Microsoft Details Security Upgrade For Exchange

Microsoft Chief Software Architect Bill Gates outlined on Wednesday upcoming enhancements to Exchange Server that are designed to better protect mail servers deployed at the edge of enterprise environments from

February 25, 2004

4 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Microsoft Chief Software Architect Bill Gates outlined on Wednesday upcoming enhancements to Exchange Server that are designed to better protect mail servers deployed at the edge of enterprise environments from spam and viruses.

The upgrade, which goes by the name of Exchange Edge Services, will feature an enhancement to the Simple Mail Transfer Protocol (SMTP) Message Transfer Agent (MTA), or "relay" software within Exchange to put up an SMTP firewall between the enterprise's internal e-mail system and the Internet.

When it rolls out in 2005 -- one analyst expects to see it in about a year from now -- Exchange Edge Services will filter spam and offensive content, block viruses, reject messages from specified SMTP addresses (in a "blacklist"-style method), and verify sender addresses. Some of the functions will be integral to Edge Services, while others are expected to be provided by third-party security vendors using a newly-developed set of application programming interfaces, or APIs, that Microsoft will make available.

"The viability of e-mail as we know it is threatened by the constant deluge of information that companies receive daily and hourly. Exchange Edge Services will be a comprehensive way for customers to better protect their Exchange e-mail infrastructure and improve the efficiency of the handling of the tremendous amounts of incoming and outgoing e-mail traffic," said Paul Flessner, Microsoft's senior vice president of its server platform division in a statement from the RSA Conference, where Microsoft touted Exchange Edge Services.

Exchange Edge Services will integrate Microsoft's current anti-spam effort, dubbed Exchange Intelligent Message Filter, which although announced in November, 2003, has not yet been released. Down the road, Gates promised, Edge Services will also implement the Caller ID anti-spam specification, a new e-mail authentication concept that Microsoft also unveiled Wednesday at the conference.According to Richi Jennings, an analyst with Ferris Research, which specializes in enterprise messaging issues, Microsoft's trying to kill two birds with one stone. Not only does the company want to be seen as doing something to stem the flood of security problems enterprises have faced of late -- many of them, such as MyDoom and Sobig, delivered via e-mail -- but they see a market opportunity.

"I don't think Microsoft is doing this just to grease a squeaky [security] wheel," said Jennings.

Nor does he think that the debut of Exchange Edge Services will an end-all, be-all solution for businesses.

"Exchange is simply not built with hardened code designed to be used at the boundary, it's not designed to withstand attacks," Jennings said. "And Edge Services is not going to be competitive with existing software and appliance-based SMTP firewall products from the likes of, say, Cisco. Not in version 1.0 anyway."

The introduction of Edge Services will be most appreciated, said Jennings, by companies that strive to be 100 percent Microsoft shops. "Those companies are often the ones who say, 'it's good enough,' and are not comfortable running, for instance, Sendmail as an edge mail server." Sendmail, he went on to add, offers better protection against threats trying to breach the enterprise, but is also more difficult for many organizations to administer, since they have little expertise with the server. "That's a disaster waiting to happen."But the biggest news in the Exchange Edge Services announcement is the threat it poses to existing security vendors which sell firewall, anti-spam, and anti-virus solutions to protect mail servers and filter junk mail and malicious code from incoming messages.

"This really does signify a change in the anti-spam and anti-virus market," he said.

Jennings used the analogy of the disk defragmentation business, which while once booming, virtually vanished when Microsoft included a basic defrag utility within Windows. "There are a lot of people who don't see the benefit of paying more for a better product," he said, noting that this will play to Microsoft's advantage.

Third-party security vendors will have to react to Edge Services, he said, by using the APIs to integrate new releases with Microsoft's offering, and if they're going to be ready when Microsoft releases it next year, they'll have to get going ASAP.

"Vendors are going to have to adapt or they'll see a significant loss of their market."Although several Microsoft partners in the security market, including Symantec, Brightmail, Panda, and Network Associates -- "you'd expect them to, wouldn't you?" retorted Jennings -- one firewall vendor blasted Microsoft.

"Zone Labs believes Microsoft is providing a disservice to its customers by letting them think they're secure," a company spokesperson said in an e-mailed statement. "We all know that a false sense of security can be more dangerous than no security at all. A first-generation firewall does not offer adequate protection."

Read more about:

2004
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights