RealTime IT News

'SmartScreen' Spam Filter Ready for Exchange

With ambitious plans to "shift the tide" in the fight against junk e-mail, Microsoft on Sunday announced plans to port its SmartScreen spam filtering technology to new versions of Exchange.

Microsoft boss Bill Gates used the spotlight of the Comdex trade show in Las Vegas on Sunday to spell out the company's anti-spam and software security initiatives, announcing that the SmartScreen technology will be featured in a new Exchange add-on called Microsoft Exchange Intelligent Message Filter. The move makes spam-blocking software developed in Microsoft's Web-based e-mail product, Hotmail, available on the enterprise level.

"SmartScreen is going to be in every mail thing we do. It's recently up in MSN and Hotmail. It's in Outlook. It's in a release of Exchange that we're making in the months ahead. So that's a very big step forward there," Gates told the gathering.

The technology has also been integrated into the new Office 2003 software suite.

Sharing his vision for "Seamless Computing", the Microsoft chief software architect said the new spam filtering add-on for Exchange 2003 will let customers have whitelist capabilities. Gates also said the software would use technologies to ensure the delivery of wanted messages from non-whitelisted senders. Describing these technologies, he mentioned challenge/response, an approach like TRUSTe's "Trusted Sender" program, and a bonded sender system.

Gates noted that the SmartScreen technology, developed internally at Microsoft Research, was tested on Hotmail to identify the frequency of words and the types of links used by spammers. But, before long, Gates said the spammers found ways to dodge the filtering mechanism.

However, he explained, the unique nature of spam mail, which include random words and hash codes to get around SmartScreen, still made it easy to identify the mail as unsolicited junk.

"[This technology is] working very well, it really is making a dramatic difference there, which is, of course, super important...We believe these new approaches will shift the tide, that between what we're doing with technology and what's being done on the legal front, it makes the business proposition for spammers no longer attractive. And we've got to keep working until we achieve that. And I believe very strongly, that's an achievable goal," Gates declared.

Gates also reiterated his company's commitment to software security and trained the spotlight on two enterprise offerings -- System Management Server (SMS 2003) and ISA Server 2004.

He said more than 90 percent of Microsoft's enterprise customers have licensed the SMS 2003 product, which provides a simplified environment for inventory management, software distribution and patch management in large organizations.

Gates announced the addition of a brand new feature in SMS 2003 that provide up-to-the-minute status on patch deployments.

For large enterprises deploying security patches of thousands of machines in numerous locations across the country, the new feature provides data on every single machine that has been patched or remains to be patched. If a system was not patched because a remote user was offline when the deployment was issued, the new feature will let SMS 2003 install the patch and report a verified installation the next time that user connects to the corporate network.

While simplified patch management is part of the answer, Gates said SMS 2003 would be complemented by ISA Server 2004, a firewall type product that goes further than the classic firewall.

"In fact, we talk about it as an application layer of security. It can be used by itself where it will provide the traditional firewall capability in the application layer or a lot of people use this together with a traditional firewall and it simply takes and does the parsing of the software commands to understand exactly what's going on and what can be done," he explained.

"There's a lot of activity in the security area. The industry over time will move for sensitive applications away from passwords to use smart cards. We'll move to improvement to the mail protocol that is enhanced SMTP where we'll be able to verify who mail comes from, Gates declared.

"Microsoft has a number of new things we're doing. We've got a free subset of SMS for people who want that for patching. We've got a way that we can actually turn the firewall on automatically for systems without causing compatibility problems, a lot of things that will move people in and make the default way systems are set up very secure and give IT a way of actually making sure that's what's going on," he added.