Users Reject MS Independent Study Claims

PenguinCandidate writes "End users from various corners of the Web have whole-heartedly rejected Microsoft's claims that an independent TCO comparison between Linux and Windows would be something akin to the second coming. Said one senior Linux architect: 'With Linux and open source, it is possible to arrive in a position where the organization has increased control over its situation [and reduced] its long-term costs. That's a highly desirable outcome and I doubt we'll ever see a Microsoft-funded study which will come to that conclusion.'"

Gaming the cost of migration

[starfishsystems]

These Microsoft TCO studies present an analysis that seems ready to backfire on them.

The reason there's a high cost of migration off Microsoft systems is because Microsoft intentionally planned it that way. The "embrace and extend" strategy and many similar practices have been found in law to be designed for the purpose of making migration expensive.

If I were running a fair and objective TCO comparison, I would seek to measure the cost of migration both on and off each platform. Ideally, this would track costs not just once, but over several cycles. Since computing infrastructure is constantly evolving, a realistic TCO analysis has to deal with this scenario.

Intangible costs

[HangingChad]

I know for a fact there are intangible costs associated with MSFT products that can't be documented in a TCO study.

For instance, one customer had SQL server go offline, taking down one of their primary applications, after the last round of security patches. I tell them to test the patches, but they don't want to spend the money. Go figure. Instead they pay me money to come in a fix what stops working. Every time there's a security patch update, I know I'm going to be busy.

For the Linux/MySQL installs I have to keep a book of SOP's next to the server because it's so seldom that anything goes wrong. If I don't make notes how to do stuff, I have to learn all over again the next time.

So, yeah, if you don't make notes then OSS does take more time because you forget what you did last year when X happened. And that information probably won't be on a tech support site somewhere.

With MSFT it seems like you're dorking with your servers all the time. I work on Windows and Linux servers and my opinion is that the Linux servers are more reliable and cost less to operate. That's hard to quantify but every time I see a MSFT TCO study I keep wondering how they get the numbers to come out in their favor.

Aimed at Corporates

[nukenerd]

You are missing the point. The "Get the Facts" campaign is aimed at corporates, not Mom & Pop. In a company like the one I work for (15,000+ desks) all installation is done by a contractor and maintenance by the IT Dept. The PCs (Windows) are absolutely locked down. The 15,000 users don't need to be taught RPM or APT.

800 hours to learn Linux "to be equally skilled as ... in Windows"? LOL! The people working around me know no more about Windows than how to switch on, type a memo or e-mail and then click the "Save" "Print" or "Send" button. Most would not know how to begin installing software, hardware or setting up a network. They would barely notice if they were in Word or Open Office.

As for Mom & Pop, they would be just as fine with pre-installed Linspire. But most will stick with Windows because they (incredibly maybe) think it's cuddly, and they love that nice Mr Gates who has given so much to charity - isn't he a self made man who we would all like to be? Anyway, won't Linux break their PC? - there is a sticker on it that says it's desinged for Windows XP. Windows will always have a place at the bottom end of the OS market.

Re:Linux and Windows

[oliverthered]

'If someone is new to linux, they might get the software for free, but then what about the time it takes to learn Linux?'

Well, here's a personal study from my PC experience.

I used to use DR-DOS and GEM but moved to Microsoft DOS and Windows when Windows 3 came out, I then moved to windows 3.11 when that came out (TCO was a ligit copy of MS-DOS, and a pirate copy of Windows) it didn't take too long to pick up windows (or DOS) but it took years of fiddling to get the best performance out of it.

After that I moved to Windows 95 and started writing Windows applications and continued writing DOS applications. Windows 95 didn't cost me anything either, except for the guilt of using pirated software.

After that I moved to Windows NT at work and Windows 98 was just being released. After trying someone is new to linux, they might get the software for free, but then what about the time it takes to learn Linux?g to get Windows 98 to work on the office network we decided not to bother with it and keep most of the clients running Windows 95, it was about this time that I discovered Linux and installed it on my home PC.

Since then I have never run Windows on my local machine, have all the software I want and run no pirated software. Since my switch my TCO is now far less than if I were running Windows I've never had a viruses or Trojans to clean up, I'm still running the same brand software as in 1998 and my administration times on Linux are a fraction of what they would be on Windows, especially if something starts playing up(from experience of working mainly with windows at work for most of my professional carear)

It took me quite a while to pickup Linux in the early days, mainly the time it took to work out how to read man pages properly but once started everything fitted into place nicely, it took less time to learn Windows but years to find out exactly how it worked and how to work with it.

The only TCO type problems I have with Linux are:
1: A new KDE always screws up my settings when I install a new version.
2: Sometimes it takes a while to find a working driver (including fixing them)
3: Good well polished software can be hard to come by (but then again a lot of companies use bispoke solutions so it doesn't matter too much, and they can get the source to the unpolished software and make it a little more usable)

For the record I have never formatted a HDD to re-install Windows, I usually install another version of windows and copy everything that's needed (license keys, settings etc...) from the defunct Windows registry. I have had to do a couple of complete reinstalls of Linux but my current setup has been going for about 5 years (across different Linux vendors!).

Re:Seriously...

[n0-0p]

I really have to disagree if your implication is that relative security is easy to measure between two systems. I also wonder why you would take Aitel's shameless pandering to mean anything more than he's a self-serving mercenary. That TC0 paper is just an advertisement for Immunity and their tools.

Back to the more important topic, switching from MS to a completely Open Source platform normally requires changing the whole software stack. In such cases you can't do a line by line comparison between the two different implementations. Handling of layered defenses and hardening measures vary too much between environments. Any valuable asessment has to view the system as a whole, including it's environment.

I've seen good and bad implementations on both sets of platforms. I admit that I like the freedom of Open Source and the ready access to code makes evaluation easier. It is my personal preference but I don't see it as a panacea of security and I'm sick of both sides slinging mud at each other.

I'm still weary.

[RingDev]

Skilled *nix admin (IE: certs, trained, 5 years experience, related degree) goes for $50k+ a year arround here.

Skilled Windows admin (IE: certs, trained, 5 years experience, related degree) can be had for under $40k a year.

Coughing up a one time $3k license for a server is a drop in the bucket when compared to $10k salary, taxes, and benis to be paid yearly.

-Rick

I saved money

[rolfwind]

Microsoft is still hard at work trying to create that perception:
http://www.microsoft.com/windowsserversystem/facts /casestudies/CaseStudy.aspx?CaseStudyID=17131 [microsoft.com]

As a personal user - I can testify quite the opposite - if I include not just the OS, but all the programs I use.

Before leaving the Windows world, I used the following programs because I couldn't find a free one to get work done. I'll list the price I remember paying:

WsFtp (~40)
PhotoImpact(80)
Quicken (30)
Spybot - Detect and Destroy (free, donated $15)
MS Access - (300 ?, needed a DB program)
MS Visual Basic ($99, not full version which costs as much as $699 IIRC)
Tiny Firewall (was free when I used it, it seems to be $49 now)

Cost I had to pay: $550 (Not including donation)

Now with Linux, I use:
gFtp (free)
Gimp (free)
GnuCash (free)
No need for Spyware detectors (had 3 free ones on Windows) nor for Virus detector which is also free on linux (ClamAV) - could get free one on Windows (AVG)
Program using either KDE IDE or GCC.
Don't need a DB program now but plenty of free ones out there.
Have a firewall - just don't remember the name now:)

With OS - All free.

I know there are some free solutions on Windows - but the Windows environment has a lot more shareware and promotes pay-for software while Linux gives you a lot more tools off the bat to get what you need done.

I appreciate that alot.

Re:But what is TCO anyway?

[n0-0p]

When the software is no longer supported by MS and you need security updates you don't really have a choice. I ran a pen-test against a business unit of large organization that chose not to upgrade from Office 96 to 2K. They figured they could safely skip a version to 2003 because there were no compelling new features and it wasn't really worth it.

Unfortunately there were several security vulnerabilities discovered in late 2000 including macro execution vulnerabilities for Word, Powerpoint, and Excel. MS was not providing patches for these issues on anything below Office 2K and their only response was to disable macros in all of the applications or upgrade. Neither was on option for them because they had apps that needed macros and the software budget couldn't cover the upgrade cost at that time.

During the pen-test we determined that these guys had a pretty good DMZ setup and very limited Internet presence. We still wanted the keys to the kingdom so we just ended up harvesting email addresses and firing macro exploits with callback trojans. In the end we owned the whole network and they looked really bad. And all of this occurred because they chose not to follow their vendor's forced upgrade path.

Re:Seriously...

[ergo98]

This is the only thing close to a neutral study...

ARE YOU KIDDING? That piece of Slashdot karma-whoring claptrap was universally panned as being rife with terribly amateur errors and omissions, and the only people who took it seriously were the people who felt it vindicated their position. Petreley is an absolute laughing stock moron whose only readership is a couple of die-hard Linux zealots.

Actually, I find Microsoft marketing pretty lame

[melted]

They have some pretty good products, with some pretty good features. Yet 90% of their customer base know about only 10% of features, and buy their products not because they get better (and they do), but because Microsoft rams them down their throats.

They need to rip off Apple marketing. Those fellas know what they're doing. I'm convinced, if Microsoft outsourced marketing to Apple, they'd boost their revenues at least 30% and grow a huge, rabid fanbase in a matter of 2 years.

Not entirely accurate

[WindBourne]

Not only are the users clued up, but so are the developers. Quite honestly, almost all, if not all Linux distros are superior to Windows for security. If the day comes that Windows is more secured then Linux (i.e. far less bugs and comes secured out of the box), then Linux will have issues.

With that said, I noticed in my logs today that somebody was making a concerted effort to kill my home server and 5 other servers that a company that I help with owns. In a 5 hour period, there were no less than 20,000 attempts, mostly aimed at root via sshd (which was shut down ages ago). Most of the systems( there were 20) that were coming at these boxes were Windows, but 3 of them appear to be macs. I thought that was interesting.

Re:imagine that

[BitterOak]

Now, if the article were about a Linux study which showed that Linux saves money compared to MS products, and a Microsoft employee was quoted as saying the study is flawed, and a Slashdot user posted "wow a Microsoft architect disagrees... imagine that", he/she would be modded +5 Insightful. Fascinating how the moderation system works on slashdot.

Re:TCO is important

[utnow]

1. If you're choosing an option, you plan to stick with it for a while. Cost of migration away from their system is a very long term cost, and while it should be taken into account, will be minor compared with the cost of maintaining the system durring operation.

2. In your lockin comparison you cite how hard it is to move from Windows to linux, or Windows to Mac (or anything) and then you cite how easy it is to move from Linux to Linux. I assert that there is just as much overhead involved in moving from Linux to Windows as vice versa for all the same reasons (different file systems, different conventions, GUI familiarity).

Anyone who switches to Windows is going to want to use the strongest software options for that platform. This means using Office on Windows. Open Office (or whatever you think is strongest) on Linux, and iWork on Mac (to use that example).

All of these packages are starting to use very similar file formats, but there's still a migration cost involved. Training to use the new software, minor glitches involved in importing files, etc.

I make no arguments as to which is better for any reason or use. But I don't think that a migration cost is going to be too different no matter what direction you're going.

Where are views probably differ is that while RedHat is a company, I don't see the lock-in coming from them so much as the Linux community as a whole since Linux is the OS and Fedora/RedHat whatever is a distribution.

And like any construction project, building and destroying a computer system is a very minor cost compared to the every day maintanence and operation. Use cooling as an example. I think a system that can manage the CPU in a more efficient manner, save CPU cycles, and reduce the heat that is produced is going to save alot more over entire life (365 days a year 24hrs a day) than a $150 copy of Office (and windows is switching to an XML format anyway :P ).

Re:Seriously...

[NickFortune]

Yes, yes, yes. Ken Thompson's paper describing how a malicous compiler can, theoretically, compromise any secirity function on a platform by inserting backoors into login programs and the like. It's one of the great hobgoblins of the UNIX world; a campfire story that *NIX geeks use to scare one another before bedtime.

However Ken describes a theoretical possibility. As a real world scenario I can't give it much credence; It's all a bit too Mulder and Scully for my taste. Besisdes, if there were such a backdoor, the script kiddies and spammers would have been using it since forever. D00dz! t3h Sikrit L1nux P@ssw0Rdz R "transubstantiation". Ch3ck 17 0uT!

Still, for the sake of the discussion, let's suppose the scenario is credible. Because Microsoft too use compilers. In fact since windows is more widely deployed than linux, you could argue that windows is more likely to suffer from such a systemic security compromise since the payoff for the culprit is higher.

Thompson explains his scenario in terms of UNIX, but there's nothing there that couldn't be applied to Windows. In fact, all the criticisms iplicit in Thompson's paper apply to all platorms, so it's really rather of a null argument when discussing comparative security.

So maybe I cannot be sure that my iptables module contains no backdoors. I can however have a far higher degree of confidence in my firewall than I can in the XP firewall, or in (say) Zone Alarm.

And that is all I ever claimed.