Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Cheaper to Patch Than Open Source?

Posted by Zonk on from the fud-for-breakfast dept.

daria42 writes "Is Windows cheaper to patch than open source software? Of course this Microsoft-commissioned report thinks so - but a number of people disagree, including a key Novell Asia-Pac exec, Paul Kangro. Kangro highlights problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' says Kangro. 'When I patch my Linux box I don't need to bring it up and down any number of times.' Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."

20 of 473 comments (clear)

  1. Xen by mattdm · · Score: 5, Informative

    [...]problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' [...]

    Oh, come on. Practically speaking, we don't have Xen for Linux *now*. Sure it's cool and all (which is why it's slipped into this basically unrelated story) but it's not nearly ready for the Linux mainstream and I'd be surprised if more than a handful of people are using it heavily in production.

    1. Re:Xen by DBarker · · Score: 5, Informative

      I think that Paul Kangro may have been talking about "Zen" for linux a Novell product (See link http://www.novell.com/products/zenworks/sneakpeek. html ) that is an update to Ximian Red Carpet Server and red-carpet client used for distributing patches to linux distributions and applications as well as imaging, and asset (inventory of hardware and software) management.

    2. Re:Xen by Lemming+Mark · · Score: 3, Informative

      Good question! Having virtual machines does make server management easier in many ways. Even something as simple as the fact Xen virtual machines rebooting quicker than physical machines might be helpful here.

      That said, I think the Novell dude probably meant "Zen". They should probably start calling it "ZenWorks" to avoid this confusion, since they also ship Xen in SuSE 9.3.

  2. apt vs windows update by xmodem_and_rommon · · Score: 5, Informative

    Really? The 'apt-get update && apt-get upgrade' i did earlier today on my debian (testing) box took less than a minute, and isntalled not just the latest security patches but also the latest versions of all my software. That was pretty-much free.

    Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.

    1. Re:apt vs windows update by nra1871 · · Score: 2, Informative

      This has to be one of my biggest pet peeves. Why do programmers feel the need to pop windows up right in front of my face, and always when I'm typing? Nothing should ever interrupt my focus, put a window in the background or on the toolbar, but NEVER interrupt my typing.

    2. Re:apt vs windows update by SomeoneGotMyNick · · Score: 4, Informative

      It's a couple of mouse clicks.

      OK. Sound easy. Let's do it.

      Clicks Start | All Programs | Windows Update
      Hmm.... just sends me to a MS web page. Meanwhile, for some reason I can't shut down the IE window until it finishes "checking" my computer for updated "Update Software"

      Clicks Start | All Programs | Accessories | System Tools.
      Hmm..... Nothing there for Windows Update.

      Left click on the Windows Update icon in the system tray (it's GOTTA be there..)
      Up pops a "Ready to Install" update screen.

      Whoops, I forgot I should RIGHT-CLICK the icon to get a detailed menu of choices. I right-click
      Up pops a "Ready to Install" update screen, no menu

      Ah, Control Panel...
      Click on Start | Control Panel
      Double Click on Automatic Updates
      There we go. A window with a green shield and a red shield and 4 radio buttons. Wait, they're all ghosted out!! And I'm logged in as an Administrator. I can't believe I go so far only to be blocked from changing the settings....

      apt-get and emerge seems so much easier to use...

    3. Re:apt vs windows update by Dammital · · Score: 2, Informative
      "I was running PaperPort on my Wife's Windows machine the other night and it automatically updated itself to 10SP1."
      But really, plain-Jane users ought NOT to be able to update the software -- PaperPort should NOT be able to update itself unless you are running with administrator privilege.

      Of course, I'll guess that you were running as an administrator -- one of those double edged sword things. It makes administration of the box a little easier for the user, but it also makes administration of the box by ne'er-do-wells easier too.

      In general, autoupdate is a bad thing, unless it's implemented as a formal XP service and detached from whatever user happens to be logged on at any given time.

    4. Re:apt vs windows update by ScentCone · · Score: 3, Informative

      Methinks you doth protest too much. For me:

      1) Open Control Panel
      2) Open Automatic Updates
      3) Choose 'Download updates for me, but let me choose when to install them.' (this was the default, by the way!)
      4) Done.

      Was that so hard? Definately better, though, to teach grandma how to get her syntax exactly right at the command prompt. That's much better.

      --
      Don't disappoint your bird dog. Go to the range.
    5. Re:apt vs windows update by jlar · · Score: 3, Informative

      "Was that so hard? Definately better, though, to teach grandma how to get her syntax exactly right at the command prompt. That's much better."

      Or maybe just show her how to use synaptic (a nice graphical front end for apt). Then her applications will be updated as well - and she will be able to search for and install new applications if she pleases.

    6. Re:apt vs windows update by Anonymous Coward · · Score: 2, Informative
      "For the rest of the morning (until I caved and rebooted the bloody thing) Windows Update popped-up an annoying dialog box every ten? fifteen? minutes inviting me to restart the PC."

      You can get rid of this by doing "net stop wuauserv" on the command-line.

  3. Can't agree by dark+grep · · Score: 4, Informative

    I just can't agree with that report. From 1999 to 2002 I did work for a datacentre with 150 Linux servers and 26 NT and then Windows 2000 server servers. Keeping figures on those I can say that the total downtime due to upgrades and patching for both groups in total was almost the same.

  4. .yeah, right... by Anonymous Coward · · Score: 2, Informative

    until recently, I was in charge for the Windows servers patching for a ~1000 units server farm, and all I can say is Microsoft sucks big time when it comes to fix high availability systems. I even developped in-house a patch management system because of the chronical unreliability of SMS for patch distribution. Comparing to a Linux based system using the simple APT, Microsoft is nowhere, useless, dangerous.

    SUS, SMS, WUS, ... all are great when you speak about gui, all sucks when you speak about efficiency. Not to mention the poor quality of M$ patches themselves: just have a look at the troubles a MS05-019 can provoke.

    Yeah, a good linux distribution wipes the floor whith the M$ patching goof.

  5. Re:Windows vs Microsoft products by xmodem_and_rommon · · Score: 1, Informative

    does it? Around six months ago I was at a relative's house trying to figure out why excel was showing print previews on A3 even though the paper size was set to A4. So I decided to isntall the lates service packs, and had to go to another website, "Office update" that is seperate from windows update to get them.

    (oh btw the problem turned out to be that the DPI wasn't set)

  6. Xen or Zen by Trongy · · Score: 2, Informative

    Do you think that Novell's Kangro might have been talking about Novell Zenworks for linux?
    http://www.novell.com/products/zenworks/

  7. Re:Reboots by Nytewynd · · Score: 2, Informative

    That's true. But you can argue that any system critical enough already has load balancing and redundancy. All of the Unix machines I work with have mirrors and load balancing. I don't know many people that patch their production machines while they are live anyway. Even though it is possible, it is still highly dangerous.

    Both sets of hardware are about the same, so the cost is a wash.

    --
    /. ++
  8. another cost that is lost in the translation by Kookus · · Score: 1, Informative

    When I patch a windows server, it concerns me when it asks to be rebooted.
    For example, when the latest service pack came up for Windows 2003 Server, It took a lot of balls on my part to hit that restart now button. I've had it in the past where it would break something and I'd end up having to do a complete reinstall, costing my company thousands of dollars of just lost productivity.
    Sure, I'm suppose to have an identical machine to test these things out on with an identical setup, but realistically how many companies have the money to buy two of everything?
    On my linux machines, I only fear things like a dependancy breaking and losing 1 program, for example KDE, but that isn't necessary for a server to work (well it shouldn't be installed on a server ;)) but lets say some other program bailed on me, it's not like everything is so tightly coupled together that I got to do a compelte rebuild. The programs that are required for business operations I always have installed manually, so I never really lose more than a few seconds to just change the symlink back to the old version. In this case, people probably wouldn't even know anything happened.

  9. Re:Get the facts? by kernelfoobar · · Score: 2, Informative

    @ Windows has SUS
    Actually, you can distibute patches with Linux as well. You can use yum and point it to a local repository with the selected updates/patches or all, then have the yum service running which automatically updates the system for you. (guys, am I incorrect here?)

    --
    Here we go again!
  10. Re:Get the facts? by Loonacy · · Score: 2, Informative

    In addition to yast and yum, in Mandrake you can set up an RPM source (as a directory, share, HTTP URL, or removable media..) and it will update from there. So you would only need to download the patches to one central server, and set that up to be the repository for all the other computers on the network.
    Pretty much any distro with package management can be used this way.

  11. Re:Well ... Insightful? Hammer geeks unite ! by ckaminski · · Score: 2, Informative

    I hate to tell you, but there *ARE* hammer geeks out there... note that said geeks (blacksmiths) are usually building tools to do certain tasks, but they certainly are modding hammers... :-)

  12. Re:Get the facts? by Ogerman · · Score: 2, Informative

    Windows has SUS, whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.

    Windows has one distributed patch management system. With Linux/BSD/etc. there are multiple approaches depending on what works best for your organization. Every Linux distro I've used is quite flexible in this regard. In my opinion, the ultimate is diskless workstations running off a fast file server (SCSI RAID, 1000Bt network). (30-40 workstations per server, replicate servers as needed) You can use local hard disks for caching if you like, but the ease of administration is the same.

    Advantages:
    - workstations are stateless and can be swapped out on the fly with no syncing
    - reduced heat, power usage, and noise from workstations
    - no need to either leave machines on at night for automated updates or initiate updates upon startup
    - guarantee that everyone is using the exact same software

    Updates are pretty much as simple as running a package manager on the master shared filesystem root used by the diskless machines:

    chroot /diskless-root
    apt-get update; apt-get upgrade