No confidence in Microsoft software security

Link: Microsoft security warning is a hoax

The survey by Forrester Research asked 35 managers of enterprises generating more than $1bn in annual revenues.

Security was their most pressing concern with Microsoft, with the software’s administrative overhead and the amount of downtime coming equal second. The difficulty in installing patches was also a major concern.

‘Microsoft has some work to do, patching for servers needs to be as easy as it is for home users,’ said Laura Koetzle, senior analyst at Forrester.

‘A single source of patches would really help administrators out. Administrators also need to do some work in getting uniform server setup to aid the patching process.’

But Forrester also claims criticism of Microsoft has been unfair and that its track record on security is better than conventional wisdom suggests.

Indeed, the report says users are largely to blame for falling victim to viruses such as Nimda, which could easily have been prevented by applying patches made available by Microsoft almost a year earlier.

The report acknowledges that Microsoft has improved the security of its applications but that product lead times meant it would take time for the benefits to filter through.

‘We’re currently reducing the amount of installers we have,’ said Stuart Okin, chief security officer for Microsoft UK.

‘There is a client update system called software update services and service offerings based around automatic updates. These now need to be rolled out to all Microsoft products and we’re in the process of doing just that.’

Forrester also concludes that open source suffers from similar problems when it comes to security patches. The report’s authors said that safely patching vulnerabilities can prove just as difficult as for Microsoft products despite open source administrators typically possessing higher skill levels.

Related reading

Life Belt with Computer Folders
HMRC banknotes