date. Information regarding this change can be found at:

https://www.sophos.com/en-us/support/knowledgebase/122477.aspx

Apple stopped releasing security updates for both OS X 10.6 (in February 2014) and 10.7 (in September 2014), so continuing to run computers with those operating systems on the network is not recommended. IS&T strongly encourages you to upgrade those machines to the latest Mac OS if possible to ensure that they are protected.

As always, MIT users who need help or have questions, can contact the IS&T Help Desk at 617.253.1101 or helpdesk@mit.edu, or submit a request online.

Bug Fixed in Sophos Anti-Virus for Mac OS X

If you were experiencing some issues with your Sophos client on the Mac, it should now be fixed with the release of Sophos Anti-Virus for Mac OS X 9.1.7. The update was issued to users at MIT running version 9.1.6. and they should be experiencing no more problems.

If, for whatever reason, you did not receive the update or are still experiencing the issues described in the article linked above, please contact the Help Desk: http://ist.mit.edu/help.

A Year After Sophos Was Released to MIT

There are over 14,000 MIT computers currently running Sophos Anti-Virus. Computers include those in the WIN domain and self-administered MIT hosts. If you aren’t familiar with Sophos, when installed, the software runs in the background, with little to no interruption to your work. When Sophos finds an infected file, the software alerts you and locks the file. You can delete the file, using the Sophos Quarantine Manager. Because the client communicates to the Sophos Management Console (administered by IS&T), various useful pieces of information, such as the status and health of the Sophos client on a machine is provided to the console.

GameOver Zeus P2P Malware

GameOver Zeus (GOZ), a peer-to-peer variant of the Zeus family of bank credential-stealing malware identified in September 2011­, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control.

The malware was used by criminals to infect victims with ransomware such as Cryptolocker. Although the government has taken control of GameOver’s servers, preventing further infection of Cryptolocker, there are many, perhaps hundreds of thousands of computers still infected.

Systems at risk:

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

The US government recently released this technical advisory on GOZ to provide further information. A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

One of the solutions provided in the advisory is to use and maintain anti-virus software. The software supplied by Information Systems & Technology at MIT, Sophos Anti-Virus, protects against this malware. To clean up a computer already infected, Sophos also offers a separate, free Virus Removal Tool.

Read more at Sophos online.

Upcoming Event: Sophos and Sophos Reporting on March 6th

The IT Partners planning team has announced its next luncheon. Andrew Munchbach from the Security Operations team will discuss MIT’s anti-virus software, Sophos, as well as running reports from Sophos.

Please join us on Thursday March 6 at 12:00 in Marlar Lounge (37-252).

Lunch will be served at noon, and the discussion will begin promptly at 12:15. Please confirm if you plan to attend by sending email to rsvp-itpartners@mit.edu.

Monthly Sophos Reports

Each month, IS&T is able to track via Sophos Anti-Virus the top 10 most dangerous malware that is accessing or trying to access the computers on the MIT network.

Learn more about the monthly Sophos reports, what they can tell us, and how they can help us.

Sophos Replaces McAfee at MIT

There has been quite a bit of activity recently to improve information security at the Institute. One such effort, initiated by Information Services & Technology, is aimed at providing the MIT community with a new malware protection product. After several months of testing, Sophos Anti-Virus was selected by IS&T as the best solution.

As of July 1, you can download Sophos to a Mac, PC or Linux machine; documentation on installing and using Sophos has been added to The Knowledge Base.

Sophos is replacing the malware protection products by McAfee. One of the most important differences between the two is that Sophos comes with console management, which provides IT administrators with some useful intelligence, including notifications when malware has been detected on machines. The software has also shown to run more quietly (and almost invisibly) in the background.

Please contact the IS&T Help Desk for any questions or concerns.