John Pescatore, an analyst with Gartner, said implementing personal firewalls to guard against Microsoft security flaws is a critical enterprise requirement.
However, businesses would have to pay about £100 per user to roll out personal firewalls to corporate PCs. Ongoing support costs could be an extra £30 a year per user.
"The growing use of corporate desktops on broadband connections means that corporate PCs, particularly laptops used by remote workers, are more exposed to direct internet-based attacks," said Pescatore.
Microsoft agreed that laptops and desktops should be loaded with their own firewall, which is not yet standard practice.
Graham Titterington, a senior analyst at Ovum, said corporate network security was particularly at risk from vulnerabilities in laptops and homeworkers' PCs with always-on broadband connections. He said the risk has been there for years but it is gradually increasing.
Pescatore pointed out that this is the first year when more laptops have been sold than desktop PCs. In-built security provided by Microsoft, such as the Internet Connection Firewall in Windows XP, is "not sufficient" as it only blocks incoming connections, he said.
Microsoft has released six Windows patches in the past fortnight and 13 "critical" patches this year. Pescatore said it was not unusual for firms to take 18 months to deploy such a large number of patches to all of their PCs, and the situation is set to get worse.
Suppliers should be ashamed >>