Monday, January 10, 2022

Name & Shame: Sophos Home: The Software That Now Floods You with Ads on Your Desktop

Sophos Home: Free commercial-grade security for the home
Six years ago, I made a post here talking about Sophos Home, a then-new free antivirus product from Sophos, a company traditionally known for its enterprise security products. I have been an active user of Sophos Home ever since that post, even going as far as to recommend it to friends and entrusting Sophos to protect my family's PCs.

Times have changed, and Sophos Home has had a real falling of grace since it launched. Recently, I ran into the straw that broke the camel's back: ads on your desktop. I no longer recommend that anyone use Sophos Home, and I have uninstalled it on all of my PCs.

When Sophos Home first launched, it was essentially "beta" software - Sophos considered it a work-in-progress, and the life of the software (read: profitability) was not guaranteed. This, in turn, made for a very generous product in terms of features, and I am sure it did help speed up adoption.

Features: Then

When Sophos Home launched, and throughout its first few years, everyone had these features:
  1. Ability to install on up to 10 PCs
  2. Antivirus protection
  3. Web protection
  4. Webcam privacy controls
  5. Ransomware protection
  6. Exploit protection
  7. Online banking protection
  8. Encrypted keystrokes
A few of these are obvious in the kind of protection they provide, but I will explain a few of them.
  • Exploit protection included an umbrella of things, such as monitoring applications for suspicious behavior, attempting to detect covert remote-access programs, etc.
  • Online banking protection allows for a heavily-guarded web browser to conduct online banking in. Access to this browser is heavily restricted from an application point of view.
  • Encrypted keystrokes is a feature that (supposedly) encrypts your keystrokes to prevent sniffing from a potential keylogger.

Features: Now

Now that the software has presumably gained enough adoption, Sophos has reduced the free version's features down to less than what it started with. All free users now only have:
  1. Ability to install on up to 3 PCs
  2. Antivirus protection
  3. Web protection
Sophos says that you are protected against ransomware attacks...not really as a free user.

Sophos has removed ransomware protection for free users, something that is rather unacceptable in 2022, where a lot of "viruses" are actually ransomware programs. Sophos has also removed all exploit protections for free users.

Due to all of these removed features, Sophos Home Free is a weaker product than ordinary Microsoft Defender, formerly known as Windows Defender. 

Microsoft Defender provides:
  • Real-time protection
  • Cloud-based protection
  • Anti-tampering measures
  • Exploit protections (as part of Windows Security)
Microsoft Defender has improved substantially over the years. It is now at a point where simply running Windows with Microsoft Defender is suitable to the vast majority of people. Modern web browsers bundle their own web protection, whether that be through Microsoft SmartScreen or Google Safe Browsing.

Sophos Home: Ads on Your Desktop

Around the time of Black Friday 2021 (November 2021 for the non-American folks), I began to have a large number of pop-ups show up near the notification area of my desktop, all trying to sell me a reduced price for a premium Sophos Home subscription. These pop-ups ranged from small "normal" rectangular notifications like the ones normally seen on Windows 10 to large square pop-ups. All pop-ups displayed over any application, and required explicit dismissal by clicking the accompanying X button.

Black Friday

First, it started with this:
And then this:
And this, toward the end of the "holiday":
That is 3 ads, not including duplicates. Things did not get better for Cyber Monday, unfortunately.

Cyber Monday / "Cyber Week"

Missed Black Friday? Well, Sophos would like you to reconsider with a 40% offer!

First, I saw this:
And then this:
And this:
That is 3 ads, not including duplicates.

End of Year

It appears that if you skipped the "Cyber Week" sale, Sophos was prepared to spam your desktop with ads on New Year's! This was excessive.

It started with this:

And then this:
And then this:
And then this:
And then this:
And then this:
And then this:
That is 7 ads, not including duplicates! In total, my desktop was spammed with 13 distinct-looking advertisements, but I am not including duplicates.

Wrap-Up

After this, I decided that using Sophos Home was no longer worth the hassle. If Sophos wants to stoop this low into the ground to derive revenue, then I do not feel great about what they would do if ads are not profitable enough for them. My advice: uninstall Sophos Home immediately!

Below is the full photo album I made for this post.
Sophos Home Ads on Desktop