In brief: Report on Microsoft security mixed

Plus: Global IT spending should increase; new Apache fixes holes; Interwoven CEO quits; RIAA sues four students over file sharing.

A report released by Forrester Research last week shows that security is still tops the list of concerns for Microsoft users, but that those concerns are not deterring them from deploying Windows-based applications. Seventy-seven percent of IT security experts at companies with more than $1 billion in annual revenue say they have experienced Windows security problems in the past year. But 89% of the 35 respondents said they still run sensitive applications on the Windows operating system. The Forrester report lauded Microsoft for its ongoing efforts to clean up its security problems, but says the company still has work to do, specifically with patch-management tools. The report says the answer to better security lies in a partnership that connects Microsoft, independent software vendors, and users throughout the development, deployment and operations phases when running the Windows platform.

Unless the war in Iraq drags on, global IT spending will rebound this year, although not by as much as previously forecast, IDC says. The new forecast sees spending increase 2.3% over last year, a downward revision of a previous forecast that saw growth of 3.7%. War and uncertainty about the global economy were cited as causes. Assuming a “relatively short war” and economic stability, IDC predicts global IT spending this year will reach $852 billion. Overall growth will continue next year, with an increase of 4% to 6%, and hit 6% to 7% in 2005, analysts said, with the global IT market hitting $1 trillion in revenue by 2006. IDC is optimistic about an increase in network equipment purchases, driven partly by widespread broadband adoption and data network growth. It also predicts that the converged handheld market will provide a key boost to hardware, which will have a tougher time recovering because of “fierce price competition and continued capital expenditure declines from telecom operators,” IDC said.

The latest release of Apache 2.0 fixes a number of security vulnerabilities including an as-yet-undisclosed flaw that could be used to launch a denial-of-service attack against machines running the popular Web server, according to information released by the Apache Software Foundation. The new release, Version 2.0.45, is intended “principally as a security and bug fix release,” according to the ASF. Foremost on the list of fixed vulnerabilities was a security hole discovered by David Endler, director of Technical Intelligence at security intelligence firm iDefense. Details on the vulnerability Endler discovered were not disclosed, but Apache 2.0 users were encouraged to upgrade. Endler will publish a report on the vulnerability this week, according to the ASF.

Interwoven President and CEO John Van Siclen resigned last week. Company chairman Martin Brauns, who was CEO from 1998 to 2002 when Van Siclen took over, will fill in as interim CEO until a replacement is named, the content management software vendor said. Van Siclen joined Interwoven in 1999 as vice president of business development and later was promoted to COO. Interwoven will report quarterly results April 17, but said last week that it expects total revenue in the range of $24.5 million to $25.5 million and a loss of about 10 cents per share.

The Recording Industry Association of America has sued four university students who allegedly ran file-sharing networks on their school’s local networks. The students, two at the Rensselaer Polytechnic Institute and one each at Princeton University and Michigan Technological University, operated “local-area Napster networks,” the RIAA said in a statement last week. File-swapping pioneer Napster was shut down by the entertainment industry two years ago. The RIAA had previously identified campuses as a hotbed of music piracy, but the lawsuits are the first the organization has filed against students. Before, the RIAA’s legal fire was aimed mostly at companies offering file-swapping software such as Kazaa and Morpheus.