Microsoft make security magic

Back in 2005, Microsoft bought an anti-virus company called Sybari to, as this ComputerWorld article put it, “give them more of a presence in the enterprise security market”. They rcontinued with the “Antigen” line and had variants for Exchange, SharePoint etc. and used multiple different scanning engines including Norman, Sophos, Kaspersky, and Computer Associates (CA).

I was a reseller at this point, focused primarily on software. It’s going back quite a while now to be fair but I remember it as being very difficult to sell it, or even to have a proper conversation about it. Those were the days of security dominance by Mcafee, Symantec, and CA eTrust – and Microsoft were not taken seriously when it came to security.

Alongside this, they also had “Internet Security & Acceleration (ISA) Server” and “Intelligent Application Gateway (IAG)”. The former subsequently became “Threat Management Gateway (TMG)” and the latter, “Unified Application Gateway (UAG)”. I remember ISA/TMG being relatively successful, certainly more so than the desktop anti-virus, and I also remember being surprised when Microsoft turned TMG 2010 End of Life with no replacement! We had a range of customers who had been using it for years and, as it covered firewall, router, VPN, web cache and more, it had become quite integral to their server side setup; Microsoft choosing not to replace it definitely led to some negative sentiment among organisations! They announced in 2012 that there’d be no further development and it would no longer be available to buy from the end of that year – although it is still in mainstream support until 2020! If you’re still running TMG 2010, I’d love to hear from you! 😁

Regardless of the product and its capabilities though, there was still a lot of anti-Microsoft sentiment, distrust, and cynicism stemming from the various legal cases of the late 90’s/early 00’s – and this seemed particularly strong in the security space.

All this is to show how far Microsoft have come in the security space in this 14 year period. Now, in Gartner’s latest Magic Quadrant for Endpoint Protection Platforms, they are top for “ability to execute” and 2nd (behind CrowdStrike) for “completeness of vision”.

For them to be so far ahead of established security players like Sophos, Trend Micro, and Symantec is fascinating. Gartner state that Windows Defender Antivirus is the market share leader for business endpoints – quite the turnaround! It’s clear the work Microsoft has been doing around Microsoft Defender Advanced Threat Protection (MDATP) (formerly WDATP) is paying off. Among the “cautions” mentioned by Gartner are:

  • Licensing is difficult to navigate
  • Windows 10 E5 is more expensive than competitive offerings
  • The MDATP features aren’t all available on Windows 7/8
  • No support for XP
  • Group Policy settings can be complex

Nothing too major there really, certainly not compared to many of the other participants. As we move towards 2020, Microsoft’s security game is strong. Not just on the desktop but it so many other areas, some of the cloud security and information protection products seem really good and innovative in numerous areas. I think it’s safe to say that Microsoft are a security company now – as well as everything else!

Check out the Microsoft post here –


Microsoft Windows InTune: Computers Overview


This is the second screen in the Windows InTune Console:


On the left you can see a list of all the computer groups that I’ve created. These machines are on 3 different networks but they all appear in this one central view, which makes administration very easy!

Selecting a group on the left takes you into a new view where you can see much more granular detail on the machines. At the minute, I’ve only got one machine in each group but you get the idea Smile


The “View Properties” button takes you deeper into that machine, with more sections available to view:


The first few tabs are all quite self explanatory…but the final two are very interesting.


This gives an amazingly detailed list of the hardware in and related to the machine. For my laptop, this information includes:

  • Model
  • Serial Number
  • BIOS Name & Version
  • CPU Name/Type/Speed
  • Number of disks
  • Disk model
  • Disk Size
  • Number of partitions
  • Network adapter
  • IP Address
  • MAC Address
  • Monitor Resolution
  • Printers (including Soft printers like OneNote)

and more. It’s similar to the free ware program CPU-Z (which you may be familiar with) in that it gets really deep into you machine to give you all the information you could possibly need!


This gives a list of all software installed on the machine…in this case:


It then gives you an idea of the category such as Browser, OS, Utility etc and also tells you if it’s a Virtual Application.

You can export these lists to either .csv or .html files for use with other applications and systems.

This feature fits really well in to the whole Software Asset Management piece, as organizations will have a complete, current list of all software installed on all machines. It’s very quick to update with added/removed software which will enable companies to be confident of compliance at all times.


Creating a group is very straight forward. It has 3 sections, each with just one selection to make:


Details = Group name (and an optional description field)

Parent Group = Choose which group this will link off from. Either “All Computers” or one of your own.

Members = Choose which machines to add to the group.


I’ll cover deploy software to machines etc in a later post.

Kaspersky & Hardware Based Anti-Virus

This is pretty interesting…Kaspersky have received a patent for Hardware based Anti-Virus!

The idea behind this is that it will:

“neutralize the most widespread type of threat – malicious programs that store themselves or infect files on a computer’s hard drive”

by scanning data that is written to the disk. Kaspersky’s news article gives a good insight into how it works:

“The patented device is installed between a drive (hard drive or SSD) and the computing unit (CPU and RAM) and is connected to the system bus or integrated into the disk controller. The hardware antivirus solution allows or blocks writing data to disk, providing threat alerts and information about its operation to the user (user dialog is possible if the hardware antivirus control utility is installed on the PC)”

Interestingly, it can work on it’s own or in conjunction with existing AV software. One area where Kaspersky expect it to be especially effective is against rootkits, which can often prevent AV software from even running. As Kaspersky Technology Expert Oleg Zaitsec says:

“solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits”


People often complain that Anti virus software uses a lot of system resources such as CPU and RAM, so putting more hardware in there is going to be even worse…right? Wrong…Kaspersky have given the unit it’s own CPU & RAM to prevent this, in fact you can even attach a separate power supply.


This will probably be most popular in non-desktop machines including servers and, as Kaspersky say, ATM’s etc.

You can see the Kaspersky announcement here and the Neowin article that alerted me to this here.

Microsoft Security Essentials: Thoughts on AV

Microsoft Security Essentials (MSE) is available to everyone and it’s getting very favourable reviews from most people. The only nay-sayers so far seem to be the dedicated AV companies such as Symantec.

I’m not going to bother analysing the comments as it’s pretty obvious that most AV companies will say:

a) It’s rubbish


b) We don’t care because ours is so much better

and I’ve got an older post about how good I find it to be.

I think Microsoft’s introduction of a very good, easy to use, free anti-malware solution is a blessing and a breath of fresh air for home users. Just like the corporate market, there are now:

  • Too many manufacturers
  • Too many products
  • Too many features in each one

The number of machines I’ve seen that have at least 2 overlapping programs installed is pretty high. This is usually down to all the FUD (Fear Uncertainty Doubt) causing people to panic a little bit and over-protect themselves…this often causes the machine to run poorly.

Then you have the the sheer number of vendors-who all say their product is the best:

  • Symantec/Norton
  • Panda
  • Eset
  • Kaspersky
  • AVG
  • Bullguard
  • Avast
  • F-Secure

and that’s not all of them. Yes-you could argue that Microsoft have made this worse by offering a real contender but I don’t think that is the case…I think it will streamline this situation of over-choice. Microsoft is obviously a well respected brand and so many people will choose MSE because they’re familiar with the name. As it’s all free-it can’t really be anti-competitive really can it? All it can be is easier and better for the average home user…and that should be everyone’s focus in the world of consumer security.

I’m pretty sure that non-web savvy people searching the internet for “free anti-Virus” often leads to them downloading the opposite-a package full of bloatware, trojans, key loggers and more. However, people going to:

will stop all that.

The idea that people having a manufacturer’s free product at home leads to them purchasing that vendor’s corporate offering at work isn’t particularly true, in my opinion. I speak to a lot of customers who run AVG at home…but none of them use AVG at work-they go with Symantec, Mcafee, Microsoft etc. I’ve also spoken to people who, after using Norton at home (usually as bloatware on a new machine) have removed Symantec from the workplace due to the bad experience!

All in all, I see this making it easier & safer for everyone involved 🙂

Microsoft Security Essentials

Microsoft Security Essentials (MSE), Microsoft’s free home user anti-malware tool, was today released in all it’s final glory to the world at large.

I’ve been running the beta for a few months now and I find it to be brilliant…it’s easy to install, easy to use, un-obtrusive and hasn’t let any nasties through (touch wood!). I was a Kaspersky user previously but I started to have some issues with the Windows 7 RC so MSE came along at just the right time 🙂 I’d definitely recommend that you give it a go, so download it from:

For more in-depth info and screenshots-see my July post here.

Microsoft Security Essentials beta

You  may have seen that, a few weeks ago, Microsoft announced the beta of Microsoft Security Essentials (MSE); their free anti-virus/anti-malware software aimed at home users. The beta was limited to 75,000 downloads so I registered within 20 minutes of it going live on MS Connect and got ready to download it…unfortunately the website had a different idea. It told me that I wasn’t eligible to download the beta and that was that-I logged out empty handed 😦

I kept checking over the following days to no avail while, at the same time, Microsoft emailed me to see how my trial was going…I couldn’t believe they were mocking me so! I just logged in now to see if there had been any update on my application for the Office 2010 trial-it’s gone from “Pending” to not being there anymore- but as an unexpected bonus the download for MSE was there 🙂

I’ve just got it installed and had it run it’s first scan and it’s looking good. It was a quick 5/6 click install process and it was scanning already-very impressive…here are some screenshots:

Something I’m quite surprised to see is that MSE contains Real Time Protection, helping protect users from zero-day attacks even without pre-defined virus signatures; for a free product-that’s pretty cool!

The Settings tab allows you to:

  • Set scan schedule
  • Change the default actions
  • Turn Real Time Protection on/off
  • Exclude files & locations
  • Exclude File Types
  • Exclude Processes
  • Choose to scan archive files
  • Choose to scan removable drives
  • Change Microsoft Spynet access

Spynet is something I hadn’t heard of before and it is Microsoft’s Online Community that collects, collates and processes information on malware and how it is affecting user’s machines. There are 2 levels of “membership” availalable, Basic & Advanced where advanced sends back more information such as file names and locations of affected software etc. It’s default setting is Basic…although it does say that “…personal information might unintentionally be sent to Microsoft” which, while I don’t really mind will probably upset some people 😉

I’ve only had it installed for about half an hour but so far, it seenms to be pretty comprehensive in what it covers as well as being clear and easy to use. The fact that it provides real time protection AND scans removable drives as well as the basic cover makes me consider if, honestly, there’s any need for home users to look elsewhere.

Microsoft’s Forefront Business security software shows they’ve got the skills in this area and a lot of other products (Norton, F-Secure etc) are notorious for slowing PC’s down until they’re nigh on unusable-so this seems like a great alternative. When it comes to Anti-Virus I’m a Kaspersky fan but MSE looks to be a worthy competitor…good work once again from Microsoft 🙂

%d bloggers like this: