5 April 2004 A technology analyst is disputing Microsoft’s claims that Windows Server 2003 is more secure than its predecessors.
On 1 April, Microsoft chairman Bill Gates sent a letter to customers, citing a big fall in the number of ‘critical’ or ‘important’ security alerts that have been issued since the latest version of its operating system, Windows Server 2003, was released.
Gates claimed that during its first 320 days, Windows Server 2003 was the subject of nine serious alerts — or an average of one every five weeks. However Windows 2000 Server, the previous version of the software, had 40 serious alerts during its first 320 days.
But Joe Wilcox, an analyst with Jupiter Research’s Microsoft Monitor, claims that Gates has dramatically exaggerated the improvement in security vulnerabilities, since the way that Microsoft classifies security alerts has been changed between the time of Windows 2000 Server and Windows Server 2003.
He told TechWeb that he had found 15 security alerts for Windows Server 2003 since its release in April, as opposed to the nine quoted by Gates. Furthermore, he discovered that in the first 320 days of Windows 2000 Server there had been 28 security alerts, not Gates’s 40.
“Mr Gates and I must have a different way of counting,” said Wilcox. “My point is one of credibility, something Microsoft could use a little more of right now.”
To further strengthen his point, Wilcox cited a soon-to-be-published Jupiter report that found that only 36% of IT managers from businesses with revenue of $50 million or more thought Microsoft security had improved.
Microsoft Monitor is a new research initiative set up within Jupiter to help vendors make the most of market opportunities created by new Microsoft initiatives.
Microsoft was unavailable for comment.