September 18, 2006 11:37 AM PDT
Cisco exec: Windows Vista is scary
"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."
Gleichauf told CNET News.com's sister site ZDNet UK that Cisco views the Microsoft operating system update, set for broad release in January, as a bearer of possible solutions to security problems, but also as a potential trigger of security issues.
"Vista will solve a lot of problems. But for every action, there's a reaction and unforeseen side-effects and mutations. Networks can become more brittle unintentionally," Gleichauf said.
The Cisco executive's remarks come as Microsoft and the European Commission move deeper into a tug-of-war over security features in Vista. The company wants regulators to set clear guidelines as to what it can include in the operating system, but the Commission will say only that Microsoft must abide by its competition rules.
Systems complexity needs to be taken into consideration in any action plan for Vista implementation, he added.
"If you're embracing Vista, it's not going to be 100 percent initially. It's going to create more heterogeneity for a while," Gleichauf said.
Analysts from Gartner have also found that many businesses are nervous about integrating the security features in Vista with their legacy systems.
"Most organizations are cautious about Vista," said Eric Ouellet, vice president for research, security and privacy at Gartner. "(Companies) already have security tools which are being built into Vista. The risk is to go to another system. There's always going to be some hits," Ouellet told ZDNet UK.
"The risk you have to manage is: Is Microsoft going to get it right first time? Maybe yes. But are businesses going to take that risk?" he asked.
Microsoft has not helped to reassure customers by pushing back the release date of the operating system and changing some of the promised features.
"People don't know what's coming down the pike," Ouellet said. "TPM (Trusted Platform Module) is now not fully integrated--you can't rely on the feature and function set. Microsoft's moving the goalposts is definitely adding to the heartburn."
Tom Espiner of ZDNet UK reported from London.
79 commentsJoin the conversation! Add your comment