Product Reviews

SecuriQ: Everything to Nobody

The newest crop of Exchange antivirus products prevents users from receiving infected mail.

Several anti-virus products have siblings which block web access, check for objectionable words, and reach beyond the domain of email. SecuriQ seeks to do so all in one product. I'm not sure whether to say it's not quite there yet, or that it simply falls quite short of the mark, or maybe that I just speak a different language than the folks who designed this product.

While a nice bound installation guide came with my product CD-ROM and evaluation license, and the installation process was really quite simple, it failed. The instructions did not specify service pack levels for Win 2K or Exchange 2000 so I provided SP2 for Win2K and SP1 for Exchange, and tested them by sending a few emails before installing SecuriQ. While the installation process completed, and told me everything was fine, launching the product popped up four messages about not finding the resource dll. As you might imagine, when the product console opened all the user interface text was as absent as fried pickles from a northern barbeque, along with any hope of usability. Help did eventually arrive in the form of an emailed checklist, phone calls, and eventually a just-slightly-pre-release-version 1.1 CD-ROM. Communications weren't easy to get started though; seems they were having trouble with their mail server. (David, too, had trouble installing; in his case, the problem turned out to be that the IIS folder for SecuriQ had to be set to "execute scripts only.")

Finally, a real product to look at, with all its pieces and parts. But, what's this? The help files are in German? I think we're taking this multi-language business a bit too strongly here. It's great that many products are available in multiple languages, but I hope this isn't a trend. I'm having trouble learning a little bit about XML, SOAP, C# etc, without worrying that my admin chores will now require me to be multilingual. Fortunately, email came to the rescue, and I received help files in my native tongue. Trouble is, the help files weren't very helpful in English either. Some instructions were there, but maybe my brain is just too old and befuddled, as I had a hard time figuring out just how to get things up and running.

When you first load the product, nothing happens. SecureiQ, has several components, and they work via rules you compose:

  • secureiQ.Safe: Archives encrypted copies of email and allows access only to approved personnel. You use rules to configure it to be selective in the process of capturing both incoming and outgoing email, encrypting, signing and storing the results in Exchange public folders.
  • secureiQ.Trailer: Attaches security notes (disclaimers, company information, pictures and logos) to email. Which notes go with which emails? Well, you write the rules to determine which users get which.
  • secureiQ.Wall: Blocks spam—again, rules are your tools.
  • secureiQ.Watchdog: Call me stupid, but it appears you must have purchased anti-virus products from other vendors and then you can manage them here. At least I saw no configuration for downloading of new signatures and other basic antiviral scanner processes.
SecuriQ's help installed in German on my system—just one of several problems we had during installation of this product. (Click image to view larger version.)

Cruel tools
I guess I'm just spoiled. I want to load an anti-virus product and get at least basic functionality right out of the box. With SecureiQ, you have to work first to understand the process, then you must figure out how to write rules so that you can enable them and then create jobs composed of rules which will then run and keep your network safe. Security is not an easy task 'tis true, but this product makes it more difficult than it has to be.

I did get some rules written, created a job, and blocked some attachments, but I was reminded of my first attempts at writing SQL queries. Writing my first packet filters on a router was easier than this. Part of the problem was the amount of time it took me to figure out that what I was supposed to do. A simple 'hey, first you write rules, then you create a job, then you run it' statement followed by a step-by-step approach in the help files would have been useful. Another part was my desire to see how this vendor utilized the new anti-virus API 2.0—since there doesn't seem to be an on-board antiviral scanner, there couldn't be any usage of the API. If there is a scanner, and there is use of the API, its so well hidden that even my virus scanning tests couldn't find it. I kept having the thought that this may truly be a very powerful tool in the hands of someone willing to invest the time to learn its tricks. Unfortunately, that person is not me.

About the Author

Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.

comments powered by Disqus
Most   Popular