Feeds

MS pushes back Forefront security offensive

Sterling recast and postponed until 2010

The Power of One eBook: Top reasons to choose HP BladeSystem

Microsoft will delay the release of the next version of its Forefront security product range.

The company's announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible - though unproven - rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft's enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security - anti-malware and firewall - for corporate PCs) has also been delayed till the first half of next year.

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help "deliver more comprehensive endpoint protection for zero day attacks" by complementing existing "advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation".

We're not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

Knock-on effects of that rather than a desire to add behaviour-based detection, a term that has more to do with marketecture than technology, strike us as a more plausible reason for the delay.

Blocking malware based on what it does, rather than by recognising its signature, is an easy enough concept to grasp but one that's frequently mired in rival marketing claims. Some vendors describe heuristic and generic detection, which many of the leading anti-virus engines have incorporated for years, as behaviour-based while other make a differentiation and say the technology is the next leap forward.

In other segments of the IT marketplace such confusion would be promptly resolved, sometimes after banging together a few heads. But in the world of anti-virus - where vendors have a hard job agreeing on the names of malware strains or even whether something is a worm, virus or Trojan - terminological mix-ups tend to get deeply ingrained, so don't expect a resolution any time soon.

Some start-ups that marketed behaviour-based protection as a supplement to traditional anti-virus such as Okena, SecureWave and Sana Security have been bought by bigger brands in the security world; Cisco, SecureWave (now Lumension) and AVG, respectively. One of the few independents in this area, PrevX, was last spotted advising the BBC Click on how to run a botnet during a controversial experiment last month.

Microsoft is serious about sales of security server software, and we've met several enthusiastic resellers and corporate users of ISAS over the years. Redmond's strategy on the client end seems more about moving artillery pieces into a stronghold occupied by McAfee and Symantec, tying up their resources in the process, than an attempt to mount a serious attack. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.