A year ago at the RSA Security conference, Microsoft Corp. mapped out its Windows security road map. Some company watchers are speculating Microsoft will use next weeks RSA confab to provide an update on its progress, and, specifically, to detail its behavioral-blocking technology, code-named Mako.
Microsoft officials at RSA 2004 said that the company was planning to deliver a family of “Active Protection” technologies to complement the Windows XP Service Pack 2 Windows release, which Microsoft rolled out in August 2004.
Microsoft officials said a year ago they were developing three buckets of Active Protection technologies that would run across Windows desktops and servers. The three groups, as outlined by Microsoft, are:
- Dynamic-systems-protection technologies, designed to monitor changes in machine state, and which will automatically open and shut ports to lock down systems.
- Behavioral-blocking technologies, which are esigned to limit the impact of worms and viruses by blocking risky user behaviors (like clicking on a random .exe file sent via e-mail).
- Application-aware firewall and intrusion-prevention technologies, which will push the security settings in the existing Windows firewall a step further.
Originally, Microsoft planned to roll the three groups of Active Protection technologies into its Longhorn Windows client, which is slated for delivery in 2006.
But a few months after the RSA security show, Microsofts Security and Technology Business Unit Corporate Vice President Mike Nash acknowledged that his team wasnt waiting for Longhorn, and, instead, would roll out each group of Active Protection solutions as soon as it was ready.
The first of the Active Protection technologies likely to go live, Nash told Microsoft Watch last spring, was behavioral blocking.
Security sources close to Microsoft said that Microsoft is using the “Mako” code name to refer to these behavioral-blocking technologies.