Gartner: Microsoft security a 'missed opportunity'

Analyst Gartner has criticised Microsoft’s latest security announcements, made last week at the RSA conference as a "missed...

Analyst Gartner has criticised Microsoft’s latest security announcements, made last week at the RSA conference, as a "missed opportunity".

"Microsoft has offered more details of its security plans but these announcements do not add up to a strategy for protecting Microsoft's products and customers," analyst Neil MacDonald said.

The announcements could though shake up the security industry and provide savings opportunities for customers, the analyst group noted.

"Microsoft has missed an opportunity to clarify its strategy for the security market and articulate whether it plans to be a leader in consumer and enterprise security solutions across desktop, server and server gateway," said MacDonald.

Gartner said Microsoft's overriding goal should be to eliminate the need for anti-virus and anti-spyware products, not simply to enter the market with "lookalike products at lower prices".

The decision to restrict Internet Explorer 7.0, the latest version of the browser software, to the XP platform suggested that Microsoft wanted to force users of older platforms to upgrade if they want improved security, said Gartner.

MacDonald said, "If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users."

Microsoft should also announce that it will fundamentally re-architect IE with security in mind, instead of providing "evolutionary" changes, he said.

Gartner believes Microsoft will deliver a combined anti-virus and anti-spyware  detection and removal product for Windows desktops in the second half of this year. It said enterprises should use this move to squeeze more out of their existing security suppliers.

MacDonald said, enterprises should demand that their anti-virus supplier provides an enterprise-class bundled anti-spyware solution at no cost by the second half of 2005. If suppliers do not deliver users should switch providers.

He added that firms should also require their anti-virus provider to deliver a converged desktop security product with anti-virus, anti-spyware , personal firewall and suspect behaviour blocking facilities at a total price no more than 20% higher than what they pay for standalone anti-virus.

What Microsoft has announced so far:

  • Provide anti-spyware functionality free to licensed Windows users for personal and home use by the end of 2006. Enterprises will have to pay a fee.
  • Bring a consumer anti-virus service to market by year-end 2006. Microsoft did not give details of pricing, bundling or enterprise-class offerings.
  • Release Internet Explorer (IE) 7.0 - which continues the hardening of IE 6 with XP Service Pack (SP) 2 - in beta in mid-2005. IE 7.0 will not be available for Windows 2000 users.

Source: Gartner

Read more on Antivirus, firewall and IDS products