Safe@Office 500 should provide intrusion prevention against high-risk and critical-risk zero-day exploits of the most popular internet facing applications (web browsers & plugins thereof) used by its market, at least until adequate time has passed after a patch is made available by the browser’s vendor.

I can understand a UTM intended for a single site not to have intrusion prevention updates for the full range of applications a multi-site organization UTM-1 Edge Appliance needs. However, for Safe@Office 500 appliances not to get intrusions prevention updates for Microsoft Internet Explorer and Mozilla Firefox vulnerabilities is miscalculation sufficient to render silly the “UTM” assertions for the Safe@Office appliance.

The recent Microsoft Internet Explorer XML Parsing Zero-Day Remote Code Execution Vulnerability (MS08-078) aka Memory Corruption Vulnerability (CVE-2008-4844) announced December 10, 2008, is a good example. A SmartDefense Services protection update against it was available as of December 11, 2008. However, Safe@Office 500 appliances received no such update and Safe@Office networks remained/remain at risk, presumably until the browser patch from Microsoft, issued more than a week after the exploit was active in the wild, was/is applied.

Lastly, in addition to firmware updates, what happened to the "security updates" that are supposedly part of the service subscription packages? "SofaWare's Safe@Office Basic support plan entitles you to receive: Security and firmware updates..."