Microsoft Puts Hold on Forefront Security Product Range

Microsoft is in the news again, but this time for holding back on something security related.

It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.

A lot of Windows networks use ISA (as it used to be called) – in the future it’ll be known as Threat Management Gateway. It shows they are moving away from plain old “Firewall” kind of software and more into security intelligence.

Microsoft will delay the release of the next version of its Forefront security product range.

The company’s announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible – though unproven – rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft’s enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security – anti-malware and firewall – for corporate PCs) has also been delayed till the first half of next year.

It seems like the whole suite has been put on hold for quite some time, with most products looking to come out Q4 2009 or more likely everything will his the streets in Q1-2 2010.

I don’t have much experience with any of these as I stopped using Microsoft products in a corporate environment quite some time back.

Anyone have any thoughts?

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help “deliver more comprehensive endpoint protection for zero day attacks” by complementing existing “advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation”.

We’re not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

They are claiming to be developing technology that can detect 0-day exploits, well that’s how it reads to me. Unless they can beat the heuristic engines that most modern anti-virus software uses (unsuccessfully I might add) they are going to be out of luck.

It could just be a move to synchronise the development with the release of the much awaiting Windows 7. Let’s hope for everyone’s sake it’s an altogether more secure product.

Source: The Register

Posted in: Countermeasures, Security Software

, , , ,

Latest Posts:

RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.

2 Responses to Microsoft Puts Hold on Forefront Security Product Range

  1. Anonymous April 8, 2009 at 10:35 pm #

    I’ve used ISA for a few years now. The one feature I’ve always liked is the NTLM integrated proxy authentication. As long as you’re blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I’m sure it wouldn’t be hard to replay compromised NTLM hashes through the proxy, I just haven’t see it done…

  2. Morgan Storey April 12, 2009 at 12:52 pm #

    @Anonymous: I am sure you could do it with incognito

    @Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn’t a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache.
    I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone.
    From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It’s heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see.
    All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater.