LOS ANGELES -- "Never tell me the odds!" ?- Han Solo, a long time ago.
Han Solo never dealt with Microsoft -- Windows users want some odds. Odds are 60-40 that Microsoft will succeed in its efforts to boost security for its Windows and .NET software products, up from a 50-50 forecast one year ago, according to Gartner Group Vice President John Pescatore.
Pescatore told attendees at the consulting firm's Windows: Nothing But .NET? conference that only time will tell, and noted that in the past year, security has become one of the top three issues for corporate IT officials.
According to Gartner, some key factors that could turn Microsoft away from its security initiatives are Redmond's "20-year value system which emphasizes power to the user;" and its relentless drive for churning out software upgrades and features that create greater product vulnerabilities.
"The key issue is how to change the value system of (MS) project managers who get rewarded for bringing products to market fast," Pescatore said. In IIS development, for example, the goal of the product management team was to beat the competition by making IIS easier to use and have everything work by default. "This is bad security planning," he said.
Contrast that with Microsoft's strategy for .NET Server: The company is educating developers about security, creating tools to check for common errors and improving the development and testing process, according to Pescatore.
Other factors that tilt Microsoft toward security success: continued pressure from the Department of Justice (DOJ) case, awareness of the expense of constantly supporting security problems with patches and announcements, a desire to be the leader in establishing industry security standards and recognition that its success with .NET and the enterprise server market hinges on its ability to produce secure software.
"Security is even more a concern with .NET and Web Services because SOAP, HTTP, and SSL let content go through firewalls," Pescatore said. He added that the industry will see new security constructs like single security dashboards and application-specific firewalls over the next five years.
For now, Windows administrators can expect no immediate relief to the problem of security administration. With Windows platforms comprising two-thirds of all defaced operating systems, a Windows Web server is four times more likely to be hacked than a Unix server, by Gartner's math. Consequently, Gartner estimates it will require 15% more administrative time to secure a Windows server than a Unix server. "There is no way to around it," Pescatore said.
FOR MORE INFORMATION: