'Microsoft will not completely protect you' says Gartner

Gartner vice president Victor Wheatman publicly attacked Microsoft's approach to security, saying companies should not expect the software giant to entirely secure their networks
Written by Dan Ilett, Contributor

It's official: don't expect Microsoft to completely protect your network.

"We've all been part of the biggest beta test the world has ever known -- Windows. Microsoft will not solve all of the security problems, no matter what the richest man in the world says," said Gartner vice president Victor Wheatman in a keynote speech at Gartner's IT Security Summit on Monday.

Wheatman kicked off the conference saying that removing faulty software during operation was costing firms up to 5 percent more than finding flaws during quality assurance tests.

"One of the problems is that there are maybe only 500 software engineers in the world who can burrow around in that code to find the problem. That's something the industry needs to look at," he said.

But Wheatman had some good news for users -- he said that the level of spam on the network was dropping because spam technology was improving.

"Spam [on the network] seems to be in decline. The level of spam has dropped to a point where we can actually do our work now," he said.

Wheatman also used his speech to attack the media for what he said was hyping-up the threat of cyberattacks.

"People who hype up cyberterrorism, spam and phishing are creating more fear, uncertainty and doubt than is necessary," he said.

Board-level members will also require more information on how security is benefiting the firm, he said: "We will see more pressure put on IT security. Boards are going to want to see more information on securing the network to demonstrate the financial value of security."

Wheatman also called for security specialists to ditch their intrusion detection systems in favour of intrusion prevention technologies. He said that other technologies that firms could drop included biometrics, digital rights management and personal digital signatures. Instead they should shift investment into host-based intrusion prevention systems, vulnerability management and advanced encryption protocols.

More than 700 security professionals gathered at the conference in London today.

Editorial standards