Product Reviews

SecuriQ: Everything to Nobody

The newest crop of Exchange antivirus products prevents users from receiving infected mail.

Several anti-virus products have siblings which block web access, check for objectionable words, and reach beyond the domain of email. SecuriQ seeks to do so all in one product. I'm not sure whether to say it's not quite there yet, or that it simply falls quite short of the mark, or maybe that I just speak a different language than the folks who designed this product.

Installation
While a nice bound installation guide came with my product CD-ROM and evaluation license, and the installation process was really quite simple, it failed. The instructions did not specify service pack levels for Win 2K or Exchange 2000 so I provided SP2 for Win2K and SP1 for Exchange, and tested them by sending a few emails before installing SecuriQ. While the installation process completed, and told me everything was fine, launching the product popped up four messages about not finding the resource dll. As you might imagine, when the product console opened all the user interface text was as absent as fried pickles from a northern barbeque, along with any hope of usability. Help did eventually arrive in the form of an emailed checklist, phone calls, and eventually a just-slightly-pre-release-version 1.1 CD-ROM. Communications weren't easy to get started though; seems they were having trouble with their mail server. (David, too, had trouble installing; in his case, the problem turned out to be that the IIS folder for SecuriQ had to be set to "execute scripts only.")

Documentation
Finally, a real product to look at, with all its pieces and parts. But, what's this? The help files are in German? I think we're taking this multi-language business a bit too strongly here. It's great that many products are available in multiple languages, but I hope this isn't a trend. I'm having trouble learning a little bit about XML, SOAP, C# etc, without worrying that my admin chores will now require me to be multilingual. Fortunately, email came to the rescue, and I received help files in my native tongue. Trouble is, the help files weren't very helpful in English either. Some instructions were there, but maybe my brain is just too old and befuddled, as I had a hard time figuring out just how to get things up and running.

Provisions
When you first load the product, nothing happens. SecureiQ, has several components, and they work via rules you compose:

  • secureiQ.Safe: Archives encrypted copies of email and allows access only to approved personnel. You use rules to configure it to be selective in the process of capturing both incoming and outgoing email, encrypting, signing and storing the results in Exchange public folders.
  • secureiQ.Trailer: Attaches security notes (disclaimers, company information, pictures and logos) to email. Which notes go with which emails? Well, you write the rules to determine which users get which.
  • secureiQ.Wall: Blocks spam—again, rules are your tools.
  • secureiQ.Watchdog: Call me stupid, but it appears you must have purchased anti-virus products from other vendors and then you can manage them here. At least I saw no configuration for downloading of new signatures and other basic antiviral scanner processes.
SecuriQ
SecuriQ's help installed in German on my system—just one of several problems we had during installation of this product. (Click image to view larger version.)

Cruel tools
I guess I'm just spoiled. I want to load an anti-virus product and get at least basic functionality right out of the box. With SecureiQ, you have to work first to understand the process, then you must figure out how to write rules so that you can enable them and then create jobs composed of rules which will then run and keep your network safe. Security is not an easy task 'tis true, but this product makes it more difficult than it has to be.

Results
I did get some rules written, created a job, and blocked some attachments, but I was reminded of my first attempts at writing SQL queries. Writing my first packet filters on a router was easier than this. Part of the problem was the amount of time it took me to figure out that what I was supposed to do. A simple 'hey, first you write rules, then you create a job, then you run it' statement followed by a step-by-step approach in the help files would have been useful. Another part was my desire to see how this vendor utilized the new anti-virus API 2.0—since there doesn't seem to be an on-board antiviral scanner, there couldn't be any usage of the API. If there is a scanner, and there is use of the API, its so well hidden that even my virus scanning tests couldn't find it. I kept having the thought that this may truly be a very powerful tool in the hands of someone willing to invest the time to learn its tricks. Unfortunately, that person is not me.

About the Author

Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.

Featured

  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

comments powered by Disqus