News

Code flaws push up cost of IT security

Karl Cushing
UK companies face a multimillion-pound bill as the number of flaws in Microsoft Windows software escalates, analyst firm Gartner has warned.

John Pescatore, an analyst with Gartner, said implementing personal firewalls to guard against Microsoft security flaws is a critical enterprise requirement.

However, businesses would have to pay about £100 per user to roll out personal firewalls to corporate PCs. Ongoing support costs could be an extra £30 a year per user.

"The growing use of corporate desktops on broadband connections means that corporate PCs, particularly laptops used by remote workers, are more exposed to direct internet-based attacks," said Pescatore.

Microsoft agreed that laptops and desktops should be loaded with their own firewall, which is not yet standard practice.

Graham Titterington, a senior analyst at Ovum, said corporate network security was particularly at risk from vulnerabilities in laptops and homeworkers' PCs with always-on broadband connections. He said the risk has been there for years but it is gradually increasing.

Pescatore pointed out that this is the first year when more laptops have been sold than desktop PCs. In-built security provided by Microsoft, such as the Internet Connection Firewall in Windows XP, is "not sufficient" as it only blocks incoming connections, he said.

Microsoft has released six Windows patches in the past fortnight and 13 "critical" patches this year. Pescatore said it was not unusual for firms to take 18 months to deploy such a large number of patches to all of their PCs, and the situation is set to get worse.

Suppliers should be ashamed >>

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy