Security Watch

Keeping Track of patches and hacks in the IT security world.

MS Closes the Edge-Server-Client Security Loop

In a worldwide kickoff event that involved 50,000 people, Microsoft on May 2 launched the client piece of its aggressive client-server-edge enterprise security software push, which the company branded as its Forefront line at the Boston TechEd show in June 2006.

In a keynote address to business customers and partners in Los Angeles, Microsoft Senior Vice President Bob Muglia announced the launch of two new products—Forefront Client Security and Microsoft System Center Essentials 2007.

Forefront Client Security is designed to provide anti-malware protection for business desktops, laptops and server operating systems. It integrates with Microsoft's System Center line of system management technologies, Active Directory and other Microsoft products.

System Center Essentials 2007 is the management piece of the puzzle. The product provides a unified console, designed to simplify tasks such as managing clients, servers, hardware, software and IT services.

Margaret Arakawa, senior director of Security and Access Product Management at Microsoft, said the two product announcements are part of a wave of products for both security and management lines, but what's really pivotal is that Microsoft is putting them together in an integrated launch.

"During the last five years we've seen IT become a very complex environment within a company," she said. "There are a lot of threats, spam, viruses, new malware attacks. They're getting more virulent and very specific as to which data points they want to access. We're not seeing ... a decrease in viruses in the IT infrastructure.

"It becomes a difficult thing to manage. We have customers who tell us, 'We need to know where all our servers are, we need to know where all our desktops are. We need to manage them, and while we manage them, we need to see if they're secure. We need to monitor servers and desktops to know if they're healthy.' Convergence is why we [rolled out the two products announced today] as part of the same platform."

Michael Cherry is an analyst at Directions on Microsoft, which has been beta testing the Forefront Client Security product for some three months. He told me in an interview today that the product's central management console is the key item that's sold him on the technology.

"We're not a large company," he said. "Part of our thing is we wanted to be able to know in a single place what the status of all our computers was. We have some people who work at home, some who work in the office and a mix of technical people and nontechnical people.

"We're also on the road quite a bit, and analysts are on the Internet looking for sources, things like that. If my boss came to me and said, 'Are we having problems?' or, 'Are all our machines protected?' I'd almost have to walk around and check all our machines.

"I like the centralized console [because it allows the user] to see the status of what's happening."

Directions on Microsoft uses about 30 computers. Still, Cherry said, he doesn't even like to walk around to five systems. "We use SMS to distribute patches because we don't want to be bothered with it," he said. "Our goal is to not touch desktops. There's no value in going to each desktop."

Cherry said what he likes about the technology is when he starts it up and goes online to the console, he can see, even from home, how things are running. "Right away on the main screen ... I can see there are no machines reporting issues, and 100 percent of the machines are reporting. I can get a report from PCs, get a report of malware being detected, see what's the state of getting service out to various machines. It's all managed by policy. One policy whereby analysts can change parameters, but other people in the office [can't]. We don't give them the ability to run a scan or change scanning parameters.

"It's just an incredible amount of flexibility," he said. "Because it stores all the data in [Microsoft's SQL Server database] and it uses Report Writer, you can pretty much get all the reports you need."

During his keynote, Muglia announced that Forefront Client Security had already achieved West Coast Labs Checkmark certification. Microsoft claims that the certification is "a leading global standard that certifies information security products to real-world standards."

Microsoft's new security competitors don't appear impressed. Symantec went tit-for-tat with Microsoft's announcement, sending out its rationale for why Microsoft's security products aren't up to snuff.

"From what Microsoft has said publicly, Forefront Client Security is based off the same anti-virus and anti-spyware technology as its OneCare product," the company said in a statement. "OneCare has failed multiple third-party anti-virus tests, including the latest Virus Bulletin, which is widely considered the benchmark test for AV engines."

OneCare did, in fact, receive the lowest score on's test of 17 products for detecting viruses, macros, worms and scripts; backdoors, Trojans and other malware; and a third category, combining the results of the first two.

Arakawa dismissed OneCare's poor showing on a number of fronts. First, she said, OneCare is a PC health service, not a security product.

Second, she said, the myriad tests such as's don't matter to the industry—rather, what matters are the two standards for certification that OneCare has in fact passed: West Coast Labs and ICSA Labs.

"Windows Live OneCare has received those every single month for the last two years," she said. "Forefront Client Security has also been certified by West Coast Labs and is well on its way to getting ICSA certification.

"There are probably 1,000 different tests in the market for AV signatures," she said. "The reason we focus on those two certifications is that [when] the national safety transportation board that tests cars, each car has to go through a car test rating. It's the exact same test administered for every car: It's done at the same speed, and the car hits the same crash test dummy. It's an incredible base test for all autos to go through.

" ... [With] A lot of tests, particularly with malware, each organization can decide, well, I'll go into a car doing 80 mph and go into a pool, while another will go 20 mph into a sidewalk. ... The industry focuses on these two: for every test, ours or any other products in the world," the conditions are the same, she said.

Quibbling about test worthiness aside, whether customers care about certification is another matter altogether.

"One thing that's happening is that the criteria [are] changing," Cherry said. "The criteria may not be how good signature files are in the future. Frankly, they're not that far off from each other [as it is]. [The other companies who participated in the tests that OneCare flunked] didn't do so well themselves in those tests.

"There's not going to be a lot of differentiation in signature files much longer," Cherry said. "Two things it's going to come down to [are] how easy [a security product] is to manage and how easy the company is to do business with. And there, for the last little while I've been looking at getting [a security product] from a variety of vendors, and just their Web sites [alone are a mess], and if you have money and want to give them an order, even getting money into their hands is hard. I had a terrible time with one company recently. I kept buying [a product online], and I couldn't get the key to unlock it. And the support people wouldn't talk to me because I didn't have a product key."

What's going to matter more than 100 percent accurate signature files is going to be manageability, he said, and how easy vendors can make it for a customer to work with them.

"Look, in my particular situation, [the most important thing] is the ability to centrally manage," Cherry said. "And so it isn't so much that it's from Microsoft as it's a product that lets me do that."

Forefront Client Security is licensed on a per-user, per-device basis, starting at $12.72 per user or device and per year for the security agent, and at $2,468 per year for the management console. The product is available for purchase today as part of the Microsoft Enterprise Client Access License suite via Microsoft Volume Licensing, and will be available as a stand-alone product in July via standard Microsoft volume licensing channels.

Microsoft System Center Essentials is offered as a management server with built-in support to manage 50 clients and 10 servers starting at $2,000. Customers can add up to 500 clients in increments of 20 or five MLs (Management Licenses), priced at $400 and $100 respectively, and up to 30 servers in increments of five and one ML, priced at $500 and $100 respectively. The product will be available in July via standard Microsoft volume licensing and retail channels. All prices are U.S. estimated retail prices.