Forefront Team Blog : Forefront Client Security

VB100 for FCS and MSE

Forefront Blogger — Mon, 14 Dec 2009 21:26:00 GMT

Forefront Client Security received its 11th consecutive VB100 award for the December 2009 Edition of Virus Bulletin. Microsoft Security Essentials for consumers received its first VB100 award for its very first submission. In order to be awarded the VB100, a product must detect 100% of the "WildList" malware samples and not have any false positives on the Virus Bulletin clean file collection.

Details on the Forefront results are here (free registration required.)

Dark Reading, customers and analysts on TMG

Forefront Blogger — Mon, 07 Dec 2009 21:17:00 GMT

Leading security news site Dark Reading reports on the release of Forefront Threat Management Gateway - including some insightful quotes:

Analyst Rob Enderle: "By focusing on the employee, Microsoft is beginning to address what I believe are some of the most vulnerable parts of the current enterprise. With this, Microsoft is beginning to transition from a company trying to catch up to the market to one that is trying to lead it."

Analyst Chenxi Wang, principal analyst for security and risk management at Forrester. "This is a major step up from what ISA could do in securing Web access. If Microsoft wants to play more in the enterprise security game, it needs to add more functionality to it, and they did in this release."

Customer George Podolak of Architectural firm Pei Cobb Freed & Partners, a TMG customer, uses the gateway to protect both its end users and the business from malware when its users visit social networking or other sites. "I'm not against Facebook [and we allow our users to access it], but when you're using it, we don't want you to wander off to a malware site."

Follow Forefront on Twitter

Forefront Blogger — Mon, 30 Nov 2009 19:11:00 GMT

If you are a Twitter fan, be sure to follow us at http://twitter.com/MS_Forefront ! Our own John "JG" Chirapurath, senior director in the MSFT Identity and Security Business Group, is leading the Forefront Tweet charge in his typically pithy way. Come join the conversation about all things identity and security.

Joel Sider

Action by Dec 1 - keep your protection current!

Forefront Blogger — Wed, 04 Nov 2009 23:08:00 GMT

A reminder from the Forefront Server Security blog.

As we announced on July 1, 2009, Microsoft is revising its engine mix on Dec. 1, 2009 for the Forefront and Antigen products. This change will allow customers to utilize a set of engines that help optimize detection, while also allowing us to invest in new areas for increasing overall protection for customers.

Antimalware Protection

The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009. After December 1^st, customers will not receive any updates for these retired engines. In order to make sure your Antigen and Forefront products continue to scan efficiently and effectively for malware, any customers running the AhnLab, CA, or Sophos engines must DISABLE these engines before Dec. 1, 2009 and select from the new set of five engines – Authentium, Kaspersky, Microsoft, Norman, and VirusBuster.

SPECIAL NOTE: Antigen for SharePoint 8.0 and Antigen for Instant Messaging 8.0 customers – In order to gain access to the new engine set and provide optimal protection for your messaging and collaboration environments, please download the Service Pack 1 releases of these products on the MVLS or VLSC site prior to Dec. 1, 2009. The updates for the new engine set will use a new update infrastructure as of Dec. 31, 2009 – the Service Pack 1 releases will allow you to continue to receive updates correctly from their new location.

For more information about Service Pack 1 for Antigen for SharePoint and Antigen for IM, see the following KB article:

http://support.microsoft.com/kb/975850/

- SPECIAL NOTE: Antigen for Exchange 8.0 and Antigen for SMTP Gateways 8.0 customers –These products will end of life on Dec. 31, 2009. Customers must upgrade to Antigen 9.0 SP2 for Exchange before this date, as the product will no longer continue to receive anti-malware updates starting Jan. 1, 2010. With the retirement of the CA, Sophos, and AhnLab engines on Dec. 1, customers running Antigen for Exchange 8.0 or Antigen SMTP Gateways 8.0 will only be protected by the Norman engine. For customers who need to continue using this product between Dec. 1, 2009 and the end-of-life date of Dec. 31, 2009, please contact Forefront Contract Administration for access to the revised engine set.

For more information on upgrading your Antigen for Exchange 8.0 or Antigen for SMTP Gateways 8.0 to Antigen 9.0, see the following KB article:

http://support.microsoft.com/kb/932396/

Antispam Protection

One of the most important changes in our engine revision strategy is moving to the Cloudmark antispam engine*, which provides 99%+ detection rate and less than 1 in 250,000 false positives (West Coast Labs).

The Mail-Filters SpamCure antispam engine will be retired on Dec. 1, 2009. Customers using Antigen products for antispam protection must upgrade to the latest service pack releases listed below BEFORE DEC. 1, 2009 to maintain their antispam defenses. This is the only way to gain access to the new Cloudmark engine. The service packs can be accessed on the Microsoft MVLS and VLSC sites:

- Antigen for Exchange Server with Antigen Spam Manager 9.0 with SP2

- Antigen for SMTP Gateways with Antigen Spam Manager 9.0 with SP2

For more information on the engine revision strategy, see the Antimalware Engine Notifications and Developments Web page or contact Forefront Contract Administration . Again, we strongly urge all customers to update to the newest service packs before Dec. 1, 2009 to get the full protection benefits of the Forefront and Antigen server products.

*Please note: Customers using Forefront Security for Exchange Server will get access to the Cloudmark engine in the next version release – Forefront Protection 2010 for Exchange Server – scheduled to be available in Q4 CY09.

Brita Jenquin

Sr. Product Manager

Microsoft Security Intelligence Report

Forefront Blogger — Mon, 02 Nov 2009 17:01:00 GMT

The 7^th volume of the Microsoft Security Intelligence Report (SIR) was released today. The top finding is that worms infections in the enterprise rose by nearly 100 percent during the first half of 2009.

According to the report, rogue security software remained the single largest threat category for the first half of 2009. Microsoft products and services removed such malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008.

The SIR provides a deep, accurate view of the threat landscape country-by-country and, for the first time, the SIR includes security best practices from countries that have consistently exhibited low malware infection, such as Japan, German and Austria.

Data for the SIR is collected through a wide variety of means, including but not limited to: Microsoft’s Malicious Software Removal Tool, Bing, Windows Live OneCare, Windows Defender and, of course, Forefront solutions.

The full SIR, guidance and other resources are available here.

Forefront scores in VB100

Forefront Blogger — Tue, 13 Oct 2009 21:04:00 GMT

Forefront Client Security (FCS) received its 10th consecutive VB100 award in the October 2009 Edition of Virus Bulletin. In order for a product to be awarded the VB100 award, it must detect 100% of the WildList malware samples and must not have any false positives (FP) on the Virus Bulletin clean file collection.

FCS received one of the highest scores overall – and the highest among major competitors - in both the proactive and reactive aspects of the new VB RAP (Reactive and Proactive) test, reaffirming the strong result shown in August VB edition and in the May 2009 report from AV-Comparative.org.

Schedule and Strategy Update for Forefront Endpoint Protection

Forefront Blogger — Thu, 08 Oct 2009 11:00:00 GMT

Today we are announcing a schedule and strategy update for Forefront Endpoint Protection 2010, a component of the upcoming Forefront Protection Suite (previously codenamed “Stirling.”)

We are delaying the release Forefront Endpoint Protection 2010 - anti-malware for Windows desktops and servers - until the second half of 2010. Based on customer feedback and market trends, we have made the strategic decision to build Forefront Endpoint Protection (FEP) on System Center Configuration Manager, Microsoft’s solution to comprehensively assess, deploy, and update servers, clients, and devices. This approach better aligns our customers’ client management and security infrastructure, helping simplify deployment and reduce costs.

We are confident this is the right decision for our customers. In the interim, we will continue to offer our current Forefront Client Security (FCS) solution, which supports and protects both Windows 7 and Windows Server 2008 R2. We are developing the necessary tools and guidance to facilitate the future upgrade from Forefront Client Security to Forefront Endpoint Protection and will help customers with the migration process.

We also remain committed to providing integrated management for the Forefront Protection Suite. We will release Forefront Protection Manager in the first half of 2010, as scheduled, providing multi-server management for Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint. We will provide information about endpoint security management in Forefront Protection Manager at a later time.

We are on track to release all other Forefront products on schedule, as part of our Business Ready Security strategy:

o Fourth quarter 2009: Forefront Protection 2010 for Exchange Server, Forefront Online Protection for Exchange, Forefront Threat Management Gateway 2010 and Forefront Unified Access Gateway 2010

o First half 2010: Forefront Protection 2010 for SharePoint, Forefront Identity Manager 2010.

The Forefront team

Steve Ballmer on The New Efficiency

Forefront Blogger — Tue, 29 Sep 2009 20:56:00 GMT

Making business decisions regarding IT investment is tougher than ever. To help, today Microsoft hosted a special VIP Business Leadership Roundtable event. CEO Steve Ballmer and moderator Robert Youngjohns, President of the Microsoft US Subsidiary, discussed major trends in the new role of technology in the workplace. Ballmer and Youngjohns were joined by a panel of early adopter customers representing key industries like automotive, hospitality, transportation and IT. Attendees got a close look at how real companies are making IT investments across the desktop, server, network and beyond.

How IT needs to keep pace with increasingly sophisticated users
The ever more mobile and distributed workforce, and
The impact of greater industry regulations and ongoing threats to data.

Forefront identity and security solutions, and our Business Ready Security strategy, are core parts of the way Microsoft is helping customers tackle these issues. You can view highlights of today's event and get lots of info on the range of Microsoft IT solutions - including a Business Ready Security overview, Secure Messaging, Secure Collaboration, Identity and Access Management and Information Protection at www.TheNewEfficiency.com

Microsoft Security Essentials available tomorrow

Forefront Blogger — Tue, 29 Sep 2009 06:44:00 GMT

Microsoft Security Essentials, the new no-cost, anti-malware service that helps protect consumers against viruses, spyware and other malicious software, will be available tomorrow, Tuesday, Sept. 29. It requires no registration, trials or renewals and will be available for download directly from Microsoft at http://www.microsoft.com/security_essentials.

Making Microsoft Security Essentials (MSE) broadly available as a free consumer download for genuine Windows-based PCs is part of the company's ongoing commitment to provide a more trustworthy computing experience for all customers. The company hopes to encourage broader adoption of anti-virus protection across the consumer audience, which in turn will help increase security across the entire Windows ecosystem. For business customers, Microsoft continues to offer Forefront Client Security.

MSE will have a positive impact on Forefront products, because it allows Microsoft to capture additional threat intelligence from customers using MSE and apply it to our security research, signature development and protection capabilities in Forefront solutions.

CERN replaces Symantec with Forefront

Forefront Blogger — Thu, 10 Sep 2009 21:58:00 GMT

CERN - the European Organization for Nuclear Research - recently announced in its computing newsletter that it is replacing Symantec with Forefront Client Security to protect PCs on its network. Why? From the newsletter:

By the end of this year, all NICE PCs will have MS Forefront Client Security installed. This new anti-virus and anti-malware application will replace the current anti-virus product from Symantec. The reasons for this change include the small footprint of the client application, excellent response times for pattern updates and very good integration with the existing NICE infrastructure.

Forefront Client Security v1.0 on Windows 7 and Windows Server 2008 R2

Forefront Blogger — Thu, 03 Sep 2009 18:20:00 GMT

Forefront Client Security (FCS) v1.0 is fully supported on Windows 7 and Windows Server 2008 R2 as of August 31, 2009. With the release of new updates available through Windows Server Update Services or Microsoft Update, customers will be able to extend the protection of FCS v1.0 on Windows 7 and Windows Server 2008 R2 systems and incorporate security in their infrastructure upgrade plans. More information on updates needed for this support is provided in a knowledge base article here.

FCS v1.0 will be supported on all of the following versions of Windows 7: Windows 7 Business, Enterprise, Home, and Ultimate. The FCS v1.0 client will also protect Windows Server 2008 R2 Standard Server and Windows Server 2008 R2 Enterprise Server installation. For a full list of supported platforms, please visit http://technet.microsoft.com/en-us/library/bb404245.aspx.

Windows Server 2008 R2 Server Core installation is not supported at this time. However, it is planned to be supported with future updates.

Forefront tops VB100

Forefront Blogger — Thu, 06 Aug 2009 19:34:00 GMT

British tech publication V3.co.uk recently posted an article with the headline Third of anti-virus vendors fail to protect Vista.

The latest tests conducted by independent anti-virus testing organization Virus Bulletin have revealed that 12 out of 35 top security vendors failed the stringent VB100 test which pits security systems against the publicly available WildList of malware known to be circulating. Products must be able to detect 100 per cent of the malware, and must not generate any false alarms when scanning a clean set of files,

In the V3.co.UK article John Hawes of Virus Bulletin said that Microsoft came out "top on the proactive side by a whisker, and pretty good on the reactive side", highlighting the significant time and resources Microsoft is putting into security under its Forefront brand.

ID and Security in the Cloud

Forefront Blogger — Fri, 24 Jul 2009 22:50:00 GMT

Many companies and IT leaders are eager to realize the benefits of cloud computing, but security is often a concern. For example, a recent study by Maritz Research found that 59% of IT leaders in the US rated security as the biggest risk with cloud.

As part of our Business Ready Security strategy , we are taking a comprehensive approach to security across on-site and cloud infrastructure. This encompasses protection, access and management, all built around user identity and integrated with a highly secure, interoperable platform for a broad set of partner solutions. (At the Worldwide Partner Conference on 7/13, we also announced the official names of the products comprising the Forefront Protection Suite, previously known as codename “Stirling”, in an effort to align our portfolio with this broader definition of security.)

We are delivering both standalone security services and security technologies within Microsoft’s cloud infrastructure. Forefront Online Protection for Exchange is an example of a standalone service solution, providing email security for both on premise Exchange Server and Exchange Online (and other on-premise messaging systems.) Another example is System Center Online Desktop Manager, available in beta by the end of the year. It is an integrated security and management tool that will provide desktop management capabilities in the form of an online service.

Identity is a core part of our strategy, because it allows for more contextual protection and access to information and resources. With our Forefront platform, on-premise identities, such as those in Active Directory, work with cloud services. That enables simplified, secure user access to applications, such as Exchange, regardless of where the application is hosted.

Forefront's identity provisioning/de-provisioning and access management empower customers to integrate their investments in Active Directory and existing identities with cloud infrastructure. And, with solutions like Rights Management Services, in the future customers will be able to enforce persistent, identity-based policies around data anywhere it is stored, sent, or accessed - including the cloud.

We are also providing fundamental identity components for Microsoft cloud services, such as the Azure Services Platform. The Microsoft Services Connector, for example, extends identities from on premises systems to cloud services. The .Net Access Control Service issues and manages identity “claims.” Both are based on the next generation of Active Directory Federation Services, Windows Cardspace, and Windows Identity Foundation which comprise an open platform for simplified user access that works across organization boundaries for on-premise and cloud-based applications. Beta 2 of all three components is currently available.

Analyst: The market impact of security/identity integration

Forefront Blogger — Tue, 21 Jul 2009 23:54:00 GMT

Analyst Jon Oltsik of the Enterprise Strategy Group writes a column for Network World called "Networking Nuggets and Security Snippets." Last week he penned an interesting piece titled "The market impact of security/identity integration."

In the article Oltsik describes how governance, compliance and new electronic business processes are driving more alignment of security policy with users, roles and business activities. He goes on to provide his take on who the leaders, challengers, dark horses and question marks are among vendors in this newly converged space. He cites IBM, Microsoft and, tentatively, CA as leaders.

Yes, I'm flagging the story because Jon's take is very much in line with Microsoft's view and strategy. But it's worth a read.

Business Ready Security news at WPC

Forefront Blogger — Mon, 13 Jul 2009 19:01:00 GMT

This week in New Orleans Microsoft is hosting its annual Worldwide Partner Conference. We made several announcements today at the conference about our identity and security solutions. This news is part of our Business Ready Security strategy to help both partners and customers 1) protect everywhere and access anywhere, 2) integrate and extend security across the enterprise, and 3) simplify the security experience and manage compliance

Official names and pricing for “Stirling”

Forefront codename “Stirling” - the next generation of the Forefront Security Suite for integrated, comprehensive protection across endpoints, servers and the edge – will be officially known as Forefront Protection Suite (FPS).

FPS will include the products in the current suite, plus the Forefront Protection Manager (formerly known as the “Stirling” management console) and the Forefront Threat Management Gateway Web Security Service.

FPS pricing will remain the same as the current Forefront Security Suite and all of the component solutions will continue to be licensed on a subscription basis. They will also be available independently, with Forefront Protection Manager included. (Note that the Forefront Threat Management Gateway license is sold separately on a per processor basis.)

At WPC we are also announcing the following new product solution names:

· Forefront Endpoint Protection 2010 - current version is Forefront Client Security

· Forefront Protection 2010 for Exchange Server - current version is Forefront Security for Exchange Server

· Forefront Protection 2010 for SharePoint - current version is Forefront Security for SharePoint

· Forefront Online Protection for Exchange - currently called Forefront Online Security for Exchange

· Forefront Threat Management Gateway Web Security Service - the next generation of ISA Server 2006.

The new FPS solutions are currently in beta and final versions will ship over the course of the latter half of 2009 and the first half of 2010.

Public beta 2 of Forefront Unified Access Gateway

Forefront Unified Access Gateway beta 2 is available for download at www.microsoft.com/forefront. UAG provides secure, virtually anywhere access to messaging, collaboration and other applications, increasing productivity and policy compliance. UAG also extends the benefits of Windows DirectAccess across the enterprise, enhancing scalability, deployment and management.

Official name for “Geneva”

The three components of Microsoft “Geneva” – the upcoming open platform providing simplified user access and single sign-on for cloud and on-premises applications – have the following names:

· Active Directory Federation Services – formerly known as “Geneva” Server

· Windows Identity Foundation – formerly known as “Geneva” Framework

· Windows Cardspace – same as current version

Partner opportunities

At WPC partners will learn about how the solutions above offer tremendous opportunity to better meet the identity and security needs of customers...and to build their own businesses. Since announcing a $75 million investment in our partner ecosystem at WPC last year, we have seen very strong partner development and growth.

For example, we have seen a 50% increase in participation in the Security Software Advisors (SSA) program, which offers fees to partners who influence deployment. The Security Solutions Competency, which enables partners to differentiate themselves as experts, is one of the fastest growing competencies in Microsoft’s history and in the last year grew 46% in participation. This year we anticipate quadrupling the number of identity and security partners we support with training, marketing and customer engagement.