Users Reject MS Independent Study Claims

PenguinCandidate writes "End users from various corners of the Web have whole-heartedly rejected Microsoft's claims that an independent TCO comparison between Linux and Windows would be something akin to the second coming. Said one senior Linux architect: 'With Linux and open source, it is possible to arrive in a position where the organization has increased control over its situation [and reduced] its long-term costs. That's a highly desirable outcome and I doubt we'll ever see a Microsoft-funded study which will come to that conclusion.'"

Gaming the cost of migration

[starfishsystems]

These Microsoft TCO studies present an analysis that seems ready to backfire on them.

The reason there's a high cost of migration off Microsoft systems is because Microsoft intentionally planned it that way. The "embrace and extend" strategy and many similar practices have been found in law to be designed for the purpose of making migration expensive.

If I were running a fair and objective TCO comparison, I would seek to measure the cost of migration both on and off each platform. Ideally, this would track costs not just once, but over several cycles. Since computing infrastructure is constantly evolving, a realistic TCO analysis has to deal with this scenario.

Intangible costs

[HangingChad]

I know for a fact there are intangible costs associated with MSFT products that can't be documented in a TCO study.

For instance, one customer had SQL server go offline, taking down one of their primary applications, after the last round of security patches. I tell them to test the patches, but they don't want to spend the money. Go figure. Instead they pay me money to come in a fix what stops working. Every time there's a security patch update, I know I'm going to be busy.

For the Linux/MySQL installs I have to keep a book of SOP's next to the server because it's so seldom that anything goes wrong. If I don't make notes how to do stuff, I have to learn all over again the next time.

So, yeah, if you don't make notes then OSS does take more time because you forget what you did last year when X happened. And that information probably won't be on a tech support site somewhere.

With MSFT it seems like you're dorking with your servers all the time. I work on Windows and Linux servers and my opinion is that the Linux servers are more reliable and cost less to operate. That's hard to quantify but every time I see a MSFT TCO study I keep wondering how they get the numbers to come out in their favor.

Re:But what is TCO anyway?

[n0-0p]

When the software is no longer supported by MS and you need security updates you don't really have a choice. I ran a pen-test against a business unit of large organization that chose not to upgrade from Office 96 to 2K. They figured they could safely skip a version to 2003 because there were no compelling new features and it wasn't really worth it.

Unfortunately there were several security vulnerabilities discovered in late 2000 including macro execution vulnerabilities for Word, Powerpoint, and Excel. MS was not providing patches for these issues on anything below Office 2K and their only response was to disable macros in all of the applications or upgrade. Neither was on option for them because they had apps that needed macros and the software budget couldn't cover the upgrade cost at that time.

During the pen-test we determined that these guys had a pretty good DMZ setup and very limited Internet presence. We still wanted the keys to the kingdom so we just ended up harvesting email addresses and firing macro exploits with callback trojans. In the end we owned the whole network and they looked really bad. And all of this occurred because they chose not to follow their vendor's forced upgrade path.

Not entirely accurate

[WindBourne]

Not only are the users clued up, but so are the developers. Quite honestly, almost all, if not all Linux distros are superior to Windows for security. If the day comes that Windows is more secured then Linux (i.e. far less bugs and comes secured out of the box), then Linux will have issues.

With that said, I noticed in my logs today that somebody was making a concerted effort to kill my home server and 5 other servers that a company that I help with owns. In a 5 hour period, there were no less than 20,000 attempts, mostly aimed at root via sshd (which was shut down ages ago). Most of the systems( there were 20) that were coming at these boxes were Windows, but 3 of them appear to be macs. I thought that was interesting.