Microsoft Claims Firms 'Hitting a Wall' With Linux 717
maxifez writes writes to tell us that Microsoft has released yet another independent study downplaying the viability of Linux at the enterprise level. The study claims that Windows is "more consistent, predictable, and easier to manage than Linux." From the article: "The study, commissioned by the software giant from Security Innovation, a provider of application security services, claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts." Vnunet.com has also provided a PDF of the original report.
forgot the scare quotes (Score:4, Insightful)
68% of what? (Score:4, Insightful)
What the study failed to mention is that 86 per cent of the time to implement was spent convincing the executives and attorneys that using Linux was worth pursuing.
Warning: possible incongruity detected! (Score:5, Insightful)
Predictable, consistent (Score:3, Insightful)
Well (Score:4, Insightful)
Linux may have more implementation overhead but the results, I would argue, are generally superior.
Honest? (Score:2, Insightful)
Re:forgot the scare quotes (Score:4, Insightful)
Re:Pot and Kettle... but... (Score:2, Insightful)
However, if you are just going to sit there and bitch to yourself about the problem but do nothing about it, that includes not even informing people that there is in fact a problem, you have no right to complain. You didn't try.
Proprietary (but for Linux):
I bitched for months to ATI repeatedly to get them to get suspend/resume to at least work a little and to make the video card stop sapping the power of my laptop like a vampire.
ATI 8.10.16: Initial suspend and resume support and power management. Huzzah!
Re:forgot the scare quotes (Score:5, Insightful)
I don't know why they bother honestly. My bosses bosses boss recently informed me that we use Microsoft almost exclusively. I just nodded and smiled, because it was easier to do that than explain that even our DESKTOPS are mostly Mac, and our infrastructure is 90% unix (Solaris, linux, bsd). The only people who really read those studies don't know what the hell they're talking about anyway.
I don't give a damn what microsoft's studies say. I've been using unix, linux, and windows for years, and unix and linux have ALWAYS been more reliable. I've got a 250,000 dollar machine hooked up to a brand new Dell box running 2003 that goes down as often as a nickel whore, and I am SICK of hearing from Microsoft that this is just my imagination!
Re:68% of what? (Score:3, Insightful)
That's what you get for actually thinking through what a sane implementation should involve rather than clicking "Install -> OK -> OK -> OK -> OK -> Reboot Now"...
Re:Nice to know (Score:5, Insightful)
On the Linux side, I simply rsync software to all our of workstations. I can even upgrade software people are using right at that moment (like rsyncing the newest thunderbird to /usr/local/thunderbird-1.0.7 while they use the thunderbird in /usr/local/thunderbird-1.0.6, and then moving the /usr/local/bin/thunderbird symbolic link to point to the new version). On the windows side, I wander around bugging people to take an early lunch or whatever while I install/upgrade software on their machine.
There are plenty of ways in which Unix-style systems are easier to administer than Windows boxes, but this is not one of them. Windows actually has quite decent remote administration tools these days, including a fairly nice infrastructure for performing remote installations. Assuming you add some third party components (or are installing to a server with Terminal Services), ad-hoc remote access is also quite good.
I'm a big fan of Linux (I have seven computers at home; six run Linux, one runs OS X, no Windows, not even a dual-boot), and I'd probably drive a bus before I'd work as a full-time Windows sysadmin, but even I can't let this sort of FUD pass.
I suggest that you learn Windows first, then rant about it. You'll still have plenty to rant about, but you won't look like an idiot doing it.
Re:Well (Score:3, Insightful)
Wow, what a pointless stat. (Score:3, Insightful)
And how long maintaining them afterward? How many flaws or deviations did their implementations have? How maintainable were the implementations?
I'm not saying that Windows automatically leads to that type of thing, but saying "hey, the implementation was done faster" is the most meaningless of statistics. I've had experiences where I took longer to implement a solution on the same platform as a competitor, but my solution was more complete, more fault-tolerant, and future changes took about a third as long. Which was the better solution? I suppose that depends on whether fast or good is more important.
This whole thing is a quantitative analysis without any consideration of qualitative differences, making it pointless as a basis for reasonable discussion.
This is why Microsoft gets accused of FUD: instead of comprehensively making their point about where Windows is a better choice than Linux, they produce pointless "flashy" studies like this that provide no real argument.
Re:forgot the scare quotes (Score:5, Insightful)
Part of the problem for MS, especially regarding studies, is that they are selling a "one size fits all" solution, whereas Linux allows numerous variations to best achieve your goals. MS is facing a tough battle, trying to convience everyone that they are the best solution for all situations (read as: easy to use for uncaring sheep), yet technically appealing to even the most distinct niche users.
As Mike Warnke once said as the moral of a long story: "If you try to please everyone, you're going to lose your ass." (How's that for an obscure reference?)
Re:Nice to know (Score:3, Insightful)
Claims of security (Score:4, Insightful)
"The data indicated does not seem to indicate drastic security vulnerability improvement for RHEL 4"
I usually don't get pissed off about these Microsoft studies, but this is more than FUD. It's a lie. They compared the security patches for RHEL 3 and 4 over a 2 1/2 month perdiod. RHEL 4 had more. They indicate that selinux did not make RHEL 4 more secure. The point of selinux isn't to lessen the number of security advisories. IT'S ANOTHER FUCKING LAYER OF SECURITY. It's akin to a firewall or antivirus. It's exactly like saying "the month after microsoft released Windows defender, 38 new viruses were detected in the wild. The month before only 30 new viruses were found in the wild. Windows defender seems to have little effect on spyware and viruses." There's no connection. selinux would make it so a vulnerable piece of software would have a harder time being exploited and an even harder time getting total system control. A hole is a hole. Whether or not it is easily exploited or not doesn't matter. It needs to be patched regardless. If sendmail has a buffer overflow that selinux is able to mitigate, sendmail still needs to be patched. Whether or not they will be able to successfully exploit it is another question. It doesn't stop the fact that sendmail has a buff overflow.
You'd think a "professional" security agency would have more sense than that, but aparently not.
k thx get the lies campaign.
Actually that sounds a little generous... (Score:4, Insightful)
On top of that, the Redhat installation ticked along for four years solid with not a glitch other than an occasional fsck due to a power outage. The Windows installation needed to be fixed and re-installed at least 35 times in that same period of time. And Windows still didn't have all the functionality that the Redhat install did. She ditched Windows once it was no longer a work requirement. She's now my wife and we have several Linux boxes (she's no techie) and one XP box that only I use for the occasional video editing foray. (I've recently rediscovered Cinelerra and will likely be losing the XP box within the next year)
The point here is which would you rather have your admins doing? Spending all their time fixing ailing boxes with multiple occurences of downtime over the years? Or... spending a longer period of time getting it "right" and not having to do much with it due to the LACK of downtime for the box? I think Microsoft loses yet again.
PDF does not match Article (Score:2, Insightful)
In addition the article mentions upgrading SUSE Enterprise 8 to SUSE Enterprise 9 while the PDF talks about using RED HAT EL 3 using MySQL or Oracle. The PDF further states that RH was used because is the "current leading distribution." If it is the current leading distribution, why wasn't it used in the other study as well? Why weren't both used in both studies?
I took the time to look at the PDF because I was curious what the "new business requirements" were. Was it simply the time it took to update to the next OS, or were there other requirements such as installing MS Exchange? If the requirement included specific software, which software was used and why?
Re:Well (Score:5, Insightful)
From the Summary (because who bothers to RTFA anymore?):
"...claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts..."
That much is probably true. Implementing some new process on a Linux box probably does take a bit longer. But here's the thing: Once it's done, it's done.
I've seen enough gawd-awful in-house software and scripts in Microsoft shops to know better than to be impressed by how much "faster" it is to adapt their shit. If you count all the down-time and set-backs which can happen after implementation, you probably ultimtely save a lot of time by going with a Linux-based enterprise.
But then, I'm not some kick-ass consulting firm which a big astroturfing... er... I mean independent study commission to put in the bank.
That alone makes study null (Score:2, Insightful)
Re:Well (Score:5, Insightful)
To be fair, you normally choose the OS and Hardware for the job. Microsoft likes to point out OEM boxes that are hard to install linux on, but then, thats like trying to put XP on all those old beige boxes and saying Microsoft sux0rs because of bad driver support.
SSDD.
One virus outbreak (Score:3, Insightful)
True, but (Score:4, Insightful)
So, the ease is there, but the advantage of flexibility lies with Linux/*NIX. I think this is for both a cultural, as well as a technical reason. Normally, Windows users/admins want something thats easy to get up and running, and they don't have a particular desire for real flexibility.
More patches? More software! (Score:3, Insightful)
Looking at the PDF linked from the original article, which is actually about RHEL3, not SLES, you can see that they start making the right noises about only installing minimal software for a database server, but when you reach the detail near the end on page 41, you find they have GNOME, KDE, Editors, Graphical Internet, Development Tools, etc. selected. The excuse is no doubt that that's what Oracle list in their "deployment guidelines", but so what. If the approach is to try and install a minimal system, in the face of what the vendors may say you can get away with using, then that's what they should do.
Given the funders of the study, I would expect the SLES study to be equally flawed.
Another potayto-potahto issue is that they go with following the severity risk in Mitre etc., but that doesn't mean that that severity is relevant to their database server installation. Something may be high priority on Linux if it allows a local user to become root, but a database server should not have any old users logging in, nevermind running any old application. In fact the whole class of security issues resulting in improper raising of local user privileges is something that Windows has not really begun to tackle yet, due to not really being a very good multi-user system. They've instead been dealing with the far more serious remote exploits.
So can you compare even "high" priority vulnerabilities on Windows and Linux? I think not.
I worked faster when I was ignorant (Score:5, Insightful)
Of course, the new systems are actually usable, as secure as I can make them, better integrated with the rest of the business environment, and much easier to maintain and expand.
It's easy to do things quickly when you get to skip the planning stage. Ask your stereotypical long-bearded Unix guy to implement web services and you'll be lucky to see the first draft during the same fiscal year - and no amount of pressure will make it happen any faster. Of course, it'll work correctly from the first day and will exceed the total workload of the quick-hack system within the first month, but that doesn't look pretty on this year's financials so a lot of managers aren't interested.
No such thing as 'bad' publicity... (Score:3, Insightful)
Re:I hope you get rooted like you deserve. (Score:4, Insightful)
Okay, so the parent poster was CLEARLY flamebait. I think that they do have a point - the grandparent poster running "4 red hat 7.3 DNS servers" and "1 red hat 6 machine that lasted 6 years without an OS related reboot" does seem to be emphasizing uptime over security though. Either you take an hour or two to back up your data, set up redundant services, and upgrade according to your schedule, or someone might force you to update at a "less convinient" time.
Re:forgot the scare quotes (Score:3, Insightful)
So in other words, the fact that papers attempting to disprove intelligent design are starting to appear means that there's merit to intelligent design?
No, it means the papers attempting to disprove intelligent design are as moronic as those that are supporting it. You can't disprove intelligent design. You can only show that scientific theories adhere to certain rules. Intelligent design doesn't adhere to those rules, adn therefore even qualify as a scientific theory. That's why it should not be taught in a scienc class.
Re:I hope you get rooted like you deserve. (Score:3, Insightful)
What about them? Do you have the faintest clue what that means? I'm guessing not based on your flamebait attitude.
Hint -- in order to make use of a "local root exploit" you have to have access to an account on the box. So unless you can get on the box, the local root exploit is a complete non-issue. Based on the GP post, most of those boxes are well behind a firewall and have either no or limited interaction with the world at large. And while that doesn't mean you can ignore things, it does mean that you can worry more about certain attacks than others. In particular if you keep the external interfaces up to date and use good ID software then your threat level for a local root exploit goes to just about zero.
In fact, you can keep just about everything except the kernel up-to-date and not have to reboot. I wish I could say the same for XP (which has vastly reduced the number of "must reboot" scenarios, but hardly eliminated them).
Remote root exploits are a much bigger issue... and are fortunately quite rare on Linux nowadays. Again, I wish I could say the same for XP.
Re:Well (Score:3, Insightful)
But MS is selling their product by telling you that you don't need those expensive, slow-poke engineers to write code for you. Just get a college drop-out who has been fully certified (by us) to whip out a quick VB script in the afternoon, and have it in place by the following morining when you come in to evaluate why your Help Desk budget has been running so high lately.
If following this advice leads to code which costs more time than it saves, I would agree that the blame doesn't lie entirely on Microsoft. It also lies on the CFO who actually bought in to that bullshit.
Re:Windows isn't as bad as many think (Score:2, Insightful)
As far as Microsoft's installation technical support, it is virtually non-existant, so this blow a hole in Microsoft's statement about superior support.
Windows upgrades easier. (Score:3, Insightful)
I upgraded our 3 Debian servers to Sarge "apt-get distro-upgrade" in about 2 hours. With the exception of the mail server we had no significant down time. The mail service was turned off during the upgrade to avoid any errors.
Every one of our WindowsXP machines (no servers) were virtually unusable after the Service pack 2 upgrade for most of a day.
Re:Bad Science (Score:4, Insightful)
This is a huge thing, particularly if you rely upon the vendor to acknowledge the vulnerability. There are a lot of vulnerabilities out there that are known (and sometimes even "in the wild") that the vendor refuses to acknowledge for various reasons. Often they'll finally acknowledge it shortly before (or on the day of) having a patch ready for it -- that way they look like they're "on the ball" to management even if the IT geeks know better. This is not a purely MS problem, nor is it unique to commercial/closed-source software, but it certainly seems more prevelant in closed source than open source.
I just do not see a 68% difference anywhere for an experienced admin.
I think this is what it always boils down to -- familiarity with one platform over another. I certainly know how to do certain things in Unix/Linux better than in Windows, and vica versa. That doesn't necessarily mean that Windows is better than Linux for a certain task -- it merely means that I'm more familiar/comfortable with one than the other. And that is a significant factor to base business (or personal) decisions on.
Re:Nice to know (Score:5, Insightful)
You just copy the files, move a link (guaranteed to be an atomic operation), and any new instances of the program are running the new code.
It's simpler than that, actually, if you don't mind the program being inaccessible for a few milliseconds. You just 'mv' the new file in place of the old one. New instances are running new code, old instances keep running old code. I never said Linux/Unix wasn't *better*, just that Windows wasn't as bad as the other poster made it out to be.
In Windows-land, you need to set locks, twiddle bits, edit the registery, God knows what. Sure, some "wizard" hides all this for you, but it's nothing like the simple equivalent Unix version. What happens if there's a power failure right in the middle of all this, for instance? Or if the computer runs out of RAM or disk? Yeesh. I just wouldn't trust it, no matter what the software author claims.
Actually, if they use the MS installer toolset, the installer will roll back the changes in the event of a power failure or other installation problem.
It's a prototypical Microsoft solution, actually. Compare them:
Of course, some of the added functionality that MS provides, like the system for centrally managing updates of many machines through a simple GUI, really is nice, so it has been implemented for Unix systems as well. But a Unix admin can get a hell of a lot done with nothing more than some shell scripts and ssh, including things that the authors of the fancy GUIs never thought to implement.
Re:Well (Score:5, Insightful)
Re:forgot the scare quotes (Score:4, Insightful)
They put Linux on the radar more and more with every one of these stunts. I'm with you - I really enjoy working with Unix systems. It's not because it's trendy to do so, it's because the Shit Just Works. I don't have to pour through vague event log entries on to fix problems with a clean install, I don't have to have a Microsoft tech come out and live with us for three weeks to address odd AD anomolies, and I don't have to use undocumented features to make something work.
The power of the Linux community simply can't be ignored. If you have a problem with just about anything with any OSS, you can always find a lot of information about it with a quick google search. The same is not true with Windows software - often times I get the dreaded "Sorry, no results found."
Nobody can honestly claim that Microsoft software hasn't improved in the last few years. It's a lot better then how things used to be. Unfortunately for them, it just doesn't matter anymore. They blew it. Linux is here, it's a lot more flexible, and it's not going away. It surrounds Microsoft from all sides (Very high end, embedded, very small (PDA's, cell phones)) and it's only a matter of time before it completely replaces Windows on core desktop and traditionally Windows based server environments.
It goes beyond the generic server arena, though. Have you have the chance to work with VMWare ESX server? It's awesome! Completely Linux based. Not only is the "service console" running Linux, the vmkernel itself is a customized Linux kernel which runs on top of it. VMWare ESX is so nice - you can really see what a Linux system is capable of: powerful, customizable, very easy to use.
That's the way I see it, anyways. And I do primarily Windows server work.
Microsoft is the worst for the professional... (Score:2, Insightful)
Unfortunatelly this is a major drawback for us, IT professionals. Microsoft sell the illusion that you don't need to invest on training and qualifing your professionals, you don't need to spend lots of money with highly trained people, with lots of experience. No, no, no, no... just upgrade your Microsoft products to the next great version, and you'll be able to keep you current underpayed employees.
With Linux, on the other hand, you must employ real qualified people, people with experience and that really knows "how stuff works".
Let's face it... most business won't invest on their employees unless they're forced to. And that's what Microsoft is exploring, saying that's cheaper to buy licences, than hire qualified professionals.
Re:Well (Score:4, Insightful)
Their login sequence includes loading the AV software and a few network IT notices. Sometimes this works, sometimes it doesn't.
Sometimes the volume icon appears in the tool tray. Sometimes it doesn't. I must then go to the control panels, Sound and Audio Options, disable the tooltray icon, apply, and then re-enable it.
Sometimes the Power Meter icon (userful for battery monitoring on a laptop) appears in the tool tray. Sometimes it doesn't. I must then go to the control panels, Power Monitor, disable the tooltray icon, apply, and then re-enable it.
Sometimes the icon for the automated network backup system appears in the tool tray. Sometimes it doesn't. I don't know how to cycle it if it doesn't appear.
Sometimes the icon for "Add/remove hardware" (aka hotplug) appears in the tool tray. Sometimes it doesn't. I don't know how to cycle it if it doesn't appear.
This is why Linux is both cheaper and better. Some things work and some things don't. But I have never had this "sometimes" bullshit on Linux.
Comparing apples and pears ! (Score:4, Insightful)
On Windows they applied some normal patches; while the 'milestones' on Linux included real heavy stuff: upgrading glibc, upgrading mysql. Plus patches.
When I upgrade mysql and glibc I upgrade from W2K to Server2003; so to say.
Serious upgrading and normal patches cannot be compared.
So, to me, it is and remains FUD.
On purpose they would not use a period including an update from W2K to 2003; or XP. Even less one when you migrate Exchange from 5.5 to 2000 or similar.
They feel the pain and now spend some big money to some Herbert, PhD, to invent a useless situation.
Deception.
[ends]
windows idiocy (Score:1, Insightful)