COMMENTARY: A recent Gartner report corroborates what industry observers have known for months: Microsoft's security initiatives are paying off for the company, and as customers move to more modern Windows versions such as Windows Server 2003 and Windows XP, they'll share in the benefits.
Gartner, however, hedged its bets by chiding Microsoft for blaming many of its security compromises on people who write malicious code, perhaps in a bid to make its otherwise glowing report on Microsoft security seem less one-sided. The report is also careful to cast Microsoft's security improvements in guarded terms.
"The worms in 2003 showed there's a long way to go before Windows is secure, and [they] prompted Microsoft to refocus on improving security," the Gartner report says.
"By 2005, Microsoft's server software products will be at or above the industry security average. Progress is further away on the desktop, but the market likely has driven Microsoft to take desktop security more seriously. Given Microsoft's dominance in the desktop market, it should demonstrate its commitment to being a security leader by providing a security update to Windows 2000, even at this late stage of the product's life cycle."
Sadly, the last comment betrays a bit of ignorance about Microsoft's security plans. Although the company recently released an XP security rollup and has discussed its high-profile service pack plans for Windows 2003 and XP, Microsoft will also ship major security updates for Win2K in 2004.
According to Gartner, by 2005 the "security costs" of Windows-based servers will equal those of UNIX and Linux servers; presumably these costs are higher on Windows today. Most of the improvements will come from customers adopting modern Windows versions, dropping less secure products such as Windows NT 4.0 and Windows 98, as well as from the security-oriented updates Microsoft will ship for Windows 2003, XP, and Win2K this year.
In related news, Gartner analysts also issued reports stating that Longhorn will be the likely Windows successor, that Microsoft SQL Server Yukon will be delayed and won't be significantly different from earlier versions, and that Microsoft's Software Assurance (SA) licensing program will be crucial to the company's revenues going forward. Yes, they get paid to write this stuff.