Count the cost before buying Microsoft, says analyst firm

Enterprises should bear in mind the constant cost of having to patch Microsoft products when they look at buying them, analyst firm Gartner claimed this month.

  • E-Mail
By  Peter Branton Published  February 15, 2004

Enterprises should bear in mind the constant cost of having to patch Microsoft products when they look at buying them, analyst firm Gartner claimed this month. In an advisory posted on its web site last week, Gartner slams Microsoft’s recent record on security. Microsoft last week acknowledged a critical security flaw in all versions of its Windows operating system. Like the flaw that enabled last year’s MSBlast attack, this vulnerability was discovered by an outside company and reported to Microsoft: “this shows the inadequacy of Microsoft’s highly publicised efforts to find vulnerabilities in its software,” Garter said. The research firm is especially critical of security vulnerabilities in Windows Server 2003, the company’s most recent server OS. “Gartner has advised enterprises against using Windows Server 2003 in sensitive Internet-exposed applications before 2Q04. We may have to revise even this cautious position if Microsoft fails to commit publicly to extraordinary efforts to eliminate glaring holes in its operating systems,” the report said. “Enterprises should continue to heavily weight the cost of continually patching Microsoft products when deciding which operating system to purchase.” Gartner believes that another MSBlast-style attack as a result of this most recent flaw is “almost inevitable” and is warning users to immediately apply the patch Microsoft has provided and install firewall solutions. Microsoft has been criticised by other analyst firms for taking so long to come up with a patch for this recent flaw. It was notified by a security company about it in July last year, and has only just issued a patch for it. Ironically, Gartner’s advisory was released on the same day that Microsoft announced that portions of the software code for Windows 200 and NT 4 had been illegally made available on the internet.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code