Windows 7 / Security and Privacy

Forefront

Forefront is enterprise security software that provides protection from malware in addition to many other threats. Whereas Windows Defender is designed for consumers and small businesses, Forefront is designed to be deployed and managed efficiently throughout large networks.

Forefront products are designed to provide defense-in-depth by protecting desktops, laptops, and server operating systems. Forefront currently consists of the following products:

  • Microsoft Forefront Client Security (FCS)
  • Microsoft Forefront Security for Exchange Server (formerly called Microsoft Antigen for Exchange)
  • Microsoft Forefront Security for SharePoint (formerly called Antigen for SharePoint)
  • Microsoft Forefront Security for Office Communications Server (formerly called Antigen for Instant Messaging)
  • Microsoft Intelligent Application Gateway (IAG)
  • Microsoft Forefront Threat Management Gateway (TMG)

Of these products, only FCS would be deployed to client computers. The other products typically would be deployed on servers to protect applications, networks, and infrastructure.

Enterprise management of anti-malware software is useful for:

  • Centralized policy management.
  • Alerting and reporting on malware threats in your environment.
  • Comprehensive insight into the security state of your environment, including security update status and up-to-date signatures.

Forefront provides a simple user interface for creating policies that you can distribute automatically to organizational units and security groups by using GPOs. Clients also centrally report their status so that administrators can view the overall status of client security in the enterprise.

With Forefront, administrators can view statistics ranging from domain-wide to specific groups of computers or individual computers to understand the impact of specific threats. In other words, if malware does infect computers in your organization, you can easily discover the infection, isolate the affected computers, and then take steps to resolve the problems.

Forefront also provides a client-side user interface. Similar to Windows Defender, Forefront can warn users if an application attempts to make potentially malicious changes, or if it detects known malware attempting to run. The key differences between Defender and Forefront are:

  • Forefront is managed centrally Forefront is designed for use in medium-sized and large networks. Administrators can use the central management console to view a summary of current threats and vulnerabilities, computers that need to be updated, and computers that are currently having security problems. Windows Defender is designed for home computers and small offices only, and threats must be managed on local computers.
  • Forefront is highly configurable You can configure automated responses to alerts, and, for example, prevent users from running known malware instead of giving them the opportunity to override a warning as they can do with Windows Defender.
  • Forefront protects against all types of malware Windows Defender is designed to protect against spyware. Forefront protects against spyware, viruses, rootkits, worms, and Trojan horses. If you use Windows Defender, you need another application to protect against the additional threats.
  • Forefront can protect a wider variety of Windows platforms Forefront is designed to protect computers running Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008. Windows Defender can protect only computers running Windows XP, Windows Vista, and Windows 7.

Like Windows Defender, Forefront supports using Microsoft Update and WSUS to distribute updated signatures to client computers, but Forefront also supports using third-party software distribution systems. For more information about Forefront, visit http://www.microsoft.com/forefront/. Also, explore the Microsoft TechNet Virtual Labs at http://technet.microsoft.com/bb499665.aspx.

Note Microsoft offers a third client security solution: Windows Live OneCare. Windows Live OneCare is designed to help protect home computers and small businesses with antivirus protection, antispyware protection, improved firewall software, performance monitoring, and backup and restore assistance.

[Previous] [Contents]

In this tutorial:

  1. Windows 7 Client Protection
  2. Understanding the Risk of Malware
  3. User Account Control in Windows 7
  4. UAC for Standard Users
  5. UAC for Administrators
  6. UAC User Interface
  7. Secure Desktop
  8. How Windows Determines Whether an Application Needs Administrative Privileges
  9. How to Control UAC Using Application Properties
  10. How UAC Examines the Application Manifest
  11. UAC Heuristics
  12. UAC Virtualization
  13. UAC and Startup Programs
  14. Compatibility Problems with UAC
  15. How to Configure UAC
  16. Group Policy Settings
  17. Control Panel
  18. Msconfig.exe
  19. How to Configure Auditing for Privilege Elevation
  20. Other UAC Event Logs
  21. Best Practices for Using UAC
  22. AppLocker
  23. AppLocker Rule Types
  24. Auditing AppLocker Rules
  25. DLL Rules
  26. Custom Error Messages
  27. Using AppLocker with Windows PowerShell
  28. Using Windows 7 Defender
  29. Understanding Windows Defender
  30. Automatic Scanning
  31. Real-Time Protection
  32. Windows Defender Alert Levels
  33. Understanding Microsoft SpyNet
  34. Configuring Windows Defender Group Policy
  35. Configuring Windows Defender on a Single Computer
  36. How to Determine Whether a Computer Is Infected with Spyware
  37. Best Practices for Using Windows Defender
  38. How to Troubleshoot Problems with Unwanted Software
  39. Network Access Protection
  40. Forefront