Windows 2000 is not secure enough to use on internet connected servers, according to a senior security analyst at Gartner.

John Pescatore said that companies should wait until the end of next year before running the operating system on web servers.

"I would not recommend Windows 2000 for internet connected web servers today," he warned. "The operating system has a major increase in security over Windows NT but it is still just out of the box. It has a lot of embedded components that are not sufficiently tested."

Pescatore explained that Microsoft's operating systems reach a state where security is "good enough", then drop again following the discovery of a new series of bugs contained in the next version.

"Windows 2000 will be more stable by the end of next year after a few more service packs have been released and the flow of what are relatively serious bugs is cleared up," he said.

"Most commercial versions of Unix, such as HP-UX and Sun Solaris, have reached a good enough level of security and are safe enough to use on the internet. If you have the skill set, then Unix is the safe choice today," he added.

Pescatore also claimed that "managed" Linux will become the most secure option in the next five years.

"There are two forms of Linux: one which is random, where the code is available on the web for all, [and one] which is managed, from companies such as Red Hat. Well managed open source testing can make software more secure, faster. By 2005, managed Linux will be the most secure operating system," he said.