Computing reports from GartnerGroup's Windows NT in the Enterprise conference in Palm Springs.
Users should avoid using Windows NT for Internet commerce applications until the end of 2001, because Microsoft's server operating system is not yet secure enough, writes Cath Everett.
GartnerGroup analyst Neil MacDonald says Windows NT remains suspect for high-end use because of its relative immaturity.
'I would advise users to introduce not just Unix, but hardened Unix for ecommerce. NT is just not secure enough, especially with the new vulnerabilities that are likely to appear with Windows 2000,' he told Gartner's Windows NT in the Enterprise conference in Palm Springs last week.
Lack of security skills for the operating system both in the industry and in IT departments leaves many organisations open to security breaches, he added. Some 80% of NT security problems over the next 18 months will be caused by administrative or configuration errors, says MacDonald.
Users should think twice about considering NT for ecommerce or for any other system where security is critical, because security is not top of the agenda for Microsoft, said MacDonald.
'It's fine if it's behind a firewall, but I don't recommend it for security-intensive applications. With ecommerce, when it's on the Internet outside the firewall, the probability of facing a sophisticated attack is 99.9%.'
Unlike Unix, NT has not so far hosted enough interesting content for hackers to bother attacking it, and hackers lack the necessary skills to inflict heavy damage, MacDonald said.
The security problem has also not been helped by the rapid rate of change in the operating system and the quality of Microsoft's development process, where shortcuts are common, said MacDonald.
New security vulnerabilities have been introduced with each new version of the operating system, and Windows 2000 will replace many core security services with new unproven code - a situation that is likely to be made worse by the increasing complexity of the operating system.
As Gartner was expressing its security concerns, NT last week received a UK government security certification.
The Information Technology Security Evaluation Criteria (ITSEC) board awarded version 4.0 of NT Server and Workstation an E3/FC-2 rating. The security rating covers NT 4 versions with service packs, and does not include Exchange, Outlook, or Systems management server.
According to Microsoft, this is similar to the C2 rating NT 3.51 has already received in the US.
Acton's warnings come as Facebook is embroiled in one of the biggest data scandals in history
The unmanned tanks could eventually be kitted with AI systems
Dubbed I-MacEtch, it will help meet demand for more powerful nano-tech
GPU firm's research unit for self-driving cars is growing