News

Gartner Blasts Microsoft on Security

Microsoft Corp.'s recall of its Internet Explorer security patch last week prompted analyst John Pescatore of Gartner to direct more withering criticism at Redmond. Pescatore came to prominence last year for his notorious bulletin advising IT managers to consider replacing IIS Web servers with Apache due to security concerns.

The latest Pescatore missive, a Gartner FirstTake issued Wednesday, is called "Microsoft Must Plan -- Not Patch -- for Software Security."

Pescatore's bulletin is pegged to Microsoft Security Bulletin MS02-005, which includes patches for six new IE problems, three of them critical, and also rolls together all current fixes for IE. (See story).

According to the Gartner bulletin, Microsoft announced the patch on Feb. 7 but had to withdraw it until Feb. 11 due to an error in the patch.

"The problems with the latest major Internet Explorer patch shows that Microsoft has made security promises it cannot yet keep," the bulletin alleges.

The promises Gartner cites are an October 2001 vow from Microsoft senior vice president for Windows Brian Valentine that Microsoft would do "whatever is necessary to ensure the process is complete" and the Bill Gates Trustworthy Computing memo of January.

The Gartner bulletin discounts the code review Microsoft has been conducting in February, as well.

Security cannot be “tested” into software; it must be a high priority from the start — during requirements analysis and product planning," the bulletin says. "Microsoft would also do well to order its product management and marketing personnel not to hype the company’s newfound 'security focus' until they can point to some concrete results."

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus