Microsoft Dives into Desktop Security

Review: However, Forefront Client Security delivers only on some of its promises.

Forefront Client Security, Microsofts initial foray into enterprise desktop security, holds out the promise of anti-virus and anti-spyware detection and cleaning services that integrate tightly in companies existing network infrastructure and provide superior visibility into, and reporting around, these ongoing processes. However, eWEEK Labs tests indicate that at this time, FCS delivers only on some of these promises.

In particular, we found that while FCS meets the base-line requirements for an enterprise security solution, the case for FCS will sound sweetest when preached to an end-to-end Microsoft infrastructure choir.

FCS is designed to fully capitalize on Microsofts burgeoning portfolio of management and reporting solutions, at least theoretically easing management through the use of existing systems. FCS relies on Active Directory for policy deployment, WSUS (Windows Server Update Services) 2.0 or later for signature and software deployment, and MOM (Microsoft Operations Manager) 2005 for client monitoring and alerting. In addition, FCS requires a full-blown version of SQL Server (rather than MSDE or SQL Server Express) to provide robust reporting and data collection services.

Companies with a heavy investment in Active Directory Group Policy and in WSUS should find FCS a cozy match for their environments. However, companies that have deployed third-party management or patching alternatives might be better off giving FCS a pass, as the product totes with it a plethora of potentially redundant systems.

/zimages/6/28571.gifEmerging players offer advances that stagnant anti-virus incumbents lack. Click here to read more.

Whats more, we found that FCS detection capabilities still have a ways to go before they match the performance of more entrenched anti-virus players. For instance, we were unimpressed with FCS detection rates and discovered some isolated incompatibilities that could hamper the FCS testing process. Even from a management perspective, we were taken aback by how many application consoles we needed to consult while operating and maintaining an FCS deployment.

Another drawback is that FCS client support is more limited than wed like. FCS can be installed on Windows XP Service Pack 2, Windows Vista or Windows 2003 but does not work with Windows 2000 or earlier operating systems.


However, from a visibility standpoint, FCS scored well with us. We appreciated the way its modular design helped set apart the products excellent reporting capabilities from its data collection and policy deployment functions, thereby keeping information flowing even while our test network was under attack. According to customers we consulted during our review, Microsofts FCS support services also shine, exceeding customer expectations in helping decipher, detect and clean previously unknown infections and outbreaks.

Solid reporting and helpful customer service aside, FCS has significant hurdles to clear to diffuse negative public perceptions that began to take root before the product was even released, due to the fact FCS is based on the same underlying technology as Microsofts much-maligned, consumer-grade Windows OneCare Live. Earlier this year, OneCare Live suffered a series of public blunders, performing poorly on several independent malware detection tests and, worse, incorrectly quarantining entire mail stores rather than individual messages or attachments. Competitors such as Symantec have not been shy about calling Microsoft to the mat for these failings.

Microsoft is working diligently to remedy this image problem by gaining certifications from respected anti-virus research groups. FCS has already garnered West Coast Labs Checkmark certifications for wild list virus detection; wild list cleaning; and Trojan defenses on Windows XP, 2003, 2000 and Vista-based systems. FCS is also undergoing certification from ICSA Labs, which has already given clearance to OneCare Live.

Pricing for FCS, which started shipping in May, is based on a subscription model, with recurring charges for both the client and central management components, but no upfront cash outlay. Client agent prices start at $1.06 per user (or per device) per month, while the Security Management Console component costs $206 per month. Volume discounts are also available. Considering that the Security Management Console licensing fee includes the costs of SQL Server 2005 and MOM 2005, we found the pricing to be more than competitive. The licenses for these components, however, are restricted to use solely with FCS.

Next Page: Management.