Microsoft Puts Hold on Forefront Security Product Range

Microsoft is in the news again, but this time for holding back on something security related.

It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.

A lot of Windows networks use ISA (as it used to be called) – in the future it’ll be known as Threat Management Gateway. It shows they are moving away from plain old “Firewall” kind of software and more into security intelligence.

Microsoft will delay the release of the next version of its Forefront security product range.

The company’s announcement of the delay suggests it wants to improve the technology, but business reasons provide a more plausible – though unproven – rationale for the postponement.

Instead of shipping the product release, codenamed Stirling, in the first half of 2009, Redmond now expects to put it out around the turn of the year or even later.

Forefront Server Security for Exchange (messaging security) and Threat Management Gateway (the next version of what used to be called ISAS, Microsoft’s enterprise firewall and caching software) are now expected to arrive in Q4 2009.

Management console and Forefront Security for SharePoint (portal security) are penciled in for arrival only in the first half of 2010. Forefront Client Security 2.0 (endpoint security – anti-malware and firewall – for corporate PCs) has also been delayed till the first half of next year.

It seems like the whole suite has been put on hold for quite some time, with most products looking to come out Q4 2009 or more likely everything will his the streets in Q1-2 2010.

I don’t have much experience with any of these as I stopped using Microsoft products in a corporate environment quite some time back.

Anyone have any thoughts?

In a posting on the Forefront security blog, Microsoft said the delay was needed to add improved behaviour-based anti-malware protection and to improve integration with third-party security applications. The security giant expects to ship a second beta of Stirling and a release candidate prior to the final release.

Microsoft said its behaviour-based anti-malware protection, which it calls Dynamic Signature Service, will help “deliver more comprehensive endpoint protection for zero day attacks” by complementing existing “advanced heuristics, dynamic translation and real time application scanning for kernel level malware with a sophisticated approach to on-demand threat mitigation”.

We’re not exactly sure what that means either.

Our guess is that Microsoft is actually pushing back the enterprise security release to coincide with the availability of Windows 7 and changes to how it supplies security software to consumers. Back in November, Microsoft announced plans to discontinue its Windows Live OneCare consumer security service from the end of June in favour of a free consumer product, codenamed Morro, currently under development.

They are claiming to be developing technology that can detect 0-day exploits, well that’s how it reads to me. Unless they can beat the heuristic engines that most modern anti-virus software uses (unsuccessfully I might add) they are going to be out of luck.

It could just be a move to synchronise the development with the release of the much awaiting Windows 7. Let’s hope for everyone’s sake it’s an altogether more secure product.

Source: The Register

Posted in: Countermeasures, Security Software

, , , ,

Latest Posts:

tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.

2 Responses to Microsoft Puts Hold on Forefront Security Product Range

  1. Anonymous April 8, 2009 at 10:35 pm #

    I’ve used ISA for a few years now. The one feature I’ve always liked is the NTLM integrated proxy authentication. As long as you’re blocking egress traffic, it seems to stop any piece of malware looking for a second payload or botnet. I’m sure it wouldn’t be hard to replay compromised NTLM hashes through the proxy, I just haven’t see it done…

  2. Morgan Storey April 12, 2009 at 12:52 pm #

    @Anonymous: I am sure you could do it with incognito

    @Darknet: I have used ISA a bit and am even certified in 2004. In all realism it isn’t a half bad firewall and proxy, though you need third party apps to get the proxy bit to do anything other than cache.
    I heard from a colleague MS did their usual trick and poached some Checkpoint guys to build ISA, so its security is fairly high on the charts for that alone.
    From what I have heard of MS endpoint security it is also pretty decent, nothing as bad as one-care, and it integrates into the OS and into the domain with ISA/Forefront to allow policies to lock down a box even off the network. It’s heuristics engine I think was bought from someone else (symantec?) and is pretty damned good. They are also putting ips/ids and deep packet inspection into the new ISA IIRC, which is where they maybe getting there will stop 0-days. I guess we will see.
    All that being said though it sort of goes against my ethos, which is basically if you are trying to protect one OS use another OS as a firewall to at least make the knowledge the attacker needs that little bit greater.