Feeds

MS pushes back Forefront security offensive

Sterling recast and postponed until 2010

Choosing a cloud hosting partner with confidence

Microsoft will delay the release of the next version of its Forefront security product range.

The company's announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible - though unproven - rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft's enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security - anti-malware and firewall - for corporate PCs) has also been delayed till the first half of next year.

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help "deliver more comprehensive endpoint protection for zero day attacks" by complementing existing "advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation".

We're not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

Knock-on effects of that rather than a desire to add behaviour-based detection, a term that has more to do with marketecture than technology, strike us as a more plausible reason for the delay.

Blocking malware based on what it does, rather than by recognising its signature, is an easy enough concept to grasp but one that's frequently mired in rival marketing claims. Some vendors describe heuristic and generic detection, which many of the leading anti-virus engines have incorporated for years, as behaviour-based while other make a differentiation and say the technology is the next leap forward.

In other segments of the IT marketplace such confusion would be promptly resolved, sometimes after banging together a few heads. But in the world of anti-virus - where vendors have a hard job agreeing on the names of malware strains or even whether something is a worm, virus or Trojan - terminological mix-ups tend to get deeply ingrained, so don't expect a resolution any time soon.

Some start-ups that marketed behaviour-based protection as a supplement to traditional anti-virus such as Okena, SecureWave and Sana Security have been bought by bigger brands in the security world; Cisco, SecureWave (now Lumension) and AVG, respectively. One of the few independents in this area, PrevX, was last spotted advising the BBC Click on how to run a botnet during a controversial experiment last month.

Microsoft is serious about sales of security server software, and we've met several enthusiastic resellers and corporate users of ISAS over the years. Redmond's strategy on the client end seems more about moving artillery pieces into a stronghold occupied by McAfee and Symantec, tying up their resources in the process, than an attempt to mount a serious attack. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.