SecureNT's purpose is to restrict the use of removable media to only those items the administrator deems appropriate. This includes obvious things like CDs and floppies but extends to cover any type of removable media - USB-connected disks, for instance, or PDAs connected via a serial port. Some devices, such as the floppy drive, are controlled at a very coarse-grained level (you can either deny access completely, permit it completely, or permit it read-only if in addition to wanting to keep dodgy programs out, you're also worried about your company's private data going walkabout). Where a device allows media to be uniquely identifiable, though, you can choose to permit only specific removable media items to be inserted (since it's possible to uniquely identify a CD, for instance, you could permit someone to use, say, their AutoRoute CD but no others). The management application follows the normal approach of having the various "main menu" options in a pane down the left-hand side, a much larger "item detail" pane on the right, and a status-cum-audit-log pane at the bottom. You switch between SecureNT and SecureEXE features simply by clicking a little tab on the left-hand side of the screen and when it comes to configuring options the dialogs are generally simple and clear. The flow of the screens is good. The admin application allows you to come at data and permissions from any angle - you can sort item details by whatever column you wish, for instance, and when applying permissions to (say) individual CDs you can come at it from a user view (select a user and specify what CDs they're allowed to use) or a media view (select a CD and specify who can use it). SecureEXE and SecureNT take a refreshing approach to system protection and make a useful addition to traditional network security software.
When purchasing security products, you'll generally find that adopting a small number of complementary products will provide the best protection. So by combining the products reviewed here with a traditional firewall, and perhaps a separate anti-virus system, you're maximising your chances of keeping unwanted material out of your network.