Microsoft chairman Bill Gates has come under fire for his comments last week on the company's progress in improving security.

Joe Wilcox, an analyst with Jupiter Research, commented that Gates "must have a different way of counting", as he claimed Microsoft issued nine critical or important security alerts for Windows Server 2003 compared to 40 for Windows 2000 Server, during both products' first 320 days of release.

"I'd like to know if Mr Gates counted moderate or low alerts, seeing as how Microsoft changed how it rates security problems in between product releases," wrote Wilcox on microsoftmonitor.com, a web publication from the analyst firm.

Wilcox said he counted 15 security alerts for Windows Server 2003 since the product shipped in April 2003, which rose to more than 20 when products integrated into Windows, such as Internet Explorer Server 2003, were taken into consideration.

"I figure where there is one counting disagreement, there might be another. So I went back and counted up those Windows 2000 Server security alerts. I came up with 28 during the same span of time I got 15 for Windows Server 2003. Windows 2000 Server reached 15 alerts seven months after launch," he said.

While there have been fewer alerts for Windows Server 2003 compared to Windows 2000 Server during the first 11 months following release, Wilcox's point is one of credibility, "something Microsoft could use a little more of right now".

He added that an upcoming Jupiter Research report on Microsoft security reveals that a mere 36 per cent of IT managers from businesses with revenue of $50m or more feel that Microsoft product security has improved.