Microsoft Puts Hold on Forefront Security Product Range

The New Acunetix V12 Engine


Microsoft is in the news again, but this time for holding back on something security related.

It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.

A lot of Windows networks use ISA (as it used to be called) – in the future it’ll be known as Threat Management Gateway. It shows they are moving away from plain old “Firewall” kind of software and more into security intelligence.

Microsoft will delay the release of the next version of its Forefront security product range.

The company’s announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible – though unproven – rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft’s enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security – anti-malware and firewall – for corporate PCs) has also been delayed till the first half of next year.

It seems like the whole suite has been put on hold for quite some time, with most products looking to come out Q4 2009 or more likely everything will his the streets in Q1-2 2010.

I don’t have much experience with any of these as I stopped using Microsoft products in a corporate environment quite some time back.

Anyone have any thoughts?

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help “deliver more comprehensive endpoint protection for zero day attacks” by complementing existing “advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation”.

We’re not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

They are claiming to be developing technology that can detect 0-day exploits, well that’s how it reads to me. Unless they can beat the heuristic engines that most modern anti-virus software uses (unsuccessfully I might add) they are going to be out of luck.

It could just be a move to synchronise the development with the release of the much awaiting Windows 7. Let’s hope for everyone’s sake it’s an altogether more secure product.

Source: The Register

Posted in: Countermeasures, Security Software

, , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


2 Responses to Microsoft Puts Hold on Forefront Security Product Range

  1. Anonymous April 8, 2009 at 10:35 pm #

    I’ve used ISA for a few years now. The one feature I’ve always liked is the NTLM integrated proxy authentication. As long as you’re blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I’m sure it wouldn’t be hard to replay compromised NTLM hashes through the proxy, I just haven’t see it done…

  2. Morgan Storey April 12, 2009 at 12:52 pm #

    @Anonymous: I am sure you could do it with incognito

    @Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn’t a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache.
    I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone.
    From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It’s heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see.
    All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater.