User profile for user: Memoire
Memoire Author
User level: Level 1
62 points

Little Snitch hijacked by Sophos Anti Virus

I am using a Mac OS10.6.8


Yesterday Sophos Anti-Virus updated to 9.0.11 - but seems to have also installed at the same time SophosWebIntelligence.bundle


Now whenever I use the internet (Safari) numerous request popups show to allow or disallow connections for each website I try to visit.


I have Little Snitch installed and those connection requests seem not to show anymore: they were far fewer than what now shows as titled SophosWebIntelligence.bundle


The issues are:


The internet has become I would guess 10 times slower; it’s almost a snails pace.


There is now an excess of deny or accept popups for every page I visit - the obvious ones of course I allow but some are vague. There can be around 10 per page. Some of the weirder sounding connections that I deny end up being critical to the page loading.


Little Snitch seems to have been hijacked by SophosWebIntelligence.bundle; the number of deny and accept rules building up under the heading SophosWebIntelligence.bundle is ridiculous.


Any ideas how to solve these points would be welcome.

MacBook, Mac OS X (10.6.8), iPad & iBook OS 10.6.8

Posted on Jun 15, 2014 1:30 AM

Reply
5 replies
User profile for user: Memoire
Memoire Author
User level: Level 1
62 points

Jun 16, 2014 1:59 AM in response to Barry Hemphill

Thank you Andy and Barry, I see the consensus is delete one of them. It is Sophos new WebIntelligence that is the issue, so when turned off things are back to normal. But While Sophos has caught a number of viruses in E-mails, although for Windows targeted, there may come a day when who knows a Mac Virus could be stopped. I guess Sophos is a long term project awaiting that day, that is why it is free. Little Snitch seems to stop connections, so not sure how malicious some connections would be without Little Snitch. So I shut off SophosWebIntelligence for the time being; while I go through a flip the coin mental process of which one must go.

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Jun 16, 2014 6:14 AM in response to Memoire

With regard to the need for Sophos, see my Mac Malware Guide. There is Mac malware out there, and Sophos will protect you against it quite well, but Mac OS X does a pretty good job itself as well. One class of borderline malware - called adware - is becoming increasingly common, but most of it is not blocked by either Sophos or Mac OS X, unfortunately. Thus it's more important to know how to protect yourself.


Little Snitch is a mixed bag. On the one hand, there has been malware that short-circuited its own install process if Little Snitch was present... thus, just having Little Snitch installed prevented installation, because the hackers behind the malware knew that Little Snitch would prevent it from working properly. On the other hand, some malware has been known to completely disable Little Snitch and go on with its malicious business unimpeded.


None of this malware is still viable, due to updates to Mac OS X. However, because of the possibility of the latter, Little Snitch cannot be relied on. If the malware is already running on your machine, it's too late for something like Little Snitch to be a reliable way of blocking outbound connections. If you choose to use Little Snitch with full knowledge of this limitation, that's fine.

Reply
User profile for user: Memoire
Memoire Author
User level: Level 1
62 points

Jun 16, 2014 11:17 AM in response to thomas_r.

Much appreciated Thomas. I have read your articles in the past and they have always been extremely informative and very helpful.


It seems that the previous Little Snitch pop-up warnings that showed when visiting websites are now labeled SophosWebIntelligence.bundle, which seems strange to me; how Sophos has hijacked Little Snitch. Some 6 different pop-up showed asking for accept or deny just to visit this page.


The Sophos forum, has suggestions to set rules of accepting all outgoings on ports 80 and 443, it's not clear if that is from 80 to 443, or two specific ports. To myself this seems strange and potentially inviting some future issues; so I haven't done that.


The Sophos preferences have a tab called 'Web Protection' and if the two options there are turned off then the frequency of pop-up reverts to the volume previously experienced from Little Snitch, but are still labled SophosWebIntelligence.bundle.


It seems that when visiting any website Sophos also checks all sites that page is linked to without waiting for a subsequent visit to that page; in some cases I have had 20 pop-ups for one page. it's difficult to know which ones are acceptable as some have mysterious titles; but anything with .ru I deny.


It seems Sophos forus is full of Mac users with the same issues and an update is promised to rectify matters.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Little Snitch hijacked by Sophos Anti Virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up