Microsoft's latest initiative to improve the security of its software has received a cautious welcome from analysts.
Clive Longbottom, an analyst at Quocirca, said Microsoft's strategy for security was heading in the right direction in terms of improving security, but it lacked the right tools to create a managed secure IT environment.
He said that if companies already had a good level of security, Microsoft's enhancements to its firewall software would allow users to deploy levels of firewall protection down to desktop users. However, Longbottom was concerned that the kind of firewalls envisaged by Microsoft might not reflect the way end-users access the internet.
For example, locking access to MSN, Microsoft's consumer portal, may be a good central security policy, but users who need access to MSN want it protected by the firewall.
Last week's security shake-up does not cover one of Microsoft's most important products, Active Directory. According to Longbottom, Active Directory could offer the flexibility for managed security on a per user basis.
So far, the technology has only been deployed in relatively simple applications such as internal e-mail directories and phonebooks.
While Microsoft has provided the technical tools to help users build security based on Active Directory, Longbottom felt it fell short in terms of linking the technical issues of implementing security with business issues.
Longbottom said, "It is incredibly complex for a user to design a full directory to deal with a security infrastructure."
Jyoti Banerjee, chief executive at analyst firm MyBusiness.net, said Microsoft's biggest security headache was dealing with legacy software, which required more regular patching compared to newer products.
He said Microsoft's decision to release security notices once a month compared to every week would allow IT managers to plan their patch management better. However, he questioned whether the recent announcements would make a significant improvement to IT security.