Prominent security analyst John Pescatore has put a new twist on the Windows cost of ownership debate with a call for enterprises to add the expense of managed intrusion prevention software to the price of Microsoft's
Pescatore, a vice president and research fellow at Gartner, said companies must recognize that the expense of configuring systems to deal with critical security vulnerabilities must be included in the total cost of ownership when alternatives to Windows servers and PCs are being evaluated.
"Many of the vulnerabilities that continue to be identified in Windows 2000, XP and Server 2003 are easily exploitable," Pescatore wrote in a research note. "Attackers will continue to develop worms that will cause damage equal to, or more severe than, the system shutdowns and network congestion caused by the Slammer worm. Enterprises that are dependent on Windows systems must invest both in means to patch more quickly and in host-based intrusion prevention software for all Windows PCs and servers."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iIn an interview with internetnews.com, Pescatore said the rate of mass worm attacks against the Windows operating system has speeded up rapidly since the destructive Blaster worm hit enterprise networks last summer. "The appearance of the [newer Sasser] worm makes it the shortest time ever -- just 18 days -- between the appearance of a vulnerability and the beginning of an attack," he said.
Because malicious attackers are coming up with exploits in such a short time, Pescatore said enterprises are forced to include configuration management and software distribution system or patch management systems alongside firewalls, anti-virus and behavior-based intrusion prevention software for all Windows PCs and servers.
"Even though the market for host-based intrusion prevention software will not be mature until the end of 2005, enterprises must budget for, and procure, these products now to secure their critical Windows-based systems," he added.
He said businesses have opted to use Windows because it's cheaper and easier to support, but with the recent spate of mass attacks targeting flaws in the software, Pescatore believes the real cost of ownership is much higher. "Every time you budget to put Windows somewhere, you have to start budgeting for intrusion detection," he said. "The attacks are coming faster and faster and, in some cases, there is the potential for day-zero attacks."
"We don't see enterprises including those costs when they're comparing alternatives, but those are significant add-on costs," he added.
Pescatore recommends that enterprises budget adequate additional funds to expand security efforts. "Enterprises that have not yet made investments in configuration management and software distribution: Allocate funds for patch management systems that can make patching before attacks more feasible, while also ensuring the stability of Windows systems. Simply turning on Windows' automatic update feature is not enough."
The cost of ownership issue was at the heart of recent debate between supporters of the open-source Linux operating system and research firms hired by Microsoft.
Supporters of Linux cried foul when Microsoft released research reports commissioned from research firms IDC, Giga Research and the META Group that questioned total cost of ownership (TCO) of Linux. The analysts had pegged Windows enterprise server environments as less expensive to maintain than comparable Linux setups.