Microsoft Puts Hold on Forefront Security Product Range

Outsmart Malicious Hackers


Microsoft is in the news again, but this time for holding back on something security related.

It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.

A lot of Windows networks use ISA (as it used to be called) – in the future it’ll be known as Threat Management Gateway. It shows they are moving away from plain old “Firewall” kind of software and more into security intelligence.

Microsoft will delay the release of the next version of its Forefront security product range.

The company’s announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible – though unproven – rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft’s enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security – anti-malware and firewall – for corporate PCs) has also been delayed till the first half of next year.

It seems like the whole suite has been put on hold for quite some time, with most products looking to come out Q4 2009 or more likely everything will his the streets in Q1-2 2010.

I don’t have much experience with any of these as I stopped using Microsoft products in a corporate environment quite some time back.

Anyone have any thoughts?

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help “deliver more comprehensive endpoint protection for zero day attacks” by complementing existing “advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation”.

We’re not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

They are claiming to be developing technology that can detect 0-day exploits, well that’s how it reads to me. Unless they can beat the heuristic engines that most modern anti-virus software uses (unsuccessfully I might add) they are going to be out of luck.

It could just be a move to synchronise the development with the release of the much awaiting Windows 7. Let’s hope for everyone’s sake it’s an altogether more secure product.

Source: The Register

Learn about Countermeasures



Posted in: Countermeasures, Security Software

, , , ,

Latest Posts:


CCleaner Hack - Spreading Malware To Specific Tech Companies CCleaner Hack – Spreading Malware To Specific Tech Companies
The CCleaner Hack is blowing up, initially estimated to be huge, it's hit at least 700k computers & is specifically targeting 20 top tech organisations.
AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.


2 Responses to Microsoft Puts Hold on Forefront Security Product Range

  1. Anonymous April 8, 2009 at 10:35 pm #

    I’ve used ISA for a few years now. The one feature I’ve always liked is the NTLM integrated proxy authentication. As long as you’re blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I’m sure it wouldn’t be hard to replay compromised NTLM hashes through the proxy, I just haven’t see it done…

  2. Morgan Storey April 12, 2009 at 12:52 pm #

    @Anonymous: I am sure you could do it with incognito

    @Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn’t a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache.
    I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone.
    From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It’s heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see.
    All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater.