Does l2tp with Sophos XG work? Upon upgrade to Big Sur, I can no longer connect to work VPN that uses l2tp via Sophos XG. From research Apple seems to say: From Apple to the feedback. The message is below: Hello. We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. This new macOS release is not compatible with UArizona’s primary endpoint protection software: Sophos. This only affects Apple computers and not iPhones, iPads, or Apple Watches. Therefore, we are not recommending updating to macOS 11 Big Sur until the Sophos becomes compatible. Applies to the following Sophos product(s) and version(s) Central Mac Endpoint, Sophos Enterprise Console Managed – Sophos Anti-Virus for mac OS X, Central Device Encryption for Mac. Operating systems macOS 11 “Big Sur” Support for macOS 11 Beta – overview. As macOS 11 is in Beta, it is not supported by Sophos.
Sophos will support Big Sur within 30 days of final release. I was a Sophos Endpoint Security customer and I hate it. As part of the District’s Sophos purchase, all current students, faculty, and staff may use Sophos Home Commercial Edition on up to 10 personally-owned devices for free. Sophos Home Commercial Edition is sophisticated antivirus protection software. The product includes the same award-winning features found in the commercial version used by top Fortune 500 companies.
As is typical for Apple’s developer conferences, on Monday it started hyping the privacy and security goodies it’s got in store for us in a few months.
During the pre-taped keynote at Apple’s Worldwide Developers Conference (WWDC), the company promised to pump up data protection even more with gobs of new features in its upcoming iOS 14, macOS Big Sur, and Safari releases.
(Here’s the complete keynote transcript, courtesy of Mac Rumors, if you don’t have a spare 1:48:51 to listen to the opening for Apple’s first-ever, all-online WWDC.)
Pretty please stop the ad tracking
The big ones include the option for users to decline apps’ ad tracking. More specifically, we’ll be given the option to “Allow Tracking” or “Ask App Not to Track.” As Wired’s Lily Hay Newman points out, “asking” sounds a lot more dubious than “blocking.” But Apple makes it decisive in its notes to developers, where it says that the permission is a must-have for developers, not a nice-if-you’re-in-the-mood.
Sophos Big Sur Time Machine
Katie Skinner, a user privacy software manager at Apple, said during the keynote that this year, the company wants to help users to control ad tracking:
We believe tracking should always be transparent and under your control. So moving forward, App Store policy will require apps to ask before tracking you across apps and websites owned by other companies.
Developers will also be required to cough up data on exactly what third-party software development kits and other modules they’ve incorporated into their apps, what those components do, what data they collect, who they share it with and how it will be used. Think of the charts like nutrition labels, Apple said on Monday: they’re a way for developers to transparently share security and privacy details.
Apple isn’t the first to think about labels that could give us a heads-up about what a chunk of code is up to. Last month, Carnegie Mellon University presented a prototype security and privacy label based on interviews and surveys, the focus of which was the shabby state of security in the Internet of Things (IoT).
IoT devices, App Store apps, fill in the blank: why not label them all? One caveat is that we actually have to trust developers to a) be candid about what they’re up to, rather than b) lying through their teeth. Unfortunately, developers all too often choose option B. For example, sometimes they try to manipulate Google’s security by removing suspicious code before adding it back in to see what trips detection systems, and then we wind up with ad fraud apps hiding in the Play Store.
Another of many examples: in March, Google and Apple had to hose down their app stores to cleanse them of apps that secretly install root certificates on mobile devices – certificates that enable a popular analytics platform to suck up users’ data from ad-blocker and virtual private network (VPN) mobile apps.
The long privacy road
Just like iOS 13 last year, Apple’s upcoming iOS 14 mobile update – expected in the autumn with the release of new iPhones and iPads – is yet another step in the company’s long privacy march.
Since at least 2015, Apple CEO Tim Cook has drawn a distinction between how the company handles privacy versus the tech companies that “are gobbling up everything they can learn about you and trying to monetize it.” Apple, which makes its money selling hardware, has “elected not to do that,” he’s said.
Apple was already working on taking control of ad trackers when it released iOS 13 last year, bringing with it the ability to see what apps track you in the background and offering the option of switching them off. Ditto for iPadOS. The new feature came in the form of a map that displayed how a given app tracks you in the background, as in, when you’re not actually using the app. Giving us the ability to ask that we not be tracked in iOS 14 is a logical next step.
In other security-positive news, the Safari upgrade will also start checking any passwords you store in the browser and can alert you if any have been compromised in a data breach. It won’t share those passwords with Apple.
Happy talk
Of course, it’s worth noting that Apple’s much-vaunted privacy technologies sometimes fall flat on their faces. Case in point: in January, Google researchers published a proof-of-concept analysis of how the Intelligent Tracking Prevention (ITP) in Safari could actually leave users exposed to a slew of privacy issues, including, ironically, being tracked.
But even if we have to take Apple’s privacy and security news with a grain of salt, there’s a lot of meat on Apple’s upcoming privacy and security enhancements.
Version 9.10.2
New features
Support for macOS 11 Big Sur.
Updated components
The threat detection engine is 3.80.1
Resolved issues
Security improvements.
Version 9.10.1
New features
This release contains early access to a version of the endpoint software that supports macOS 11 Big Sur.
Updated components
The threat detection engine has been updated to 3.80.1.
Version 9.10.0
Updated components
The threat detection engine has been updated to 3.79.0
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-5389 | Resolved an issue with tabs opening slowly in Google Chrome. |
Version 9.9.8
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-4973 | Resolved blank captive portal. |
Version 9.9.7
Resolved issues
Sophos Home Mac Big Sur
| Issue ID | Description |
|---|---|
| MACEP-4657 | Improved device control support for large capacity removable storage devices to ensure that they are blocked after restart. |
Version 9.9.6
This release contains performance improvements.
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-4493 | Resolved an intermittent issue where web pages may fail to load. |
| MACEP-4600 | Improved memory usage when Threat Case creation is enabled. |
| MACEP-4602 | Resolved an issue with modified permissions on the man8 directory when using disk encryption. |
| MACEP-4606 | Improved support for macOS 10.15 Catalina when using MDM profiles. |
Version 9.9.5
New features
- This release contains improved support for macOS 10.15 Catalina.
Version 9.9.4 Updated
New features
- This release contains support for macOS 10.15 Catalina.
- This release contains security and performance improvements.
Updated components
The threat detection engine version is 3.77.1. For information about the threat detection engine, see the Sophos Threat Detection Engine release notes.
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-4414 | Resolved an intermittent issue on macOS 10.14 Mojave where the Captive Network Assistant page could fail to load. |
| MACEP-4410 | Addressed CVE-2020-10947. |
Version 9.8.5
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-4314 | Resolved an issue in which Sophos Anti-Virus may incorrectly report successful updates as failures. |
Version 9.8.4
Updated components
The threat detection engine has been updated to 3.76.0. For information about the changes to the threat detection engine, see the Sophos Threat Detection Engine release notes.
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-3604 | Resolved an issue on macOS 10.14 Mojave that prevented some customers from connecting to Wi-Fi networks that require a captive portal. |
Version 9.8.2
Updated components
The threat detection engine has been updated to 3.75.0. For information about the changes to the threat detection engine, see the Sophos Threat Detection Engine release notes.
Resolved issues
| Issue ID | Description |
|---|---|
| MACEP-3668 | Resolved a rare kernel panic that can be caused when reading extended file attributes on APFS. |
| MACEP-3722 | Installer now provides links to online EULA and Privacy Policy. |
Sophos Home Big Sur Ca
Version 9.7.7
This release contains compatibility improvements.
Updated components
Sophos Home Big Sur Pro
The threat detection engine has been updated to 3.74.0.
Resolved issues
Sophos Big Sur Beta
| Issue ID | Description |
|---|---|
| MACEP-3454 | Resolved an issue where some systems may hang on boot with certain USB-C devices. |