The report said that all small businesses could benefit from sharpening their negotiation skills to squeeze as much as possible out of vendors.

By using their purchasing power and understanding what was available in the market, businesses could acquire security products such as anti-spyware and personal firewall free.

'Don't pay extra for anti-spyware. If your vendor does not provide this service free, let it know you are considering switching to an alternative vendor that does,' the report said.

Gartner said that several major players in the anti-virus market, including Symantec, Trend Micro and Panda Software, already offered some anti-spyware functionality in their products.

Small and medium-sized businesses should also use Microsoft's entry into the desktop security market to negotiate better pricing with incumbent anti-virus vendors, the report said.

Apart from the free personal firewall, Microsoft's Windows XP Service Pack 2 (SP2) operating system has a feature called data execution prevention which, together with a PC processor that supports NX (no execute), can block attacks.

NX is a processor switch that can stop code from running in memory segments assigned to data, which is a method to deal with worms such as MS-Blast or Slammer.

However, not all PC processors are NX-supported. Gartner said all AMD Athlon 62 processors supported NX but Intel's processor did not start supporting NX until September 2004 with the feature called 'execute disable'.

'We regard the combination of SP2 and NX as a valuable improvement in PC security and advise SMBs to select this for their next PC platforms,' Gartner said.

'Confirm which of your existing desktop systems have NX support and ensure that all new desktops purchased have this capability.'

Regardless how often Microsoft's products are targets of attack, the software giant is making considerable efforts to boost security.

The latest Internet Explorer Version 7 (IE7) should reduce the ability of malicious software and spyware to use IE to harm a machine. Gartner suggested SMBs should install and test IE7.

'From a security perspective, Windows XP SP2 or Vista should become your platform of choice,' it said.

In addition to sharpening negotiation skills, Gartner said SMBs should harden security by using their existing suppliers.

Some firewall vendors, including Cisco, offer a free upgrade to include intrusion prevention system functionality to their clients that meet certain maintenance requirements.

'Although SMBs can get started with basic IPS for free, they should consider [intrusion prevention system functionality] as a more strategic investment to protect vulnerable systems until they can be patched,' Gartner said.

Internet service providers (ISPs) can also help secure a company. More ISPs are taking steps to ensure the bits that they provide are clean by adding basic anti-virus and IPS capabilities with the connectivity offer.

'If your ISP knows bits are bad it should block them,' Gartner said.

'Ask for inline anti-virus and worm-filtering as a standard part of your network connectivity contract.'

The report said many SMBs had already made appropriate investments in the desktop anti-virus and network firewall segments. Although SMBs struggled to determine which security products to invest in under a limited budget, by implementing the suggested steps they could significantly reduce their exposure to attacks without tapping their IT budgets, Gartner said.