Message to users: 'Stop using Microsoft's web server software...'

Analyst house Gartner has strongly advised companies against using Microsoft's web server software because the security risks involved are so high.

The analyst house has issued a controversial advisory note to businesses, recommending companies hit by Code Red or Nimda look at alternatives to Microsoft's Internet Information Server (IIS).

Gartner recommends products from vendors such as iPlanet, and the open source Apache server software. Gartner believes that one reason the security risks in using IIS are so high is because Microsoft supplies security patches too slowly.

John Pescatore, analyst at Gartner and author of the advisory note, said: "Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely revised, thoroughly tested release of IIS. Sufficient operational testing should ensure that security vulnerabilities every software product experiences has been uncovered and fixed."

Although hackers and virus writers tend to target the most commonly used platforms and applications (which to all intents and purposes means Microsoft software), the familiar criticisms of the way the company operates are resurfacing.

Jan Guldentops, a founding partner of open source security firm Better Access Labs, agreed: "Microsoft is very good at marketing but bad at technology. They are notorious for releasing products that are rushed out with fanfares but turn out to be very poor quality. I am glad companies are being warned about the pitfalls of MS technology."

The security concerns surrounding Microsoft's technology will have ramifications for .NET enthusiasts, as Gartner is advising companies to wait until the company has fixed the problems properly - clearly not an overnight job.

Deri Jones, senior manager at security testing company NTA Monitor, said: "Companies will need to take a long and hard look at their next IT spend

"Microsoft will have a lot to answer for now. It will have to start engineering its products with security in mind."

Bruce Schneier, a US-based security expert, said that the human factor has been ignored when releasing immature technology.

"The patching method doesn't take into account the human factor - people cannot always keep up with all the patches issued, and there is the added problem that patches may damage other parts of the network," he said.

Microsoft refused to comment.