FrontBridge was one of the top four hosted or "managed" email security services. Microsoft acquired FrontBridge in August 2005, yet the company has been reserved about its plans … until now.

In April, Microsoft will rebrand FrontBridge as "Exchange Hosted Services." It has just introduced version 5.3, which it claims is faster, more usable, has expanded network capacity, and adds support for speakers of Dutch, Portuguese (standard and Brazilian), Mandarin, and Korean.

The product structure and pricing model are now simplified, with a main license plus three options:

• Archive — Keep a copy of all mail, either inbound, outbound, or internal. End-users have access to the archive via an OWA-like Web interface.
• Continuity — Keep a rolling 30-day archive as above, permitting redelivery of messages in case of disaster.
• Encryption — A licensed version of Voltage’s IBE system (Identity Based Encryption).

Expect a 6.0 release at the same time as the release of Exchange 12. This may include Exchange-specific features.

… Richi Jennings, with thanks to Eron Kelly of Microsoft

Many email security products or services will warn you if they detect a virus in an incoming message. You’ll receive a Virus Alert message in your inbox that either includes the original plain text message with the attachment stripped out, or has just a simple notification that "so-and-so sent you a virus, and click here to read the message in the quarantine." The intention is that you can contact and notify the sender that there is a virus on his or her PC.

The problem is that these days, most virus-infected email is sent not by users, but by other viruses. It’s effectively spam, except the motivation is to take over your computer, not to sell you … things. The viruses will often use the same lists of recipients as spammers do. And there’s no point in contacting the "sender" of the message — it’s probably forged.

The upshot is that these virus alert messages are now just as bad as spam. Only a tiny proportion of them are of any use. Email security solutions should be more selective of which messages they warn about.

… Richi Jennings, with thanks to Stephen Canale of OnlyMyEmail

This report details the problems that organizations face in maintaining a Microsoft Exchange solution, and the impact of downtime when Exchange is not available.

For further information, see here.

Note:

• Subscribers to Ferris Research’s information service can download the report directly, from here. If you have forgotten your login and password, email gabriel.golden@ferris.com for help
• Journalists interested in the report should contact david.ferris@ferris.com

If you have any questions, please email david.ferris@ferris.com or call him on +1 415 367 3436.

SASL (Simple Authentication and Security Layer) is an Internet standard that enables the Internet messaging protocols and LDAP (Lightweight Directory Access Protocol) to use a wide range of authentication mechanisms. Last week, an updated version was approved to replace RFC 2222.

SASL is an important, but less well known, member of the Internet messaging and directory protocol family. It is generally thought of as a way to use alternate authentication mechanisms, but there is another feature of SASL that is also important.

Many applications, and in particular custom Web applications, use LDAP as an authentication mechanism to verify the user name and password provided by the application. Working in this way is a very sensible approach for many organizations, as it allows a simple centralized authentication mechanism. This is achieved by the application binding to the directory as the user. As LDAP binds require use of the full directory name of the user, the application will generally first make an anonymous bind to the directory and then search the directory for the user name supplied by the application in order to determine the directory name needed for the second bind that does the actual authentication.

Use of SASL in conjunction with LDAP offers a much better solution. SASL enables use of authentication with the user name supplied by the application, and performs the mapping to the directory name on the server side. This has the advantage of avoiding anonymous — i.e., insecure — directory operations. It also has a big operational advantage, as the algorithm to map from user name to directory name is managed in one place (on the directory server) rather than needing to be maintained in every application that works in this manner.

Using SASL in this way is currently unusual, but will become increasingly common.

… Steve Kille (editor: Richi Jennings)

Microsoft has released an update to Office 2007 Beta 1, which it calls a Technical Refresh. While not yet a public beta, Microsoft and others are blogging about the improvement to the client user interface (UI).

Microsoft is undertaking a very large shift in how customers will see and use Office. Microsoft realizes that the menu structure of Office applications can be confusing — even to the point of being overwhelming. The new UI aims to put the most commonly used tasks for your current tasks on the new Office Ribbon in a graphical format.

While this is a great evolution and seems nicely done, the upgrade will probably require training for end users. Power users will think it awesome, but a vast number of users will be in need of formal training or at least a structured overview. It’s still worth the upgrade, but organizations will want to plan for this. For a look at the new UI see the official site and this blog post by a Microsoft program manager.

… Lee Benjamin (editor: Richi Jennings)

To operate Skype, you need to have your PC turned on, and you probably talk via a connected headset.

That’s a pain if your PC isn’t on, or if your PC isn’t beside you, for example.

So a number of vendors are working on phones that have Skype embedded within them. An example is NETGEAR’s WiFi Phone. This looks like a cell phone, and connects over WiFi. Expect such products to become available late summer.

… David Ferris, with thanks to ActionTec’s Gunjan Bhow

No one wants to go through the hassle of having their mobile device lost, stolen, attacked by viruses, or harvested for confidential data. Fortunately, two security features now available on some devices provide additional protection:

• A threshold of unsuccessful PIN/password attempts can be set. If exceeded, the device will automatically lock itself and erase local memory.
• The organization’s help desk can send a specially formatted SMS command — a remote device wipe — which forces the device to automatically delete all information.

This functionality is quite beneficial unless the user merely misplaced the device — in which case it’s as useful as a pet rock. Users need to be aware of these issues — preferably before they need to call the help desk. Companies should add the security of mobile devices to their policies and inform both their new and existing users. Here are some of the issues that messaging managers should think about:

• Which mobile devices and OS platforms are supported.
• Mandatory use, complexity, and timeout of a PIN.
• Thresholds for unsuccessful PIN entries.
• Specific information that will be deleted.
• Delay between issuing the wipe command and actual deletion.
• Disabling SD cards that cannot be wiped.
• Locking out the insertion of new SD cards.
• Re-provisioning of the mobile device and user profile after a wipe.
• Who is permitted to perform remote wipes and under what circumstances.

… Nancy Cox (editor: Richi Jennings)

Sometimes, we make life very difficult for spam filters. I was reminded of this today when checking the quarantine for the mailbox that we use for our weblog.

Caught in the quarantine were several messages generated by the blog software, which warned us of some spammy activity — spammers abusing the blog’s comments and trackbacks facilities. Of course, the warning messages included the spammy text of the comments and trackbacks, which caused our spam filter to quarantine the warnings.

Naturally, a quick addition to the whitelist prevented the problem from happening again, but it’s food for thought.

… Richi Jennings

The Teneros Application Continuity Appliance offers instant failover for Microsoft Exchange in a managed appliance that provides exceptionally high availability. This report summarizes the product and comments on its industry context.

For further information, see here. There is no charge for the report.

If you have any questions, please email david.ferris@ferris.com or call him on +1 415 367 3436.

The Teneros Application Continuity Appliance offers instant failover for Microsoft Exchange in a managed appliance that provides exceptionally high availability. This report summarizes the product and comments on its industry context.

For further information, see here. There is no charge for the report.

If you have any questions, please email david.ferris@ferris.com or call him on +1 415 367 3436.