Sophos kills Second Life on corporate networks

March 14, 2007 Sophos Press Release

IT security and control firm Sophos has announced that from 3 April, the application control feature of Sophos Anti-Virus will be extended to give businesses the option to block workers from playing Second Life via company networks. With more than four million registered users worldwide, many of whom regularly visit Second Life on their business PCs, Sophos is warning of the negative impact on staff productivity as well as the increased IT security risks posed by allowing employees to access this virtual world at work.

In a recent Sophos web poll of more than 450 system administrators, 90.4 percent wanted the ability to block the unauthorized use of games at work, with 62 percent indicating this was essential. In addition to placing unnecessary burdens on company bandwidth and wasting valuable business time, the use of web-based games such as Second Life is also opening up a new set of IT security threats. The growing use of Web 2.0 is redefining how users interact with the internet and subsequently creating new avenues for cybercriminals seeking the easiest point of entry to the network.

"Second Life is a hot topic on the internet, with people becoming hooked on their new virtual life and companies opening up virtual branches. IT departments are concerned that workers may be so keen to log on to Second Life and other virtual worlds that there will not only be a productivity hit but also a potential security issue," said Carole Theriault, senior security consultant at Sophos. "If users cannot be trusted to act responsibly on corporate computers, then system administrators will need to enforce policies through technology. For businesses operating in the real world, users playing online games can seriously impact on performance, drain network resources and put corporate data at risk."

The immense media buzz about the virtual world has already made Second Life a target for hackers trying to gain access to sensitive data to commit identity theft and for financial gain. Last September, hackers stole a Second Life database containing passwords and login information for around 650,000 players. To defend against web-based threats, Sophos recommends that businesses implement a consolidated security solution to protect all possible routes of infection to the corporate network, as well as controlling which websites and online applications can be accessed from work PCs.

Since Sophos introduced its application control ability to Sophos Anti-Virus in September 2006, it has proven popular with businesses giving them the power to block games, VoIP, peer-to-peer (P2P), Instant Messaging (IM) and distributed computing applications. The technology integrates seamlessly into Sophos Anti-Virus 6.0, providing users with a universal desktop client that addresses a diverse range of security and productivity challenges. In addition, Sophos's WS1000 web security appliance delivers simple and easy enforcement of acceptable internet use policies.

System administrators will be able to set policies regarding which users can play the following games and MMORPGs from 3 April 2007:

Everquest
Everquest II
Lineage
Lineage II
Runescape
Second Life
Station Launch Pad

Sophos customers already have the option to block workers from playing the following games:

3D Pinball, Microsoft
Age of Empires III, Ensemble Studios, Microsoft
Age of Empires III: War Chiefs, Ensemble Studios, Microsoft
Battlefield 2142, Digital Illusions, EA Games
Caesar IV, Sierra Entertainment
Championship Manager 2007, Beautiful Game Studios, Eidos
Company of Heroes, Relic, THQ
Dawn of War, THQ
FIFA 07, EA Canada EA Sports
Final Fantasy XI, Square Enix
Football Manager 2007, Sports Interactive, Sega
FreeCell, Microsoft
GTR 2, 10tacle Studios
Guild Wars: Nightfall, Arenanet, NCSoft Europe
Hearts, Microsoft
Internet Backgammon, Microsoft
Internet Checkers, Microsoft
Internet Hearts, Microsoft
Internet Reversi, Microsoft
Internet Spades, Microsoft
Just Cause, Eidos Interactive
Lego Star Wars II: The Original Trilogy, Traveller's Tales
Medieval II: Total War, Creative Assembly, Sega
Microsoft Flight Simulator X, Microsoft Game Studios
MineSweeper, Microsoft
Need for Speed: Carbon, EA Canada, EA Games
Neverwinter Nights 2, Obsidian Entertainment, Atari
Rugby 06, Electronic Arts
Sim City 2, Electronic Arts
Sim City 4, Electronic Arts
Solitaire, Microsoft
Spider Solitaire, Microsoft
The First Decade, Electronic Arts
The Sims 2, Maxis, EA Games
The Sims 2: Open for Business, Maxis, EA Games
The Sims 2: Pets, Maxis, EA Games
Warcraft, Blizzard Entertainment
Warhammer 40,000: Dawn of War Dark Crusade, Relic, THQ

Sophos's application control functionality is available at no additional charge to all users of Sophos Anti-Virus 6.0.