Thomas Joos
In the Front Line
Microsoft Forefront Security Overview
With its Forefront Security product range, Microsoft intends to provide protection for corporate networks and now challenges established vendors like Symantec and McAfee also in the corporate security market. An overview of Forefront’s features gives a first impression.
Microsoft's security products are divided into three main lines: Forefront Client Security aims to protect Windows client PCs and Windows Server operating systems against network viruses. In addition, there are dedicated solutions for keeping malware out of server-based applications like Exchange Server 2007 or the document management system SharePoint. Finally, the proxy and firewall product Internet Security and Acceleration (ISA) Server 2006 and its expansion Intelligent Application Gateway (IAG) 2007 provide additional security for the network edge. ISA Server 2006 has been available separately for a while and will now be integrated into the Forefront product range.
Client Protection
Forefront Client Security offers centrally managed virus protection for client PCs and network servers. It is in direct competition with Symantec AntiVirus Corporate Edition, Trend Micro OfficeScan, and McAfee Total Protection. Although a final version of Forefront Client Security can already be downloaded for testing, Microsoft has not yet announced an official release date. According to Microsoft, Forefront Client Security is based on the same technology as Windows Live OneCare, the antivirus product for home PCs. Its protection against viruses and trojans is mainly based on technology developed by GeCAD, which was taken over by Microsoft in 2003. Its spyware protection is based on GIANT Company software technology, which Microsoft took over in December 2004.
Windows Live OneCare has so far yielded notoriously bad test results. In a c't test (volume 05/07), response times after reports of new malware were longer than average: 36 to 38 hours. The scanning results were among the worst in this test: For backdoors, bots and trojans Microsoft still managed to beat CA Antivirus and ClamWin with 74.6 per cent. But its heuristics came last in the retrospective test with 7 per cent for up to two month old signatures. If Forefront Client Security is indeed based on this concept, this does not bode well.
Forefront Client Security supports Windows 2000, Windows XP, Windows Vista, and Windows Server 2003. For the central distribution of new virus signatures it co-operates with Microsoft's free patch management product Windows Server Update Services (WSUS), which has been available in its new version 3.0 since May 2007. In addition, corporate security policies for client PCs can be deployed this way, for example secure browser configurations based on the group policies in Active Directory.