MS pushes back Forefront security offensive
Sterling recast and postponed until 2010
Microsoft will delay the release of the next version of its Forefront security product range.
The company's announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible - though unproven - rationale for the postponement.
Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.
Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft's enterprise firewall and caching software) are now expected to arrive in Q4 2009.
Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security - anti-malware and firewall - for corporate PCs) has also been delayed till the first half of next year.
In a posting  on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.
Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help "deliver more comprehensive endpoint protection for zero day attacks" by complementing existing "advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation".
We're not exactly sure what that means either.
Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.
Knock-on effects of that rather than a desire to add behaviour-based detection, a term that has more to do with marketecture than technology, strike us as a more plausible reason for the delay.
Blocking malware based on what it does, rather than by recognising its signature, is an easy enough concept to grasp but one that's frequently mired in rival marketing claims. Some vendors describe heuristic and generic detection, which many of the leading anti-virus engines have incorporated for years, as behaviour-based while other make a differentiation and say the technology is the next leap forward.
In other segments of the IT marketplace such confusion would be promptly resolved, sometimes after banging together a few heads. But in the world of anti-virus - where vendors have a hard job agreeing on the names of malware strains or even whether something is a worm, virus or Trojan - terminological mix-ups tend to get deeply ingrained, so don't expect a resolution any time soon.
Some start-ups that marketed behaviour-based protection as a supplement to traditional anti-virus such as Okena, SecureWave and Sana Security have been bought by bigger brands in the security world; Cisco, SecureWave (now Lumension) and AVG, respectively. One of the few independents in this area, PrevX, was last spotted advising the BBC Click on how to run a botnet during a controversial experiment last month.
Microsoft is serious about sales of security server software, and we've met several enthusiastic resellers and corporate users of ISAS over the years. Redmond's strategy on the client end seems more about moving artillery pieces into a stronghold occupied by McAfee and Symantec, tying up their resources in the process, than an attempt to mount a serious attack. ®