SAN FRANCISCO, April 14, 2003 — Microsoft Corp. today announced new antispam and antivirus technologies that will ship in Exchange Server 2003 for partners, along with the significant enhancements made to the core product, will deliver to customers the most secure, reliable version of Exchange to date. A new antispam tool allows partners to integrate their antispam solutions with new functionality already in Exchange Server 2003 to provide better content filtering with fewer false positives, further maximizing worker productivity. In addition, the updated virus-scanning API (VSAPI 2.5) now includes new features that enable partners to deliver complementary solutions for preventing computer viruses and, more important, helping IT departments maintain a healthy network, allowing administrators to focus on keeping users productive.
“We know customers’ pain. Security and privacy are more important than ever right now and, as an industry leader, we know Exchange and its industry partners have to offer an end-to-end solution to customers that will help fend off security threats at the gateway, on the mailbox server and at an end user’s mailbox,”
said Kevin McCuistion, director of Exchange marketing and business development at Microsoft.
“Microsoft’s philosophy is to stop viruses and spam at the network perimeter, keeping end users focused on the task at hand. We have provided a solid baseline of functionality in the core Exchange 2003 product, and now with these two tools partners can provide an additional layer of security.”
More-Innovative Solutions From Exchange Industry Partners
Spam is fast becoming organizations’ biggest headache. According to a November 2002 Gartner Inc. report* spam is increasing at a rate of 1,000 percent per year, and the report predicts that by 2004 more than 50 percent of e-mail message traffic will be spam — unless organizations defend aggressively against it. In an effort to help block more junk e-mail at the network perimeter, Microsoft is providing antispam partners with a tool to build more-effective, integrated solutions with Exchange 2003 that will further reduce the amount of spam reaching end users’ mailboxes. The new antispam tool in Exchange 2003 will allow partner solutions to scan incoming e-mail messages and attach a numeric score, or Spam Confidence Level (SCL), to each message that indicates the probability that the message is spam. Based on a threshold set by an administrator, the message will be forwarded to either the recipient’s inbox or junk mail folder.
The next version of the VSAPI is enhanced with new capabilities allowing industry partners to develop antivirus solutions that scan e-mail messages at the entry point of customers’ networks, to catch more malicious content before it reaches the Exchange mailbox server. VSAPI 2.5 also makes it possible to prevent infected e-mail from leaving an organization by scanning outgoing mail. These new features will give the antivirus products more options to delete infected messages and, with additional message properties in VSAPI 2.5, automatically send a warning message back to the sender that a virus was detected and the e-mail was deleted, thus helping prevent further spreading. Exchange 2003 will give customers more confidence in the security of their e-mail infrastructures by reducing the number of infected e-mail messages end users receive and administrators have to manage and thereby mitigating the further propagation of viruses.
Enabling Customers
In addition to the antispam tool, Exchange 2003 works directly with the junk mail filters in Microsoft Office Outlook®
2003. These filters allow users to block HTML content by default, assign
“safe”
and
“block”
lists, automatically file junk mail to the trash, and profile spam by assigning points or scores to identifiers such as keywords or patterns. In addition, Exchange 2003 can save a user’s Outlook 2003 and Outlook Web Access
“safe”
and
“block”
senders lists on the Exchange server, allowing those preferences to work for mobile users on any desktop or device connected to the network. Exchange 2003 also empowers administrators to assign enterprisewide allow/deny lists — automatically dropping incoming messages from senders identified by administrators — and to integrate real-time black hole list (RBL) services, which provide immediate spam blocking if a sender is a known spammer.
As part of the Trustworthy Computing initiative, Exchange 2003 has been architected to be secure by design, secure by default and secure in deployment to deliver the security technologies and reliability customers demand, making full use of the security enhancements built into Microsoft Windows Server (TM) 2003. Further, innovative security technologies such as encryption, authentication and filtering techniques are built in to protect business communications. In particular, Exchange 2003 security has been enhanced to include better default settings such as turning off Simple Mail Transfer Protocol (SMTP) relay and support for Secure Multipurpose Internet Mail Extensions (S/MIME) and HTML/attachment blocking in Outlook Web Access, and support for Internet Protocol Security (IPsec) between front-end and back-end clusters. Exchange 2003 also uses IPsec and Kerberos delegation when sending user credentials between a front-end server handling requests from Outlook Web Access or Outlook Mobile Access and a back-end server such as the mailbox store to help minimize exposure of user credentials.
To help protect critical resources and make Exchange access from the Internet safer, Microsoft® Internet Security and Acceleration (ISA) Server Feature Pack 1 has features that support securing Exchange, including Remote Procedure Call (RPC) and SMTP filtering, URLscan and Internet Information Services (IIS) lockdown and an Outlook Web Access configuration wizard. To ease the burden on administrators, Microsoft offers additional documentation that provides prescriptive guidance on locking down Exchange servers, and tools such as the Microsoft Baseline Security Analyzer to help customers deploy and manage their Exchange and Windows®
infrastructures more securely.
Exchange Server 2003 is scheduled to be released in mid-2003. Customers can get more information at http://www.microsoft.com/exchange/.
About Microsoft
Founded in 1975, Microsoft (Nasdaq
“MSFT”
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.
*
“E-Mail in 2003: The Risk Level Rises,”
November 2002, Gartner Inc.
Microsoft, Outlook, Windows Server and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp.
Partner Support
“The current levels of spam are threatening the viability of e-mail as a mission-critical business tool for enterprises. Microsoft’s enhancements to Exchange 2003 will help enterprises stem the tide of spam, which is increasingly important as spam levels continue to rise. Brightmail is committed to supporting Exchange 2003 by offering its leading antispam software to enterprises on one of the best messaging platforms available.”
Enrique Salem
President and CEO
Brightmail Inc.
“Our server-based antispam product, GFI MailEssentials, and our e-mail content security product, GFI MailSecurity, will take advantage of the new antispam tool in Exchange Server 2003 and its improved virus-scanning API, respectively. Microsoft’s antispam tool is unique, and through it we can offer unparalleled spam protection. Exchange’s open architecture enables Exchange users to add on best-of-breed products such as GFIs, making Exchange Server the best mail server solution available today.”
Nick Galea
CEO
GFI Software Ltd.
“Network Associates supports the innovations Microsoft is making with the virus-scanning APIs and the new antispam tool for Exchange Server 2003. As network security continues to be an important issue for businesses in today’s fast-paced computing environment, the comprehensive features and enhancements made possible by the new Exchange platform are enabling Network Associates to provide our McAfee GroupShield customers with a broad array of content security solutions.”
Ryan McGee
Director of Product Marketing for McAfee Security
Network Associates
“Thanks to the technological innovations introduced with Exchange 2003 and to the mutual collaboration between Microsoft and Panda for improving users’ security, we’re very happy to announce a beta version of Panda Antivirus for Exchange Server based on the new Microsoft virus-scanning API. Without a doubt, the advances made by both companies will result in a higher level of antivirus security for enterprises.”
Pedro Bustamante
Chief Marketing Officer
Panda Software
“Sybari has continuously proven its commitment to Microsoft and its customers. In anticipation of the release of Exchange Server 2003 and its new antispam enhancements, we will launch our own antispam component, which lends itself to the advanced features of Exchange Server 2003, further enabling us to minimize the impact of spam messages on Microsoft’s highly scalable servers. In support of Microsoft, we are able to focus on our core business of continuing to provide highly specialized antivirus and content-filtering technology in support of Microsoft’s superior messaging and collaboration platforms.”
Tom Buoniello
Vice President Product Management
Sybari Software Inc.
“Spam has become the No. 1 pain point for our enterprise messaging customers due to its negative impact on messaging infrastructure as well as end-user productivity. Microsoft’s antispam innovations in Exchange 2003, such as the Spam Confidence Level (SCL), will make it easier for vendors like Symantec and customers to address this challenging and complex problem. Symantec currently has plans to support this new antispam framework through a future release of its market-leading Symantec Mail Security for the Microsoft Exchange product.”
Chris Miller
Group Product Manager
Symantec Corp.
“By supporting Microsoft’s efforts to secure the Exchange messaging and collaboration environment, Trend Micro is continuing to provide comprehensive content security protection at our gateway and e-mail sweet spot. Integrating Trend Micro’s next-generation antispam heuristics technology with Microsoft’s Spam Confidence Level API, and ScanMail for Microsoft Exchange with VSAPI 2.5, allows customers to more efficiently and effectively combat spam and malicious code at both the Internet gateway and mail server to help achieve maximum protection without affecting performance.”
Steve Quane
Director of Enterprise Products
Trend Micro Inc.
