Security Advisor

Microsoft at Your Service

Joern takes a look at Microsoft's new Live security services.

Microsoft’s latest foray into offering IT services to supplement its packaged software portfolio has reached the security arena. This month, we’ll review what’s available today and provide a glimpse of what you can expect both from services and packaged security solutions coming out of Redmond later this year.

It’s Live!
You’ve undoubtedly heard of Microsoft’s announced push into managed services, including associated Web sites such as Windows Live and Office Live. When Windows Live started, it looked like little more than some new glue to hold together existing online applications and services like MSN Messenger and Microsoft Search. Since that disappointing start, Microsoft has added more features to Windows Live, and one of the more interesting ones is the Windows Live Safety Center, currently in beta.

The Safety Center is an interesting concept. Its goal is to relieve you from having to worry about installing and updating your anti-virus and anti-spyware software, and from manually performing various cleanup and maintenance tasks on your computer. Instead, the Safety Center gives you an online application that does all of this by running a single application from the Windows Live site. You still have to install a small scanning plugin on your computer, but once that’s done you just need to run virus and maintenance scans from the Windows Live site.

Microsoft may just get the many home users who never update virus signatures or perform other security maintenance tasks to visit this Web site once a month to check their computers for malicious software. At the same time, users can have the Safety Center perform a number of cleanup and tune-up tasks.

The main advantage of this Microsoft offering is that it’s easy to use. Microsoft takes care of all signature and scanning engine updates for you; all you have to do is run the tool about once a month. It’s been done by other security vendors since the 1990s, most notably Norton AntiVirus, but at least Microsoft’s come on board. This isn’t a solution you’d see in a corporate environment, but if it helps reduce the number of infected computers that threaten everyone on the Internet, we all benefit.

Protection by Subscription
The Windows Live Safety Center is an interesting concept, but it doesn’t provide continuous protection. Another new product, Windows OneCare Live, takes care of that. OneCare runs in the background to work in real time, just like any other anti-virus package.

Like more established security products, it goes beyond virus protection and adds a personal firewall -- one more capable than Windows XP’s built-in version. Additional OneCare features include backup, background disk defragmentation and cleanup. It integrates with Microsoft Update to ensure that your computer always has the latest security updates.

Even more importantly, it can update itself. With OneCare you no longer have to worry about keeping your computer secure; Microsoft will do all the work for you. Whether this concept will work is still unknown. Will customers trust Microsoft to keep their computers secure? More critical for Microsoft will be how its customer will feel about paying a monthly or yearly fee for such a service. Starting in June Microsoft will charge for an annual subscription, but until then the free beta period will continue.

So many choices.
[Click on image for larger view.]
Figure 1. Choosing Scanning Options in the Windows Live Safety Center.

Windows Defender, Microsoft’s anti-spyware product, is also currently in beta. Built on the technology acquired when it bought security vendor GIANT Software last year, the current beta version has a clean interface and is extremely easy to set up and use. It looks a lot like OneCare, and I wouldn’t be surprised if these products will be combined before they hit the market later this year.

I’ve been using the Windows Defender beta for several months now and it appears to be working very well. However, one big complaint is that it doesn’t detect or alert you about tracking cookies, which could allow someone to reconstruct some of your Web surfing habits. There are legitimate uses for tracking cookies, and Microsoft has valid arguments for not flagging them in Windows Defender. But if you’re concerned about these cookies, you’ll have to use something else for spyware scanning, unless Microsoft makes some changes to Windows Defender.

Taking It to the Enterprise
Windows Defender, Windows Live OneCare and Windows Live Safety Center look like promising products for consumers, but just like Microsoft Update they lack the manageability features required for the enterprise. To that end, Microsoft has also been working on developing security services for companies.

Last year it purchased FrontBridge, which has been offering a number of interesting hosted e-mail security services. Among them: spam and virus filtering, encryption, archiving and robust e-mail access that works even if the mail server is unavailable. To provide these features, FrontBridge maintains several large data centers through which all customer e-mail is routed.

By consolidating e-mail delivery and archiving for a large number of customers, FrontBridge can provide much better e-mail reliability and higher accuracy rates for spam and virus detection than most companies can hope to achieve. FrontBridge customers still run their own mail servers, but they outsource part of their infrastructure.

By the time you read this, Microsoft will have completed a major phase of integrating FrontBridge into the Exchange product group, and the services will have been renamed using the “Exchange Hosted” label. As Microsoft integrates FrontBridge even closer with Microsoft Exchange and invests in expanding its services, it should become even more appealing to anyone considering using hosted services for messaging security.

A Big Mystery
Microsoft plans to roll out another enterprise security product, Microsoft Client Protection, later this year. A protection suite for corporate client computers, Microsoft has been unusually quiet about the details of Microsoft Client Protection. Still, the outlines appear obvious. Microsoft Client Protection will protect businesses against malware, such as viruses and spyware.

At its core, this protection should be very similar to that offered by Windows Live OneCare and Windows Defender. However, how the protection is provided will be very different.

Nice and simple.
[Click on image for larger view.]
Figure 2. Window Defender presents a clean, uncluttered interface.

Just like Microsoft Update, Microsoft’s other consumer products shield users from having to configure security for their computers, while offering limited settings that users can change. Microsoft’s software update tools for companies, Windows Server Update Services (WSUS) and Microsoft Systems Management Server (SMS), don’t allow end users to make any changes. Instead, IT administrators centrally configure the manner in which client computers are updated. You should expect Microsoft Client Protection to take a similar approach.

I expect the final product to provide similar functionality to the consumer products, while being highly manageable for corporations. Microsoft has made it very clear that Microsoft Client Protection will integrate with existing Microsoft management products, so it will undoubtedly work with Active Directory to centrally assign protection settings to client computers and users.

Microsoft Operations Manager (MOM) will most likely be used to centrally collect information about virus outbreaks and other events on client computers. Of course, SQL Server will be used to store much of the client information. If Microsoft continues previous patterns, you may be able to use the personal edition for SQL, but larger companies will want to use a more powerful version of SQL Server.

Get Ready for It!
Until Microsoft Client Protection becomes available to a broader audience with a beta, we won’t know whether it will be able to compete with client protection products from other vendors. That said, if Microsoft delivers a product with comprehensive protection features and easy management, any organization with an extensive Windows infrastructure will want to test and evaluate it.

Microsoft Client Protection could turn out to be a blockbuster if Microsoft is successful at building a reputation for the protection program during its first year of existence. On the other hand, if the product comes up short -- whether it’s missing key features or faltering in its protection capabilities -- Microsoft won’t gain significant market share. No matter how this develops, though, you won’t be able to ignore Microsoft Client Protection. I highly recommend following the development of this product and planning for early testing as soon as a beta is out.

More Information

You can find out more about the security products and services discussed in this article in the following locations:

  • Windows Live Safety Center
    Take it for an online spin here.
  • Windows OneCare Live
    Sign up for the beta.
  • Windows Defender
    Download Beta 2 for free.
  • FrontBridge
    Read about FrontBridge hosted services.
  • Microsoft Client Protection
    To register for the upcoming beta and to read about the product as Microsoft posts more information, go here.

About the Author

Joern Wettern, Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions, a consulting and training firm. He has written books and developed training courses on a number of networking and security topics. In addition to helping companies implement network security solutions, he regularly teaches seminars and speaks at conferences worldwide.


comments powered by Disqus

Subscribe on YouTube