Slashdot Mirror
Microsoft's Magical 'Myth-Busting' Tour
Mz6 writes "Microsoft has launched its 'Get the Facts' road show -- the tech equivalent of a political battle bus -- to tour the country and convince the wavering that Redmond is as at least cheap and as secure as its open-source rival and to spread the word that Windows is better than Linux. Nick McGrath, Microsoft's head of platform strategy, described the campaign as 'a reality check we're bringing out', aiming to tackle the 'myths' surrounding Linux. Microsoft's road show will be in Edinburgh on June 17, Manchester on June 29 and Newport on July 7."
for the internationally-impaired, the tour is in the UK.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
Here is more coverage of the event with pictures.
Would it not stand to reason that the training costs and learning curve would be far more minimal simply upgrading to a newer version of an existing OS, rather than learn an entirely new setup? i'm dumbing it down a bit, but I hope you get my point.
http://www.microsoft.com/mscorp/facts/default.asp
3 50 - $1000 (no seat limit?)
Win2003 less then RedHat E3 or Suse8?
was it per copy or per seat?
per copy i can beleive
i find it hard to believe that windows won on the per seat.
http://www.redhat.com/apps/commerce/rhel/es/
$
http://www.pricewatch.com/
winServer 2003 5 seats - $150
winServer 2003 25 seats - $1150
so take a small business 100 machines plus servers.
windows - $4600 per server
redhat - $1000 total (for the uber delux edition, just to make it more fair)
People in Skopje, Macedonia were first, giving away 1000 CDs last week!
FSM gave away 1000 CDs of Knoppix and TheOpenCD at a similar event in Skopje, Mecedonia last week.
The problem with many studies on security is that they are not comparing like with like.
For example a Microsoft person should be looking at a bare install with XP, IE 6, and all service packs. Nothing else.
To contrast that with a Linux system you'd install RedHat / Debian and tons of extra softawre, basically whatever comes as part of the "default" installation - however this clearly has a lot more software included, Emacs, Vi, etc.
On the Linux side trivial security problems with games, or whatever would be counted - artificially inflating the security exploits on the Linux side.
True there have been several kernel security problems over the past few months, but they should be pretty much all that is compared against Kernel flaws in Windows + Internet Explorer bugs.
I've put up my own site on MySQL and Access, at: http://enthalpy.homelinux.org/MySQL/
:)
I've got a couple of pages on setup instructions and code examples, and finally a cost comparison with a full Microsoft stack. The full Microsoft stack doesn't exactly come out on top... If anyone has any comments on the figures, feel free to respond - I want it to be at least as free of bullshit as Microsoft's "Get the Facts" campaign
* Responsiveness: On average, Microsoft had a fix available 25 days after a security issue was publicly disclosed.
Notice how the response time for other OSes isn't even listed (is "Linux: less than 2 days" really hard to write?)
* Thoroughness: Microsoft was the only vendor to have corrected 100% of the publicly known flaws during the study's time period.
What they failed to mention was that MS was the only vendor with publicly known flaws. I'd also like to see how many flaws were discovered, and what the time period was, too (i.e. "18 flaws in 7 days" sort of metric).
* Relative Severity: Windows has the fewest vulnerabilities and the fewest "high severity" vulnerabilities of any platform measured.
I first mis-read this as "Relative Security". Your mind just reads what the mind expects, I guess.
Challenge Microsoft to give out their OS.
And office suite, don't forget the (only) other way they make $$$.
So 25 days, eh? Lets see what eEye lists in their upcoming advisories page... mmm Looks that Microsoft has closed some old advisories now, some months ago they had a very long list with very critical, remote vulnerabilities known for 6 months or more.
Looking at the costs/benefits of linux vs windows realistically, its easy to see where M$ gets some of their flawed conclusions, because they aren't entirely flawed, just not the complete picture.
The initial software cost is much higher for windows that linux.
However, *nix systems generally require more technical skill than windows systems to manage.
That means *nix admins demand higher salaries.
Long term, the increased salaries are going to be more that the savings in software costs.
Unfortunately, this is where Microsoft's analysis stops.
In terms of the man hours spent, Microsoft probably assumes the use of every available centralized management tool that they provide, and assumes it to work correctly. In the real world,
administrators rarely make use of such tools for
servers, except in extremely large scale enviroments. They are too complicated to set up initially, too difficult to learn, and they break frequently, because there is almost nothing for windows thats designed to be unattended.
The nature of a typical linux enviroment however, makes centralized administration much easier, *IF* the administrator sets the systems up properly to begin with. Thats where a large portion of the cost savings for linux comes in. If you are managing more than a handful of servers and don't have central patch & software distribution, configuration management, and central monitoring set up, you are probably wasting time and money.
Now, lets look at the security issue. Out of the box, linux and windows are arguably equally insecure.
*nix administrators work deeper into the guts of the system, and have a better understanding of how things interact. Linux, and other *nix systems don't have the black box mentality of windows, so with someone understanding both the system and the security issues, a VERY secure configuration can result, all the potential exposures can be understood, and risks can be kept minimal.
On the other hand, with windows, you see what microsoft wants you to see. With their history of hiding security flaws, and with the complexities of the system hidden behind a pretty GUI, its quite possible that there are less than a handful of people even at microsoft that know how it works and really understand how things interact. (Keep in mind that Microsoft has reportedly employed a highly compartmentalized development process, with very few people being allowed to see the whole of any project. They apparently don't even know whats going on with their own software.)
Bottom line from a cost factor, if all you have are one or two servers running windows, and you don't have a compelling reason to switch, don't. On the other hand, if you have a large number of servers to manage, you may be able to find a reason to switch, but look at the costs and benefits REALISTICLY, and plan well so that you actually save money.
From a security factor, every piece of software will have flaws. Those risks are easier to manage under linux, but they will be there. If you expect linux to be a magic bullet that makes all your security problems go away, it isn't.
Finally, if you decide to embark on ANY migration, do your homework. Make sure you understand what your network and servers are doing, and what buisness processes they support. Be prepared for unexpected dependancies, such as users storing files on network shares where you don't expect, or applications that have to talk to a program running on one of your machines. Most of these interactions won't be documented properly, even in a tightly controlled network.
Plan your deployment carefully, and implement centralized controls from the start, so that you avoid having to micromanage each server on a daily basis. Set up maintainance schedules. Don't neglect backups. A well planned linux deployment will save you money in the long run. A poorly planned one will be a bottomless financial pit.
So do you all and the whole Internet, my friend, that's what they call "worms"! I have seen in my logs countless of the same attacks against IIS, even if my system is clearly labeled as Apache. It just happens that attacking IIS systems is so easy that it has been automated, there are millions systems out there looking for IIS vulnerabilities. But, if you read carefully my post, you'll notice I didn't mention such automated attacks. The cracked sites I mentioned were those that crackers defaced by hand, that is, by a personal effort. But, in the end, it doesn't matter. Microsoft systems are more vulnerable to automated attacks, they are more vulnerable to people-initiated attacks, they are more vulnerable, period!
The problem: Linux has usability holes you could drive an aircraft carrier through.
Yeah, well, at least you can still drive that aircraft carrier. By contrast, Windows NT has reliability holes that left the USS Yorktown dead in the water.
I know, this is a cheap shot, but I just hate that hackneyed "hole big enough to drive X through" cliche.
This is a short write up of the event. Alain Williams wrote it & .
...
received comments from Phil Hands and Luke Kenneth Casson Leighton
The MS announcement
http://www.microsoft.co.uk/events/Ms EStdEventDisp. asp?params=fHx8fDB8bXNldmVudHN8MHww&EventID=80 61
****
All that you ever wanted to know about Linux but were afraid to ask.
Officially called:
20:20 Seminar Series: Microsoft Windows and Linux An open and honest technology discussion
How is MicroSoft presenting Linux to its customers ? We need to know so that we can be ready for
the challenge. MicroSoft is an important competitor, we cannot afford to ignore it, we cannot
just dismiss it with a smile of smug superiority
The undersigned were at the above MicroSoft presentation in London, England on 10 June 2004.
This is not a literal report, more an attempt to extract the ideas of what was said as sound bites.
There were some 300 delegates, about 90% wearing suits. MicroSoft was well aware that many
Linux types were present.
This was a carefully scripted event with someone acting like a TV chat show host. The banter and
'off the cuff' jokes (it is a good idea to keep your contact list of girlfriends protected from your wife)
were well rehearsed.
First part: presentations
Philip Dawson - Senior Program Director - Meta Group
. Open Office is incomplete and incompatible.
. Have to repackage when the kernel changes.
. Difficult to replace MS support with Linux equivalent
. Cost of ongoing integration & support
. Desktop:
* lacks ecosystem (exchange, active directory, office, 3rd party divers & apps)
* lack of admin tools
* requires ITO to do something
* desktop is about breadth, Linux is narrow
. Much of Linux uptake is Unix -> Linux migration, little Windows -> Linux
. The costs between Linux and Windows balance out when you buy RedHat/SuSE (Debian is
not suitable for the enterprise because there is no support).
. Should focus on services
. Problems with the different Open Sources licenses - if you want to base an app on Linux
you need to understand all the different licenses otherwise you will get into trouble.
. The Operating System is not comoditised, the battle is on the application stack, this
is where the focus is.
. Beware the corporate IP threat:
* You may loose control of your own written applications
* Liabilities from use of open source (eg SCO) (I think he said this)
. If you deploy Active Directory do not deploy Samba
. Moving shell scripts Unix -> Linux is difficult (ie so why not move to Windows)
. There is no hardware saving if you deploy Windows or Linux - ie the same number of boxes needed.
. He dismissed, as largely irrelevant, all hardware platforms other than Intel compatible ones.
. There were several other cheap jibes that showed ignorance but which would be taken
as true by many who are not familiar with Linux.
. Don't look at the TCO (Total Cost of Ownership), look at the ROI (Return On Investment).
. MySql is incomplete and does not scale. Don't compare MySql to MS-SQL, but it would be rude to MS Access
to compare MySql to it.
Nick Barley - Directory of Marketing - Microsoft UK
. Boardroom Boredom. Most boards don't really care about IT, they regard it as a cost that
never really delivers on what it promises.
. Why MS ? : "We make the complex simple"
. MS provides simple packages apps.
. "Its free v MS" is a not true headline, you need to look at the TCO.
. Linux cost has moved to the same as the MS model - RedHat charges now
. Ecosystem buzzword was used again, MS has a lot of partners: integrators, ISVs,
. With MS you get the software all from one place, with Linux if comes from all over,
he quoted Larry Ellison (I think) ''if you saw an airplane with wings made by differ
Another thing: show up with a $300 to $400 dollar web/database server, all new equipment with receipts, and ask them to duplicate that with Windows and IIS/MS SQL.
Cheaper my ass.
No matter how many of my rights are taken away, somehow I still don't feel safe. -Frigid Monkey
That caught my eye too. To MS, "publically known flaws" means flaws that they've publically admitted to. Very often, a vulnerability is reported to bugtraq and is roundly ignored for months. Finally, MS announce it and produce a patch, "on average", 25 days later.
"TITLE 17 > CHAPTER 12 > Sec. 1201.
1201. Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures. -- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title."
The title being 17, in other words, this applies to any technical measure on any copyright work.
Which includes CSS on dvds.
If you read further in that section you'll see the librarian of congress can exempt works, the librarian exempted these and only these (hint to save 30 seconds of your life, dvds under any circumstance are NOT on the list):
"(1) Compilations consisting of lists of Internet locations blocked by commercially marketed filtering software applications that are intended to prevent access to domains, websites or portions of websites, but not including lists of Internet locations blocked by software applications that operate exclusively to protect against damage to a computer or computer network or lists of Internet locations blocked by software applications that operate exclusively to prevent receipt of email.
(2) Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete.
(3) Computer programs and video games distributed in formats that have become obsolete and which require the original media or hardware as a condition of access. A format shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace.
(4) Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling of the ebook's read-aloud function and that prevent the enabling of screen readers to render the text into a specialized format."
Since you seem to be incapable of looking anything up on your own. The burden is on you to show ME where in the DMCA it says that decrypting (using something other than the licensed algorithm, thus circumventing the technical measure) a dvd for playback on your computer without authorization to do so, is an exception to this.
I'll help. You'll find Title 17 of the US Code Here at Cornell. Or you might prefer to look at it at the US Copyright Office. Or Brits might trust Oxford a bit more.
Have a good day.
P.S. I'm sure your fingers will heal and you'll be able to verify or fail to verify whether or not things you read in slashdot comments are true all by yourself next time.