Tech Watch | InfoWorld Staff » Microsoft's security strategy is still lacking despite new IE, Gartner says

February 18, 2005 | Comments: (0)

Microsoft's security strategy is still lacking despite new IE, Gartner says

TAGS: None

Bill Gates put Microsoft's security strategy front and center this week, announcing a new version of Internet Explorer, free antispyware and an antivirus service, but his vision does not look far enough ahead, a Gartner analyst said.

Neil MacDonald, a research director at Gartner, said Microsoft's security announcements were a missed opportunity.

At the RSA Conference in San Francisco, Gates said Microsoft will release IE 7.0, which continues the hardening of IE 6 with XP Service Pack (SP) 2, in beta in mid-2005. IE 7.0 will not be available for Windows 2000 users.

MacDonald criticized the new version in a news analysis on published on Gartner's Website.

"The decision to restrict IE 7.0 to the XP platform also suggests that Microsoft wants to force users of older plat-forms to upgrade if they want improved security," MacDonald wrote. "If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users. Furthermore, instead of making more evolutionary security improvements to IE, Microsoft should announce that it will fundamentally rearchitect IE with secu-rity in mind."

MacDonald was equally critical fpr the AV and AS announcements.

"Microsoft has missed an opportunity to clarify its strategy for the security market and articulate whether it plans to be a leader in consumer and enterprise security solutions across desktop, server and server gateway," MacDonald said. "Microsoft's overriding goal should be to eliminate the need for AV and AS products, not simply to enter the market with lookalike products at lower prices. The company's enterprise security focus will be on securing Microsoft environments and leveraging Microsoft infrastructure, such as Active Directory and Systems Management Server."

Gartner recommended that enterprises continue as planned with XP SP2, but schedule another round of testing for IE 7.0 for 2006. The company also said that enterprises should demand that their AV provider offer an enterprise-class bundled AS solution at no cost by the second half of 2005. They switch providers if this demand is not met.

Enterprises should also require their AV provider to deliver a converged desktop security product with AV, AS, personal firewall and behavior blocking at a total price no more than 20 percent higher than what you now pay for stand-alone AV.

If they have heterogeneous platform security needs, enterprises look to other vendors, Gartner said.

Posted by Jack McCarthy on February 18, 2005 03:39 PM

RATE THIS ARTICLE: