Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/12/2006
09:17 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Microsoft Moves Security to 'Forefront'

Microsoft gives its security wares a bold new name and rolls out a new security gateway at Tech Ed 2006

The new name for Microsoft's next-generation security products, Forefront, says it all: Microsoft is fighting to get an edge in the security game.

At its Tech Ed 2006 conference in Boston today, Microsoft unveiled the Forefront brand and released its new Internet Security & Acceleration Server (ISA) 2006 edge security gateway. Executives also provided a glimpse of its upcoming malware/antivirus/intrusion prevention client software (Forefront Client Security) and provided details on Antigen, Microsoft's family of email security products, which were introduced last week.

The software giant anted up with some Windows security statistics. Its Antimalware Team today released a white paper on malware based on data from its Windows Malicious Software Removal Tool (MSRT). The stats gathered by the researchers are impressive: MSRT has removed 16 million instances of malware from 5.7 million different Windows computers over the past 15 months, for instance, and a backdoor Trojan was found in 62 percent of these computers.

Perhaps more telling, though, is Microsoft's acknowledgement of what the rest of the industry already knew: Windows is full of security bugs. In the white paper, Microsoft calls backdoor Trojans a "significant and tangible threat to Windows users."

"It's a bit like the character in 'Casablanca' who's shocked to find gambling going on," says Andrew Jaquith, senior analyst with The Yankee Group. "It's nice to see Microsoft confirming these things, but it's not exactly news."

Microsoft is also playing a little catch-up on the client side, rolling out its upcoming Forefront Client Security (formerly known as Microsoft Client Protection) to compete with Symantec and McAfee's client antivirus and anti-malware software. "Microsoft is trying to position this as a broad, full-service security suite for desktops, and that's a good thing, because it gives [enterprises] more choices here," Jaquith says. "But this is not a new category of products...By the time Microsoft hits the market with this, the other [antivirus and malware] products will be entirely refreshed."

Two new features were added to Forefront Client Security: a scanner that lets users figure out which machines need patches or need to be reconfigured for security reasons; and Single Profile Configuration, a feature that simplifies the deployment of security policies. But the product won't ship until the second quarter of next year, according to Microsoft executives. It's in limited beta now and goes out to public beta in the fourth quarter.

ISA 2006, meanwhile, is an edge security gateway that protects enterprises from Internet-based threats while also providing remote users secure access to corporate data and applications. It's basically a proxy firewall that's also integrated with Active Directory for user authentication and authorization, for instance. It will ship in September.

Next in the Forefront line: Forefront Security for Exchange Server and Forefront Security for SharePoint, both of which will be released with the upcoming Exchange Server 2007 and Office 2007 products, according to a Microsoft spokesperson.

Bottom line: Microsoft must walk a fine line between being open about security holes in its products without shooting itself in the foot. "Microsoft can't say, 'Buy Vista because it's the secure version of Windows'," Jaquith says. "But it has to put the dots out there for its customers to connect."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Companies mentioned in this article:

  • Microsoft Corp. (Nasdaq: MSFT) Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How to Think Like a Hacker
    Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
    7 SMB Security Tips That Will Keep Your Company Safe
    Steve Zurier, Contributing Writer,  10/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-17435
    PUBLISHED: 2019-10-16
    A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
    CVE-2019-17436
    PUBLISHED: 2019-10-16
    A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
    CVE-2019-17512
    PUBLISHED: 2019-10-16
    There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.
    CVE-2019-15277
    PUBLISHED: 2019-10-16
    A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the re...
    CVE-2019-15280
    PUBLISHED: 2019-10-16
    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient...