Gartner: Microsoft "Missed Opportunity" In Security
Bill Gates may have shed some light on his company's security plans this week, but Gartner questions if the revelations add up to a coherent strategy.
Bill Gates may have shed some light on his company's security plans this week, but the revelations still don't add up to a coherent strategy for protecting customers, a Gartner security analyst maintains.
"Microsoft has missed an opportunity to clarify its strategy for the security market and articulate whether it plans to be a leader in consumer and enterprise security solutions," said Neil MacDonald, a research director at Gartner, in an advisory published on the Stamford, Conn.-based firm's Web site.
On Tuesday, Gates and other Microsoft executives at the RSA Conference in San Francisco outlined several moves to beef up Windows' security, including giving away anti-spyware software for personal and home use, assembling a consumer-oriented anti-virus service, and releasing a beta of an updated Internet Explorer -- dubbed IE 7.0 -- to Windows XP users by the middle of 2005.
MacDonald took Microsoft to the woodshed on a number of issues related to the announcements, but blasted the company most for getting confused about what it should be doing.
"Microsoft's overriding goal should be to eliminate the need for AV and AS products, not simply to enter the market with look-alike products at lower prices," he said.
He also criticized Microsoft's decision to limit the new IE 7.0 to Windows XP, a stance other analysts have taken in view of the large numbers of enterprise desktops still running Windows 2000.
"The decision to restrict IE 7.0 to the XP platform also suggests that Microsoft wants to force users of older platforms to upgrade if they want improved security," MacDonald added.
"If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users. Furthermore, instead of making more evolutionary security improvements to IE, Microsoft should announce that it will fundamentally re-architect IE with security in mind."
According to the Dean Hachamovitch, who leads the IE development team at Microsoft, "we're focused on XP SP2. We're actively listening to our major Windows 2000 customers about what they want and comparing that to the engineering and logistical complexity of that work. That's all I can say on that topic," he wrote in the official Internet Explorer blog earlier this week.
MacDonald did acknowledge that the Microsoft's announcements this week will change the security landscape and impact some current partners' bottom lines. "[Microsoft'] will challenge AV vendors that depend heavily on revenue from consumers, such as Symantec," he said, "and vendors that derive substantial revenue from upselling enterprises to AV product suites that include desktops and servers, such as McAfee and Computer Associates."
But investors in Symantec and McAfee obviously breathed a sigh of relief earlier this week when, contrary to some expectations, Gates said Microsoft wouldn't launch an anti-virus service before the end of the year. By mid-day Friday, Symantec shares had climbed 3.6 percent since the closing of the market a week ago, to $22.16. McAfee, meanwhile, had recovered 1.5 percent to $24.43.
Last week, share prices of several prominent security vendors plunged after Microsoft announced the purchase of anti-virus software maker Sybari.
MacDonald noted that Microsoft's entry into the market, even without a clear-cut strategy, gave companies some maneuvering room with current anti-virus and anti-spyware providers.
Among his recommendations:
-- Demand that the business' anti-virus provider offer an enterprise-class anti-spyware solution at no additional cost by the second half of 2005. "Switch providers if this demand is not met," he said.
Symantec, for instance, recently announced that its upcoming enterprise anti-spyware defense would be rolled into its corporate anti-virus product, with no fee increase. McAfee, however, which also will soon add anti-spyware protection to its line, will charge extra.
-- "Continue as planned with Windows XP SP2," said MacDonald, "but schedule another round of testing for IE 7.0 for 2006."
-- And, he concluded, if a company requires security solutions that work in a heterogeneous environment -- where Windows is not the only OS -- "look for other vendors [besides Microsoft]."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.