Gartner slams Microsoft's security strategy

Microsoft has been slammed for trying to force customers to upgrade to its latest products by refusing to provide acceptable levels of security in its older offerings.

Analyst firm Gartner said that the software giant's recent round of security announcements represents a "missed opportunity" to clarify its strategy for the security market, and articulate its position for product security across desktops, servers and server gateways.

Neil MacDonald, group vice president and research director at Gartner, said: "The decision to restrict Internet Explorer 7.0 to the XP platform also suggests that Microsoft wants to force users of older platforms to upgrade if they want improved security.

"If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users.

"Furthermore, instead of making more evolutionary security improvements to IE, Microsoft should announce that it will fundamentally re-architect IE with security in mind."

MacDonald believes that Microsoft's overriding goal should be to eliminate the need for antivirus and anti-spyware products, not simply to enter the market with "lookalike products at lower prices".

Commenting on Microsoft's decision to provide anti-spyware functionality to licensed Windows users and bring a consumer antivirus services to market by year-end 2006, MacDonald predicted that the firm will deliver a combination detection and removal product for Windows desktops in the second half of 2005, competing directly with other antivirus and anti-spyware products and services.

"This move will challenge antivirus vendors that depend heavily on revenue from consumers, such as Symantec, and vendors that derive substantial revenue from upselling enterprises to antivirus product suites that include desktops and servers, such as McAfee and Computer Associates International," he said.

Gartner advised firms to demand that their antivirus provider offer an enterprise-class bundled anti-spyware product at no cost by the middle of 2005, and to switch providers if this demand is not met.

The analyst firm also suggested that firms should require antivirus providers to deliver a converged desktop security product with antivirus, anti-spyware, personal firewall and behaviour blocking at a total price no more than 20 per cent higher than for standalone antivirus.