Sophail: A Critical Analysis of Sophos Antivirus
Antivirus vendors often assert they must be protected from scrutiny and criticism, claiming that public understanding of their work would assist bad actors. However, it is the opinion of the author that Kerckhoffs's principle1 applies to all security systems, not just cryptosystems. Therefore, if close inspection of a security product weakens it, then the product is flawed. The veil of obscurity removes all incentive to improve, which can result in heavy reliance on antiquated ideas and principles. This paper describes the results of a thorough examination of Sophos Antivirus internals.