Article

Gartner: Securing Windows takes 15% longer than Unix

Marilyn Cohodas, Site Editor

LOS ANGELES -- "Never tell me the odds!" ?- Han Solo, a long time ago.

Han Solo never dealt with Microsoft -- Windows users want some odds. Odds are 60-40 that Microsoft will succeed in its efforts to boost security for its Windows and .NET software products, up from a 50-50 forecast one year ago, according to Gartner Group Vice President John Pescatore.

Pescatore told attendees at the consulting firm's Windows: Nothing But .NET? conference that only time will tell, and noted that in the past year, security has become one of the top three issues for corporate IT officials.

According to Gartner, some key factors that could turn Microsoft away from its security initiatives are Redmond's "20-year value system which emphasizes power to the user;" and its relentless drive for churning out software upgrades and features that create greater product vulnerabilities.

"The key issue is how to change the value system of (MS) project managers who get rewarded for bringing products to market fast," Pescatore said. In IIS development, for example, the goal of the product management team was to beat the competition by making IIS easier to use and have everything work by default. "This is bad security planning," he said.

Contrast that with Microsoft's strategy for .NET Server: The company is educating developers about security, creating tools to check for common errors and improving the development and testing process, according to Pescatore.

Requires Free Membership to View

Other factors that tilt Microsoft toward security success: continued pressure from the Department of Justice (DOJ) case, awareness of the expense of constantly supporting security problems with patches and announcements, a desire to be the leader in establishing industry security standards and recognition that its success with .NET and the enterprise server market hinges on its ability to produce secure software.

"Security is even more a concern with .NET and Web Services because SOAP, HTTP, and SSL let content go through firewalls," Pescatore said. He added that the industry will see new security constructs like single security dashboards and application-specific firewalls over the next five years.

For now, Windows administrators can expect no immediate relief to the problem of security administration. With Windows platforms comprising two-thirds of all defaced operating systems, a Windows Web server is four times more likely to be hacked than a Unix server, by Gartner's math. Consequently, Gartner estimates it will require 15% more administrative time to secure a Windows server than a Unix server. "There is no way to around it," Pescatore said.

FOR MORE INFORMATION:

Best Web Links on security

Featured Topic on security issues

Featured Topic on beefing up security

Featured Topic on patches

Featured Topic on IIS

Read John Pescatore's interview with SearchWin2000 from a year ago


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: