Microsoft is in the news again, but this time for holding back on something security related.
It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.
A lot of Windows networks use ISA (as it used to be called) – in the future it’ll be known as Threat Management Gateway. It shows they are moving away from plain old “Firewall” kind of software and more into security intelligence.
Microsoft will delay the release of the next version of its Forefront security product range.
The company’s announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible – though unproven – rationale for the postponement.
Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.
Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft’s enterprise firewall and caching software) are now expected to arrive in Q4 2009.
Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security – anti-malware and firewall – for corporate PCs) has also been delayed till the first half of next year.
It seems like the whole suite has been put on hold for quite some time, with most products looking to come out Q4 2009 or more likely everything will his the streets in Q1-2 2010.
I don’t have much experience with any of these as I stopped using Microsoft products in a corporate environment quite some time back.
Anyone have any thoughts?
In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.
Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help “deliver more comprehensive endpoint protection for zero day attacks” by complementing existing “advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation”.
We’re not exactly sure what that means either.
Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.
They are claiming to be developing technology that can detect 0-day exploits, well that’s how it reads to me. Unless they can beat the heuristic engines that most modern anti-virus software uses (unsuccessfully I might add) they are going to be out of luck.
It could just be a move to synchronise the development with the release of the much awaiting Windows 7. Let’s hope for everyone’s sake it’s an altogether more secure product.
Source: The Register
- Agile Security – How Does It Fit Into A World Of Continuous Delivery
- Shadow Daemon – Web Application Firewall
- OpenSSH On Windows – It’s Happening!
- Sunbelt Software Bought By GFI For An Undisclosed Sum
- Mozilla Hires Ex-Microsoft Security Strategist Window Snyder
- BugSpy – Crawls The Web For Open Source Software Bugs
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,551 views
- Password Hasher Firefox Extension - 117,331 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,616 views