‘SmartScreen’ Spam Filter Ready for Exchange

With ambitious plans to “shift the tide” in the fight against junk
e-mail, Microsoft on Sunday announced plans to port its
SmartScreen spam filtering technology to new versions of Exchange.

Microsoft boss Bill Gates used the spotlight of the Comdex trade show in
Las Vegas on Sunday to spell out the company’s anti-spam and software
security initiatives, announcing that the SmartScreen technology will be
featured in a new Exchange add-on called Microsoft Exchange Intelligent
Message Filter. The move makes spam-blocking software developed in
Microsoft’s Web-based e-mail product, Hotmail, available on the enterprise
level.

“SmartScreen is going to be in every mail thing we do. It’s recently up
in MSN and Hotmail. It’s in Outlook. It’s in a release of Exchange that
we’re making in the months ahead. So that’s a very big step forward there,”
Gates told the gathering.

The technology has also been integrated into the new Office 2003 software
suite.

Sharing his
vision
for “Seamless Computing”, the Microsoft chief software architect
said the new spam filtering add-on for Exchange 2003 will let customers have
whitelist capabilities. Gates also said the software would use technologies
to ensure the delivery of wanted messages from non-whitelisted senders.
Describing these technologies, he mentioned challenge/response, an approach
like TRUSTe’s “Trusted Sender” program, and a bonded sender system.

Gates noted that the SmartScreen technology, developed internally at
Microsoft Research, was tested on Hotmail to identify the frequency of
words and the types of links used by spammers. But, before long, Gates said
the spammers found ways to dodge the filtering mechanism.

However, he explained, the unique nature of spam mail,
which include random words and hash codes to get around SmartScreen, still
made it easy to identify the mail as unsolicited junk.

“[This technology is] working very well, it really is making a dramatic
difference there, which is, of course, super important…We believe these
new approaches will shift the tide, that between what we’re doing with
technology and what’s being done on the legal front, it makes the business
proposition for spammers no longer attractive. And we’ve got to keep working
until we achieve that. And I believe very strongly, that’s an achievable
goal,” Gates declared.

Gates also reiterated his company’s commitment to software security and
trained the spotlight on two enterprise offerings — System Management
Server (SMS 2003) and ISA Server 2004.

He said more than 90 percent of Microsoft’s enterprise customers have
licensed the SMS 2003 product, which provides a simplified environment for
inventory management, software distribution and patch management in large
organizations.

Gates announced the addition of a brand new feature in SMS 2003 that
provide up-to-the-minute status on patch deployments.

For large enterprises deploying security patches of thousands of machines
in numerous locations across the country, the new feature provides data on
every single machine that has been patched or remains to be patched. If a
system was not patched because a remote user was offline when the deployment
was issued, the new feature will let SMS 2003 install the patch and report a
verified installation the next time that user connects to the corporate
network.

While simplified patch management is part of the answer, Gates said SMS
2003 would be complemented by ISA Server 2004, a firewall type product that
goes further than the classic firewall.

“In fact, we talk about it as an application layer of security. It can be
used by itself where it will provide the traditional firewall capability in
the application layer or a lot of people use this together with a
traditional firewall and it simply takes and does the parsing of the
software commands to understand exactly what’s going on and what can be
done,” he explained.

“There’s a lot of activity in the security area. The industry over time
will move for sensitive applications away from passwords to use smart cards.
We’ll move to improvement to the mail protocol that is enhanced SMTP where
we’ll be able to verify who mail comes from, Gates declared.

“Microsoft has a number of new things we’re doing. We’ve got a free
subset of SMS for people who want that for patching. We’ve got a way that we
can actually turn the firewall on automatically for systems without causing
compatibility problems, a lot of things that will move people in and make
the default way systems are set up very secure and give IT a way of actually
making sure that’s what’s going on,” he added.

News Around the Web