Dealing with widespread worms like Sasser raises the cost of using Windows, a research analyst said Wednesday. Mark Nicolett, research director at Gartner, recommended that enterprises boost spending on patch management and intrusion prevention software to keep ahead of worms, which are appearing ever sooner after vulnerabilities in Windows are disclosed. "This is part of the carrying cost of using Windows," said Nicolett. "The cost of a Windows environment has gone up because enterprises have to install security patches very rapidly, deal with outages caused by secondary problems with these patches, and deploy additional layers of security technology."
Although he placed some caveats on his numbers, Nicolett said that informal surveys with Gartner clients indicate that simply moving from a no rapid patch deployment capability to an ongoing process that can respond quickly to vulnerabilities raises the cost of using business by about 15 percent. Nicolett"s advice stemmed from the recent outbreak of the Sasser worm, which began striking Windows systems last Friday and has infected a large number of machines world-wide, with estimates ranging from 100,000 to well into the millions. "The Sasser worm attacks confirm our prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on April 13 were likely," said Nicolett and his Gartner colleague, John Pescatore, in an alert posted on the Gartner site.