The new name for Microsoft's next-generation security products, Forefront, says it all: Microsoft is fighting to get an edge in the security game.
At its Tech Ed 2006 conference in Boston today, Microsoft unveiled the Forefront brand and released its new Internet Security & Acceleration Server (ISA) 2006 edge security gateway. Executives also provided a glimpse of its upcoming malware/antivirus/intrusion prevention client software (Forefront Client Security) and provided details on Antigen, Microsoft's family of email security products, which were introduced last week.
The software giant anted up with some Windows security statistics. Its Antimalware Team today released a white paper on malware based on data from its Windows Malicious Software Removal Tool (MSRT). The stats gathered by the researchers are impressive: MSRT has removed 16 million instances of malware from 5.7 million different Windows computers over the past 15 months, for instance, and a backdoor Trojan was found in 62 percent of these computers.
Perhaps more telling, though, is Microsoft's acknowledgement of what the rest of the industry already knew: Windows is full of security bugs. In the white paper, Microsoft calls backdoor Trojans a "significant and tangible threat to Windows users."
"It's a bit like the character in 'Casablanca' who's shocked to find gambling going on," says Andrew Jaquith, senior analyst with The Yankee Group. "It's nice to see Microsoft confirming these things, but it's not exactly news."
Microsoft is also playing a little catch-up on the client side, rolling out its upcoming Forefront Client Security (formerly known as Microsoft Client Protection) to compete with Symantec and McAfee's client antivirus and anti-malware software. "Microsoft is trying to position this as a broad, full-service security suite for desktops, and that's a good thing, because it gives [enterprises] more choices here," Jaquith says. "But this is not a new category of products...By the time Microsoft hits the market with this, the other [antivirus and malware] products will be entirely refreshed."
Two new features were added to Forefront Client Security: a scanner that lets users figure out which machines need patches or need to be reconfigured for security reasons; and Single Profile Configuration, a feature that simplifies the deployment of security policies. But the product won't ship until the second quarter of next year, according to Microsoft executives. It's in limited beta now and goes out to public beta in the fourth quarter.
ISA 2006, meanwhile, is an edge security gateway that protects enterprises from Internet-based threats while also providing remote users secure access to corporate data and applications. It's basically a proxy firewall that's also integrated with Active Directory for user authentication and authorization, for instance. It will ship in September.
Next in the Forefront line: Forefront Security for Exchange Server and Forefront Security for SharePoint, both of which will be released with the upcoming Exchange Server 2007 and Office 2007 products, according to a Microsoft spokesperson.
Bottom line: Microsoft must walk a fine line between being open about security holes in its products without shooting itself in the foot. "Microsoft can't say, 'Buy Vista because it's the secure version of Windows'," Jaquith says. "But it has to put the dots out there for its customers to connect."
Kelly Jackson Higgins, Senior Editor, Dark Reading
Companies mentioned in this article: