Microsofts Forefront Only Partially Delivers the Goods

Review: eWEEK Labs found that Microsoft's new Forefront Client Security package meets only the baseline requirements for an enterprise security solution.

Forefront Client Security marks Microsofts initial foray into enterprise desktop security, and the product holds out the promise of anti-virus and anti-spyware detection and cleaning services that both integrate tightly in companies existing network infrastructure and provide superior visibility into and reporting around these ongoing processes.

However, eWEEK Labs tests indicate that at this time, FCS only delivers on some of these promises.

In particular, eWEEK Labs found that while Microsofts new offering meets the baseline requirements for an enterprise security solution, the case for FCS will sound most sweet when preached to an end-to-end Microsoft infrastructure choir.

FCS is designed to fully capitalize on Microsofts burgeoning portfolio of management and reporting solutions, at least theoretically easing management through the use of existing systems. FCS relies on Active Directory for policy deployment, WSUS (Windows Server Update services) 2.0 or later for signature and software deployment, and MOM (Microsoft Operations Manager) 2005 for client monitoring and alerting.

Also, FCS requires a full blown version of SQL Server (rather than MSDE or SQL Server Express) to provide robust reporting and data collection services.

Companies with a heavy investment in Active Directory Group Policy and in WSUS should find FCS a cozy match for their environments. However, companies that have deployed third-party management or patching alternatives might be better off giving FCS a pass, as the product totes with it a plethora of potentially redundant systems.

Whats more, we found in our tests that FCS detection capabilities still have a ways to go before they match the performance of more entrenched anti-virus players. For instance, we were not impressed with FCS detection rates and we discovered some isolated incompatibilities that could hamper the FCS testing process. Even from a management perspective, we were taken aback by how many different application consoles we needed to consult while operating and maintaining a FCS deployment.

Another drawback to FCS is that its client support is more limited then wed like. Forefront can be installed on Windows XP with SP2, Windows Vista or Windows 2003, but does not work with Windows 2000 (or earlier operating systems).

However, from a visibility standpoint, Microsofts FCS scored well with us. We appreciated the way that FCS modular design helped set apart the products excellent reporting capabilities from its data collection and policy deployment functions, thereby keeping information flowing even while our test network was under attack.

According to customers we consulted during our review, Microsofts support services for FCS also shine, exceeding customer expectations in helping decipher, detect and clean previously unknown infections and outbreaks.

But solid reporting and helpful customer service aside, FCS has significant hurdles to clear to diffuse negative public perceptions that began to take root before the product was even released, due to the fact that FCS is based on the same underlying technology as Microsofts much maligned, consumer-grade Windows OneCare Live.

Earlier this year, OneCare Live suffered a series of public blunders, performing poorly on several independent malware detection tests and, worse, incorrectly quarantining entire mail stores rather than individual messages or attachments. Competitors like Symantec have not been shy about calling Microsoft to the mat for these failings.

Microsoft is working diligently to remedy this image problem by gaining certifications from respected anti-virus research groups. Forefront Client Security has already garnered West Coast Labs Checkmark certifications for wild list virus detection, wild list cleaning and Trojan defenses on Windows XP, 2003, 2000 and Vista-based systems. FCS is also undergoing the certification from ICSA Labs, which has already given clearance to OneCare Live.

Pricing for Forefront Client Security, which started shipping this month (May), is based on a subscription model, with recurring charges for both the client and central management components, but no upfront cash outlay.

Next Page: Management features fail to impress.