V3.co.uk

Microsoft security still bothers users

IT managers think Windows is insecure but still use it for mission-critical apps, says Forrester report

  • Iain Thomson
  • Iain Thomson
0 Comments

A new report claims that nearly three-quarters of IT managers do not trust Microsoft's software to be secure, despite the fact that nine out of 10 admit using it to run mission-critical applications.

The survey by Forrester Research questioned 35 managers of enterprises generating more than $1bn in annual revenues.

Security was their most pressing concern with Microsoft, with the software's administrative overheads and the amount of downtime coming equal second. The difficulty in installing patches was also a major worry.

Laura Koetzle, senior analyst at Forrester, said: "Microsoft has some work to do. Patching for servers needs to be as easy as it is for home users, and a single source of patches would really help administrators.

"Administrators also need to do some work in getting a uniform server set-up to aid the patching process."

But Forrester stressed that some criticism of Microsoft has been unfair, and that its track record on security is better than conventional wisdom suggests.

The report said that users are largely to blame for falling victim to viruses such as Nimda, which could easily have been prevented by applying patches made available by Microsoft almost a year earlier.

Forrester acknowledged that Microsoft has improved the security of its applications, but warned that product lead times meant that it would take time for the benefits to filter through.

"We're currently reducing the amount of installers we have," said Stuart Okin, chief security officer for Microsoft UK.

"There is a client update system called Software Update Services, and service offerings based around automatic updates.

"These now need to be rolled out to all Microsoft products and we're in the process of doing just that."

Forrester also concluded that open source software suffers from similar problems when it comes to security patches.

The report's authors said that safely patching open source vulnerabilities can prove just as difficult as for Microsoft products, despite open source administrators typically possessing higher skill levels.

V3 Latest