Tuesday, March 8, 2005

Review of Sophos PureMessage AV Only 2.1

Sophos PureMessage AV Only 2.1

The good:

The bad:
-Installs its own version of MSDE. Although the version of PureMessage says it is for Windows 2000 and 2003, Microsoft recommends against MSDE (Recommends MSDE 2000/2000A instead). MSDE is also no longer supported by Microsoft.
-Unstable and messy install. The first time I installed the software, it failed installing. It said something went wrong, and just quit the installation without bothering to remove any components that have been installed half way. I could not get it to install over existing failed installation without having to manually uninstall the software, then running the installation again.
-Highly ineffective in detecting the most common and threatening viruses. We tested the software by sending it 20 major and popular viruses (all over 3 months old so we knew it would sure be caught). To our surprise, it only caught 15 out of 20 while good virus software like Norton and Sybari caught these instantly. If they have this much trouble now catching common viruses over 3 months old, I can't imagine how unreliable things would be if we had new virus outbreaks. We verified that PureMessage and Sophos AV had the latest engine and virus definitions.
-Requires Domain Admin access to install. Only reason it needs this is to create and modify a group in AD users in Computers. Obviously the programmers at Sophos don't have a clue on how simple things like delegation of permissions work in AD. I would not trust these guys to write software for Microsoft products if they are this clueless and unwilling to learn. Tell me Sophos, why does every other MS Exchange anti virus solution not require Domain Admin access (only needs Exchange Administrators access), and you seem to think that you need Domain Admin access? All you are doing is manipulating one security group that can be created anywhere in any OU that has no ties to anything that an account with Domain Admin privledges would need to create. A few years ago, I called them directly and spoke with the programmer (about Sophos MailMonitor which works the same way), and when I confronted him, I couldn't convince him that Enterprise/Domain Admin access was not needed to install this software if they just changed a few lines of code. It was useless trying to convince him so I just hung up.
-The engine needs to be reinstalled every 2-3 months. You update the engine by installing the whole PureMessage software again on top of the existing install. It DOES NOT install through Sophos Auto Update (I have an official reply by them to verify this). Every time you reinstall the software, it restarts the SMTP service on MS Exchange. All other antivirus products seem to have no problem updating their engine, while Sophos requires you to do this or their software will stop working properly. This means Domain Admin privileges will be required to update the engine.

My personal recommendation:
Avoid this product at all costs. The false sense of security with its ineffective detection is not worth the trouble you have to go through to install the software with buggy installation and unnecessary engine update model. This product needs a lot of work, and should still be in beta, and absolutely does not belong in any production Active Directory environment.

You get what you pay for. It is important to note that despite significant improvements over Sophos MailMonitor (mostly the stability of the program, less buggier install, easier deployment) this software is still useless. Any descent Network Admin who test the effectiveness of their software before deployment into a production environment should become aware very quickly on how truly underdeveloped Sophos PureMessage is.

No comments:

Post a Comment