Microsoft Forefront Client Security

Back in 2003, Microsoft unoffically notified the world of their intention to venture into the world of anti-virus and anti-malware solutions by buying out Romania-based antivirus firm GeCad.  The world waited but nothing happened.  Then Microsoft bough Giant, an anti-spyware provider.  We waited and then got a limited functionality product called Defender that has been in a never ending beta.  More recently, Microsoft bought out Sybari, the famed e-mail anti-malware solutions provider.  This past July, Microsoft Antigen 9.0 made its debut.  Antigen for Exchange featured a new anti-virus engine that had not ben seen before, one from Microsoft!

Details of what Microsoft was doing on the server and desktop anti-malware world slipped out here and there.  They were definitely developing a solution.  It was rumoured that Windows Update and/or WSUS could be a deployment mechanism, something that many would like as it would simplify deployment systems.

Microsoft recently announced the start of the public beta of Microsoft Forefront Client Security saying that it would provide:

"Unified malware protection for business desktops, laptops, and server operating systems that is easier to manage and control. Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats, such as spyware and rootkits, as well as against traditional threats, such as viruses, worms, and Trojan horses. By delivering simplified administration through central management and providing critical visibility into threats and vulnerabilities, Forefront Client Security helps you protect your business with greater confidence and efficiency. Forefront Client Security integrates with your existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for better protection and greater control.

Forefront Client Security is currently in development. Microsoft plans to make a public beta of the product available to customers in the fourth quarter of 2006. Pricing and licensing will be announced at a later date.

The benefits offered by Microsoft Forefront Client Security include:

  • Unified Protection: Forefront Client Security delivers unified protection from current and emerging malware, so you can feel confident that your business systems are better protected against a broad range of threats.
  • Simplified Administration: Forefront Client Security provides simplified administration through central management, so you can protect your business with greater efficiency.
  • Critical Visibility and Control: Forefront Client Security produces insightful, prioritized security reports and a summary dashboard view, so you have visibility and control over malware threats".

The solution includes anti-virus and anti-spam prevention mechanisms and mangement.  Based purely on description, this looks like Microsoft will jump straight into competition with Spohos, a leader in this field.  It will be interesting to monitor how things develop.

Best of MMS TechNet Roadshow – Dublin

Microsoft TechNet Ireland has just started advertising a free day of briefings on some of the new System Center products including those available now and those that are coming next year.  It will basically consist of some of a main sessions from the MMS conference that was held earlier this year in the U.S.

This TechNet event will be a very technical covering the following topics:

  • Optimising your infrastructure with Microsoft System Centre
  • MOM 2005 and System Centre Operations Manager 2007 technical drilldown
  • SMS 2003 R2 and System Centre Configuration Manager 2007 technical drilldown
  • Operations Management with System Centre Products
  • Protecting your data with Systems Centre Data Protection Manager

Sessions will cover one or more of the following scopes on a specific topic:

  • Deep drill technical drilldown into current or future of the products and technologies
  • Best practices for common real-world scenarios covering the lifecycle of solutions
  • Comparisons between different solutions available – such as SMS and WSUS patch management
  • Real-world experience (‘Tips and Tricks’) from Microsoft and non-Microsoft consultants and customers

WinRE – Windows Recovery Environment

A new team blog has been launched by Microsoft.  WinRE is a derivative of WinPE and is intended as a replacement for the Recovery Console.  We’ll see it "live" for the first time with Windows Vista.  MS says:

"WinRE provides two main functionalities:

  1. Automatic diagnosis and repair of boot problems using a tool called Startup Repair.
  2. A centralized platform for advanced recovery tools".

WinRE is included on the Windows Vista RC1 DVD image.

Virgin Bans “Exploding” Laptops

ENN is reporting that  Virgin Airlines is taking steps to ban the inflight use of most Dell and Apple laptops after the recent spate of exploding batteries that was followed by a recall.  Quantas and Korean Air have already done this.  Virgin is allowing up to 2 individually wrapped batteries to be carried but they cannot be put to use.

Given how rare these "explosions" have been, this seems like overkill.  Next they’ll be banning water on flights … oh!

Windows Vista Security Guide

Windows Vista is coming.  You can live in denial all you want but change is on the way.  Vista features lots of changes: h/w requirements, user interface, deployment, but most of all, the biggest changes seem to be in the security features and functionality. My gut is telling me that most organisations will be slow to adopt Vista due to the amount of change and the costs of purchasing new hardware.  But I do see it prematurely making it’s way into networks for a few reasons:

  • OEM Licensing: Organisations with OEM desktop licensing will start seeing Vista as an OS option from January onwards.  I doubt it will take long for MS to withdraw Windows XP as an option. 
  • Some applications will have an OS dependency.  Some cutting edge business applications may take advantage of new features available to programmers.
  • Windows Vista is chock full of new security features.  This may make it a candidate for complete or targeted deployment by security planners.  One feature likely to draw attention is BitLocker, a login integrated, complete disk encryption solution that makes us of TPM architecture for secure key storage.  BitLocker is a feature of Windows Vista Enterprise which is only available to Software Assurance customers.

January isn’t far away so proactive administrators and consultants should be making plans now.  Part of this is understanding the security implications associated with Windows Vista.  You can download a beta release of the Windows Vista Security Guide from Microsoft’s Connect web site.

MOM 2005 Management Pack for ISA

A new (version 2.0) management pack for ISA 2000/2004/2006 is avaiable for download.  Microsoft’s comments are:

"The ISA Server Management Pack monitors ISA Server events and alerts for all ISA Server versions (2000, 2004 and 2006). With detailed alert information you can quickly identify and troubleshoot ISA Server issues, minimizing time-to-resolution when problems occur. Collect and analyze performance trends and metrics. Performance information allows you to manage bottlenecks, identify capacity requirements, and proactively manage your ISA Server configuration to resolve issues before problems occur"

PubForum Amsterdam

If you are into or working with Microsoft Terminal Services or any of the Server Based Computing (SBC aka "thin client") solutions out there, I’d highly recommend that you attend PubFourm Amsterdam, starting on 2/11/2006.  The name correctly suggests that the the social side of things is good fun (don’t try to keep up with those crazy Swedes!)   It’s a small conference with about 50-100 Level 400 types there.  Presentations are by these folks and some of the major players in the industry of server based computing.  At €215 for 4 days, you will not be able to say you did not get value for money.

I attended it earlier this year in Brussels for the first time not having the highest of hopes.  I was greatly surprised and my eyes were opened.  I like 99% of people in IT, when I thought of SBC and getting it to really work I always thought of Citrix.  I assumed that Citrix was the only player.  Anyone who has deployed Citrix knows that licensing costs an absolute fortune.  You’ve also probably had problems with printing (especially over WAN links) and with user profiles.  I was stunned to see how alternative and widely adopted solutions that sit on top of Terminal Services can solve these cost and functional problems.  We also had indepth sessions from the folks in Citrix and a sneak (secretive) peak at Terminal Services on Windows Longhorn. 

The conference is great fo getting questions answered, making contacts and learning about what alternatives there are and what is in the pipeline.  The low costs are there to cover costs and the conference is as good as those who attend.

Some interesting topics are being discussed this year.  One of Microsoft’s newest acquistions, Softricity, is on the card.  This applicaiton virtualisation solution, SoftGrid, is not only an ideal and simple way to rapidly deploy applications to the desktop but also to Terminal Servers.  I’d also recommend the session on Propalms.  This is the successor to Tarantella, a Citrix alternative.  I spent some time with 2 of their people in Brussels.   They were very excited about this feature rich and economic solution.  I’m hoping I get to spend some time looking at a demo copy they gave me that I unfortunately have not had time to try out.

The social side of the conference aint bad either 🙂

Windows Time And The W32TM Service

Nathan Winters, a MS infrastructure pro, has an article on the TechNet blogs site that goes into great detail on how time works and is synchronised in a Microsoft Active Directory network.  It’s a good read and goes into all sorts of detail.  I doubt you’ll have any questions after reading it.

Windows Time is critical for the correct functioning of the Kerberos protocol which is the primary authentication and authorisation method used in an Active Directory environment.  Many of these problems I’ve encountered have been a result of time not being syncronised.  Speaking of which, I’m usually surprised by how few people realise that there already is a synchronisation mechanism running in an AD environment.  So stop shopping for a third party clock synch product and read this article an you will understand how time synch in AD works, how to configure it and how to troubleshoot it.

ISA 2006 – Better Than ISA 2000/2004?

ISA 2004 was a considerable improvement over ISA 2000.  It was more secure, feature rich and much easier to configure.  I find it funny now that I had trouble getting used to how easy it was to configure 2004 as opposed to 2000.

ISAServer.org posted an article on why you should consider ISA 2006 and why it is better than ISA 2000/2004.  Given how quickly it followed the 2004 release, I wouldn’t have thought there was much time to make signifcant improvements.  Microsoft proved me wrong.  It’s a good read and anyone using or considering ISA should give it a read.  It would appear that ISA 2006 provides the most benifit to anyone using it to publish function rich web services thanks to new features such as:

  • Web Farm Load Balancing.
  • Forms-based authentication support for all Web Publishing Rules.
  • Kerberos Constrained Delegation.