[ISN] Push Microsoft for W2K security, Gartner says

From: InfoSec News (isn@private)
Date: Mon Oct 11 2004 - 23:20:16 PDT

Previous message: InfoSec News: "[ISN] NIST details minimum security controls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.theinquirer.net/?article=19021

By Mike Magee in Dublin
11 October 2004

HERE IN DUBLIN, not too many miles away from the forbidden zone -
Intel's Leixlip fab - Annette Jump, a senior analyst at Gartner has
delivered a presentation on what corporations and system builders
should do given the current confusion over Windows clients.

Jump didn't say this but the Gartner graph of Microsoft support
certainly suggests that if you're confused as a corporation or an end
user, it's not really your fault at all.

Jump said that corporations and other Windows users should push
Microsoft to introduce similar features in XP SP2 to reassure
corporations deploying Windows 2000 and wondering which step to take.

She said that with an increased focus on security, Microsoft was
forced to release Windows XP SP2, which is not a typical service pack.
Sixty per cent of it is security, 20 per cent are fixes, and 20 per
cent are functional additions, said Jump. But there are some problems
with SP2 - it crashes some of the applications. She said that Gartner
believed only three per cent of shrink wrapped applications will be
broken by SP2, and five per cent of custom written apps.

Given the large number of apps, that might not matter too much, she
said. But we suppose this is a little like someone breaking a leg.
Most people's legs take eight weeks to heal, but some people's legs
take years to heal. That might be a minor percentage of the whole, but
for the minority it's 100 per cent.

Corporations need to thoroughly test all application s before
installing SP2. Microsoft hasn’t delivered anything like this level of
security for Windows 2000.

She said that users, whether corporate or system integrator users,
should persuade Microsoft to offer similar functionality in Windows
2000 - which, after all, many companies moved to to escape software
compatibility problems with Windows 98, et al.

Companies should introduce new machines with XP, rather than wait for
Longhorn, by introducing operating systems into the enterprise which
have current and future Windows supported clients.

_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

Previous message: InfoSec News: "[ISN] NIST details minimum security controls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Oct 12 2004 - 05:02:49 PDT