Feeds

MS pushes back Forefront security offensive

Sterling recast and postponed until 2010

5 things you didn’t know about cloud backup

Microsoft will delay the release of the next version of its Forefront security product range.

The company's announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible - though unproven - rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft's enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security - anti-malware and firewall - for corporate PCs) has also been delayed till the first half of next year.

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help "deliver more comprehensive endpoint protection for zero day attacks" by complementing existing "advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation".

We're not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

Knock-on effects of that rather than a desire to add behaviour-based detection, a term that has more to do with marketecture than technology, strike us as a more plausible reason for the delay.

Blocking malware based on what it does, rather than by recognising its signature, is an easy enough concept to grasp but one that's frequently mired in rival marketing claims. Some vendors describe heuristic and generic detection, which many of the leading anti-virus engines have incorporated for years, as behaviour-based while other make a differentiation and say the technology is the next leap forward.

In other segments of the IT marketplace such confusion would be promptly resolved, sometimes after banging together a few heads. But in the world of anti-virus - where vendors have a hard job agreeing on the names of malware strains or even whether something is a worm, virus or Trojan - terminological mix-ups tend to get deeply ingrained, so don't expect a resolution any time soon.

Some start-ups that marketed behaviour-based protection as a supplement to traditional anti-virus such as Okena, SecureWave and Sana Security have been bought by bigger brands in the security world; Cisco, SecureWave (now Lumension) and AVG, respectively. One of the few independents in this area, PrevX, was last spotted advising the BBC Click on how to run a botnet during a controversial experiment last month.

Microsoft is serious about sales of security server software, and we've met several enthusiastic resellers and corporate users of ISAS over the years. Redmond's strategy on the client end seems more about moving artillery pieces into a stronghold occupied by McAfee and Symantec, tying up their resources in the process, than an attempt to mount a serious attack. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.