Microsoft Preps Managed Client Security for Corporations - 19 Oct 2005


Almost a year ago, when Microsoft purchased GIANT Company Software for its excellent antispyware package, Microsoft promised that it would use the technology as the basis for a subscription-based offering for enterprises. Last week, the software giant provided more details about this product. Dubbed Microsoft Client Protection, this offering will combine antispyware technology from GIANT and antivirus technology from GeCad Software, an earlier acquisition.

"We've heard some pretty consistent concerns from \[our business\] customers," Paul Bryan, the director of product management for the enterprise access and security products division at Microsoft told me during a recent briefing. "First, they are lacking solutions for effective centrally managed malware protection. They want fewer security products to manage. And they want better visibility into the security state of their environments."

Client Protection seeks to answer these concerns. Using technology from its GIANT and GeCad acquisitions, Microsoft has created a unified anti-malware engine that will combat the types of electronic threats we face today--spyware, rootkits, and traditional viruses--as well as emerging malware threats. If you've heard about Microsoft's consumer-oriented anti-malware service, Windows OneCare Live (which is currently in beta), you'll be interested to know that these products share similar underlying capabilities. However, they're completely different products. Whereas OneCare Live will be a hands-off subscription service for consumers, Client Protection will be highly manageable and targeted at Active Directory (AD)-based managed environments.

What does this mean, exactly? In addition to the expected management consoles and client access features, Client Protection will be designed specifically for busy IT staffs. "People want to spend less time dealing with malware," Bryan remarked. So the product will feature reports and alerts but not so many as to overwhelm administrators. "We're not going to spam administrators with a litany of reports \[by default\]," Bryan said. Instead, the product will provide information on which situations needs action, along with current status and trends. "Some malware is unwanted or annoying, but most people don't need to know about that stuff," Bryan added. "But some malware is truly malicious. Administrators will want to know \[when that type of attack crops up\]."

Being a Microsoft product, Client Protection will take advantage of the technologies you probably already use and won't require you to redesign your environment. It will integrate with Active Directory (AD) and Group Policy and will use virtually any software distribution system. But it uses Windows Server Update Services (WSUS) if you don't already have a software distribution system in place.

Microsoft will make a beta version of Client Protection available to selected customers by the end of the year. And the company expects to ship the final version in the first half of 2006. The product will require Windows Server 2003 Service Pack 1 (SP1) or Windows 2000 Server with SP4 on the server and can protect Win2K SP4 and Windows XP SP2 clients, as well as Windows 2003 SP1 file servers. In the future, Client Protection will support both Windows Vista and Longhorn Server as well.

Microsoft hasn't finalized pricing or licensing, but the company previously said that it expected to make this service available to customers as a subscription-type offering. That is, it will not be free as is Windows AntiSpyware, the unmanaged, client-based antispyware solution that the company has been offering in beta form since January 2005. Speaking of which, several readers have asked me why that product is still in beta. Bryan told me that the company has been doing a lot of work behind the scenes to prep Windows AntiSpyware for its production release. "The technologies in there were not of the foundational quality we needed," he said. "We wanted to build it out to the point where it doesn't have to be run in admin mode, for example, and we're using components from that product across different offerings, \[Separately, other sources have told me that this technology will be included in Windows Vista, for example.\] Today, the product is solid enough to address many spyware issues and is flexible enough for emerging issues. But we're building it with the quality customers expect from Microsoft products." Bryan wouldn't speculate when Windows AntiSpyware would be finalized.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish