Slashdot Mirror
Microsoft Claims Firms 'Hitting a Wall' With Linux
maxifez writes writes to tell us that Microsoft has released yet another independent study downplaying the viability of Linux at the enterprise level. The study claims that Windows is "more consistent, predictable, and easier to manage than Linux." From the article: "The study, commissioned by the software giant from Security Innovation, a provider of application security services, claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts." Vnunet.com has also provided a PDF of the original report.
How is this news?
God spoke to me.
Here is a translation from babblefish for those that don't read bullshit.
More consistent: It crashes the same way every time I press the start button.
Predictable: It will crash at least once a week
Easy to manage: There aren't any extra settings in the windows to set that confuse people.
With Linux, they couldn't figure out what they needed to press to make it crash and couldn't determine out when it would crash.
Yet another "independent" study.
Also I am pleased to notice that the "independant company" that spewed out this "commissioned report" (see the microsoft page) lists Microsoft on their partners page, and from what I can tell no one who has even heard of Linux (with the exception of HP). Since it looks like their business depends on selling enhanced security products, I can see why they wouldn't be too keen on having people show an interest in Linux.
Security Innovation designed this study to be repeatable, and we believe that the results are consistent with what customers are experiencing in the real world.
And if I wander over and look at my main Linux file server, I see an uptime of 125 days (it had over a year uptime before I physically had to move the server to a different location). During that time the server's files were available 24/7 with absolutely zero problems. Needless to say we have had way fewer problems with the new Linux server; the old Microsoft server crashed or had to be rebooted on a regular basis; the people before me actually had a planned "weekly reboot every Friday evening". When it came time to replace the Microsoft server, Microsoft didn't fare so well, especially when it came time to pay big piles of $$$ to upgrade it: basically we could have bought two linux file servers for the cost of the Microsoft software upgrade costs alone. Hows that for a real-world example?
I Am My Own Worst Enemy
"Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts"
What the study failed to mention is that 86 per cent of the time to implement was spent convincing the executives and attorneys that using Linux was worth pursuing.
Trouble making decisions? Just flip for it.
The study claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts.
yeah, maybe true. But how about maintaining them later, for years, with zero downtime?
#
#\ @ ? Colonize Mars
#
Predictable and consistant are not always good ;)
;)
I can predict Windows will consistantly crash more. Not sure how that is a selling point tho
It is fairly easy to manage, just press reboot every now and then. Ok, they probably have that point.
--
Given enough personal experience, all stereotypes are shallow.
The key, as always with these "studies", is to find the portion where it deviates from Reality. That is, where it uses some strange definition or where the sysadmins choose some bizarre action.
...
In this "study", that step into UnReality begins where all systems are required to stay on the same time-line for upgrades.
This means that what would otherwise be a normal upgrade from SLES 8 to SLES 9 instead becomes a strange mix of back-porting patches from SLES 9 to SLES 8. In other examples, the sysadmins are downloading code from the glibc and mysql sites and applying it to those server WITHOUT TESTING. So, over time, the SLES systems become unstable.
Meanwhile, no non-Microsoft supplied code is applied to the Windows boxes.
Of course, the one who commissions the "study" gets to choose the criteria
... an independent study commisioned by the Vatican demostrates that God exist.
Hitting a wall isn't the worst outcome. If you have Windows, you might just crash right on through and go "Splat" on the pavement below.
"In a world without fences and walls, who needs Windows and Gates?"
Linux may have more implementation overhead but the results, I would argue, are generally superior.
$someone_influenced_by_microsoft claimed that Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts.
Well, I'm not suprised - They're probably busy reading slashdot half of the time.
According to Netcraft:
My Websites Hosted on Linux:
Last Reboot: 468 days
Last Reboot: 331 days
Last Reboot: 664 days
Other of My Websites Hosted on Windows:
Last Reboot: 3 days
Last Reboot: 9 days
Last Reboot: 11 days
Customers wanting to switch from Windows to Linux: 3
99.999% Uptime and 50% happy customers: Priceless
CP
How pathetic is it when the only people who say nice things about you are the people you PAY to say nice things about you? That's like paying people to be your friend.
MSFT has the best friends money can buy.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Linux administrators took 68 per cent longer to implement new business requirements than their Windows counterparts.
They forgot to mention that 67.3% of the windos counterparts did not solve the problem at all because they did not know of a vendor who had the software available, and those were not included in the statistics. Also, 23.1% of the windos projects were ten times over budget. 17.5% of the windos projects were fast, but in violation of on average 7 EULAs and 3 other license agreements. 55% of the Linux projects were slowed down by the requirement that no Free or Open Source software could be used, while 15.8% were limited by the requirement that no non-microsoft software could be employed, and Wine was specifically disallowed. Also, 97.5% of statistics are made up on the spot, including 87.3% of those who are conducted by so-called "independent institutes" for lots of money. Finally, 99.87% of studies paid for by someone surprisingly reveal exactly what the customer asked for.
Assorted stuff I do sometimes: Lemuria.org
Miscellaneous anti-Windows/Linux argument!!!!
It's "PLOAF," not "P-LOAF." Ask about it.
"The study compared two teams of experienced IT administrators running Windows Server 2000 and Novell SUSE Enterprise Linux 8, then monitored their progress as they upgraded to Windows Server 2003 and Novell SUSE Enterprise Linux 9."
But the PDF says:
"Specifically, for the database server role, we considered three configurations; Microsoft SQL Server 2000 on Windows Server 2003, Oracle 10g on Red Hat Enterprise Linux 3 and MySQL on Red Hat Enterprise Linux 3. In order to produce a meaningful comparison of platforms, the systems studied were manually installed and their configurations were verified."
Red Hat Enterprise Linux 3 is the only Linux distribution listed in the PDF. Also the fact that "the systems studied were manually installed" is probably why the upgrade was problematic. If you want your upgrade to be easy, install from the distribution, not manually. I also wonder why they did not test MySQL and Oracle 10g on windows. There are windows versions of these software packages. When you are comparing systems running different software, you are not just doing an OS comparison. You are also comparing the software packages. They might just as well have compared Red Hat Enterprise Linux 3 running Oracle 10g to Windows Server 2003 running Microsoft Access 2003.
Insert Generic Sig Here:
More consistent: it does, start button I press, same way crash.
Predictable: A week crash will once it at least.
Easy to manage: Extra Windows settings to confuse people it will, arent there?
I've been using Fedora for a long time now, but this report has given me some doubts. In the interests of fairness, I should probably give this "Windows" a go. Sourceforge doesn't seem to have anything - does anybody know where I can download it for comparison? ;P
Weekly reboots.
Get a copy of Win2K3 on your box. Create a directory that's 3 directories below the root.
Put 200,000 files in that directory (size of each file does not matter).
Now, watch the application that reads and writes files to that directory get slower and slower over time. Until you need to reboot the box.
For an instant problem, open that directory in Explorer. All of your processor speed will be eaten by the "system" process. Even after you close Explorer. Rebooting is the only thing that will clear the problem.
4 red hat 7.3 DNS servers. Have never required a reboot since installation.
1 red hat 6 machine that lasted 6 years without an OS related reboot (the hardware started to give and the box had to be decommissioned)
1 database/web server running SLES 8 has gone over a year and a half without a reboot.
1 webserver running debian stable no reboot since installation
1 proxy server running SLES 9 w/ squid that was set up in under a 1/2 hour under emergency conditions (old proxy hardware died unexpectedly) running 20 days under extremely heavy load until new server came in.
1 database server running SLES 8. A year since last reboot.
And those are all the ancient boxes. We've got many more linux boxen that are too new to have aquired a long uptime.
From the article:
experiencing significant reliability issues resulting in higher total cost of ownership
*shrug* I've had none of these issues they speak of. All of our installs are quick, stable and long lasting. In fact, I've never had a production upgrade break anything, and never had an install take longer than a couple of hours in even the most complex of setups.
This whole "get the facts" campaign is just silly. I don't know why they keep on with it. I've been working with Linux for years and never run into any of the problems they have "documented".
Hey Balmer, want an anecdotal story of Windows breaking? Our mapping department had a Windows 2000 installation with their mapping software. One day it just breaks. 5 people standing around the box scratching our heads. No one had any clue why. Random reboots, blue screens, the whole works. We reinstall many times. Nothing. Do all the upgrades, patches and fixes. Nothing. Sounds like hardware, right? Nope. Upgraded to 2003 and worked fine since.
The fact that the box could have run 2 years without major issue then break out of nowhere with 5 very smart people trying to solve the issue and can't makes me wonder.
Get the real facts.
If an officer ever threatens to taze you, say you have a pacemaker.
The problems start at page 25. Here's the beginning:
Whitepaper location:
http://www.securityinnovation.com/reliability.sht
My 2000 Advanced Server uptime:
/help for more detail.
C:\Documents and Settings\wysoft>uptime office
\\office has been up for: 121 day(s), 0 hour(s), 39 minute(s), 23 second(s)
Estimate based on last boot record in the event log.
See UPTIME
Bite it.
hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
Hogwash. It is easy to install software on a Windows user's PC while they are using it.
1) Package the software as spyware.
2) Upload it somewhere on the internet. Anywhere. Doesn't matter where.
3) It will inevitably find its way to all the Windows computers in your office within 20 minutes.
5) Profit!
If you are worried about the wrong people getting your software, add something to the package that detects the identity of the host and have it delete itself if not in your office.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
... is a relative term I could compile a report like this demonstrating that Linux admins take 68% longer to perform a set of cherry picked tasks you can do alot faster on a Windows machine that has a nice easy to use GUI management tool specially designed to do those same tasks. I could also demonstrate to you that Windows admins take 68% longer to perform certain cherry picked tasks because those same Windows GUI management tools (Windows command line tools tend to suck ass) simply don't enable you to perform those tasks as efficiently as you can by doing them with shell/perl scripts on the Linux command line. Comparing Windows to Linux/Unix is to some extent akin to comparing cats and dogs. The design philosophies of Linux/Unix are fundamentally different from those of Windows. The former are meant to be more flexible and targeted at better educated operators while Windows seems to be geared firstly towards corporations who want something that a relatively low skilled person, preferably without a high level of education (and thus a lower salary), can easily administrate and secondly it is geared towards the mostly clueless average consumer. Then there is OS.X which does an admirable job of being just as easy, if not easyer to use than Windows, (while still being more secure) but it still has all the power of Linux/Unix making it a nice compromise.
Only to idiots, are orders laws.
-- Henning von Tresckow
The link posted in the story is not correct.
m l
Just click through and don't give them any info. You can still download it.
http://www.securityinnovation.com/reliability.sht
In the PDF speaking about RHEL 4 including selinux compared to RHEL 3 which doesn't have selinux...
"The data indicated does not seem to indicate drastic security vulnerability improvement for RHEL 4"
I usually don't get pissed off about these Microsoft studies, but this is more than FUD. It's a lie. They compared the security patches for RHEL 3 and 4 over a 2 1/2 month perdiod. RHEL 4 had more. They indicate that selinux did not make RHEL 4 more secure. The point of selinux isn't to lessen the number of security advisories. IT'S ANOTHER FUCKING LAYER OF SECURITY. It's akin to a firewall or antivirus. It's exactly like saying "the month after microsoft released Windows defender, 38 new viruses were detected in the wild. The month before only 30 new viruses were found in the wild. Windows defender seems to have little effect on spyware and viruses." There's no connection. selinux would make it so a vulnerable piece of software would have a harder time being exploited and an even harder time getting total system control. A hole is a hole. Whether or not it is easily exploited or not doesn't matter. It needs to be patched regardless. If sendmail has a buffer overflow that selinux is able to mitigate, sendmail still needs to be patched. Whether or not they will be able to successfully exploit it is another question. It doesn't stop the fact that sendmail has a buff overflow.
You'd think a "professional" security agency would have more sense than that, but aparently not.
k thx get the lies campaign.
If an officer ever threatens to taze you, say you have a pacemaker.
A few years ago (admittedly my Linux knowledge wasn't what it is today) I set up a dual boot system for my girlfriend. Windows 98 and Redhat 7. It took me 6 hours to get Windows 98 installed and configured with all the apps she needed (MP3 ripper, VNC server, MP3 player, IE, Outlook Express and her dial-up connector). I also took the time to set up a custom Quick Launch bar with simple one click access to applications so it really worked a lot more like an applicance for her. It took me 6 DAYS to get Redhat configured to do the same things and a host of extra things that I couldn't afford to set up in Windows. However, when I tallied up the cost of software to do the same exact things in Windows, I was looking at about $6000 for software alone.
On top of that, the Redhat installation ticked along for four years solid with not a glitch other than an occasional fsck due to a power outage. The Windows installation needed to be fixed and re-installed at least 35 times in that same period of time. And Windows still didn't have all the functionality that the Redhat install did. She ditched Windows once it was no longer a work requirement. She's now my wife and we have several Linux boxes (she's no techie) and one XP box that only I use for the occasional video editing foray. (I've recently rediscovered Cinelerra and will likely be losing the XP box within the next year)
The point here is which would you rather have your admins doing? Spending all their time fixing ailing boxes with multiple occurences of downtime over the years? Or... spending a longer period of time getting it "right" and not having to do much with it due to the LACK of downtime for the box? I think Microsoft loses yet again.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
I don't know if you RTFA, but I did...
/. Editors Here]
then I looked at the linked PDF and got confused,
because that PDF is about database security.
The correct Link:
MS Summary Page
The PDF
[Your Complaint About
[Fuck Beta]
o0t!
They had a year to study this and came up with some unusual metrics to say the least. For those who did not read the 44 pages of PDF, let me summarize some of my observations:
- They appear to be more comfortable with Windows than Linux. There is nothing wrong with that except they do not account for it in the time to complete tasks.
- They compared a Windows box running MS SS against two versions of Red Hat running MySQL and Oracle. That the did not use the same data bases on both OS slants the numbers from the start. Even if they wanted to avoid MySQL, they could have selected an Oracle installation.
- They counted vulnerabilities at the component level. So a shared library that had a vulnerability, but was used by both the installed OS and the database is counted twice. One used by the OS, the GUI, and the database, three times, etc. They state this is fair, but this would automatically penalize a Linux distribution because MS does not get counted twice in any case.
- The Red Hat installations were done manually and minimal installations. They then had problems, and make commentary on the difficulty of the upgrades. I would be very interested in the detail of what they did for the install. This appears to be a self-inflicted wound claiming to be otherwise.
- They make an big deal about what ports are open in the default installation. They comment that MS continues to allow MSUpdate, a good thing, but that Linux left the port for up2date open, a bad thing. Again, as a minimalist install they should have secured the ports, but that is dumb argument regardless. Admins who leave a machine wide open deserved to be fired. Because MS now ships theirs with everything closed is a side effect of the number of complaints about bad admins leaving the server in its out of the box state.
- Days to resolve a vulnerability are dangerous guides. First, a vulnerability has to be reported, then verified. We are dependent upon the vendor (MS, Oracle, etc) to correctly reflect these. However, almost anyone can and does report one for OSS - and that is a good thing.
In general, they speak of vulnerabilities and the ability to respond to business requests. I would like to see the requests they specifically refer to. While 68% sounds like a lot, is it the difference between 12 and 26 seconds? I just cannot see in my day to day activities it taking me more than half again as long to do anything and it is far less to image entire boxes. I wonder if this is a familiarity thing.
It is really time someone from RedHat or SUSE took a study like this and dissected it for a comparison 1:1 with MS. None of this it counts twice or differing databases garbage, a real compare. The top 20 tasks an admin will perform in a year. If we loose at least we know what to focus our energies upon. (What does not kill us, makes us stronger)
Supporting a mixed (Windows/Linux/Solaris) environment, I just do not see a 68% difference anywhere for an experienced admin.
FTA:
Acknowledgements
This study and our analysis were funded under a research contract from Microsoft
o_0
'Go for the eyes, Boo, go for the eyes, aaarrrrrrrr!' -- Minsc
My biggest problem with the article is the claim to "predictability and consistency". They probably haven't seen any of the past 20 AD implementations. I have seen AD, Windows 2000, and Windows 2003 show extreme unpredictability and terrible consistency. I have seen some crazy GPO get applied to users out of the blue, and I've seen some of the craziest errors ever. I think linux has the predictability and consistency, however, there is a little bit of upkeep required and a little more well trained tech staff, but hey, you get what you pay for. Deal with it.
YOU'RE WINNER !
Another lame blog
It's true, generally it's a lot less timeconsuming to implement project requirements in Windows, as opposed to Linux. But, I've also found it's true that it's much easier to make future changes, tweaks, etc using Linux. The norm in Windows is to get an inflexible, easy-to-implement installer package and wizard.
So, the ease is there, but the advantage of flexibility lies with Linux/*NIX. I think this is for both a cultural, as well as a technical reason. Normally, Windows users/admins want something thats easy to get up and running, and they don't have a particular desire for real flexibility.
Looking at the PDF linked from the original article, which is actually about RHEL3, not SLES, you can see that they start making the right noises about only installing minimal software for a database server, but when you reach the detail near the end on page 41, you find they have GNOME, KDE, Editors, Graphical Internet, Development Tools, etc. selected. The excuse is no doubt that that's what Oracle list in their "deployment guidelines", but so what. If the approach is to try and install a minimal system, in the face of what the vendors may say you can get away with using, then that's what they should do.
Given the funders of the study, I would expect the SLES study to be equally flawed.
Another potayto-potahto issue is that they go with following the severity risk in Mitre etc., but that doesn't mean that that severity is relevant to their database server installation. Something may be high priority on Linux if it allows a local user to become root, but a database server should not have any old users logging in, nevermind running any old application. In fact the whole class of security issues resulting in improper raising of local user privileges is something that Windows has not really begun to tackle yet, due to not really being a very good multi-user system. They've instead been dealing with the far more serious remote exploits.
So can you compare even "high" priority vulnerabilities on Windows and Linux? I think not.
Of course, the new systems are actually usable, as secure as I can make them, better integrated with the rest of the business environment, and much easier to maintain and expand.
It's easy to do things quickly when you get to skip the planning stage. Ask your stereotypical long-bearded Unix guy to implement web services and you'll be lucky to see the first draft during the same fiscal year - and no amount of pressure will make it happen any faster. Of course, it'll work correctly from the first day and will exceed the total workload of the quick-hack system within the first month, but that doesn't look pretty on this year's financials so a lot of managers aren't interested.
Dewey, what part of this looks like authorities should be involved?
The independent report, paid for by the Ford Motor Company, shows that 67% of GM customers hit walls.
"We feel that this incredibly accurate and indisputable information will demonstrate that GM is inferior, and that the only vehicle anyone with any brains of any kind should buy is a Ford." said Melvin R. Boarshyte, public relations representative.
The world's burning. Moped Jesus spotted on I50. Details at 11.
This attitude of "I'm not going to maintain my servers because I try to compensate for my tiny penis with a long uptime"
Okay, so the parent poster was CLEARLY flamebait. I think that they do have a point - the grandparent poster running "4 red hat 7.3 DNS servers" and "1 red hat 6 machine that lasted 6 years without an OS related reboot" does seem to be emphasizing uptime over security though. Either you take an hour or two to back up your data, set up redundant services, and upgrade according to your schedule, or someone might force you to update at a "less convinient" time.
"What do you think?" "I think 'What, do you think?!'"
Bullshit. Sun, IBM, and Novel are marketing Linux to the very high end of the spectrum. If you want pro-Linux studies, do a Google search.
Linux is a grassroot effort like the anti-tobacco movement -- both are backed by many millions of dollars.
I upgraded our 3 Debian servers to Sarge "apt-get distro-upgrade" in about 2 hours. With the exception of the mail server we had no significant down time. The mail service was turned off during the upgrade to avoid any errors.
Every one of our WindowsXP machines (no servers) were virtually unusable after the Service pack 2 upgrade for most of a day.
Having to work for a living is the root of all evil.
OK, it's time for me to repost what's involved installing a private certificate server on Windows 2000 via its "intuitive" point-and-click GUI. (You forgive me if I just link to it, not wanting to repeat slashdot's lameness filter hell for this kind of post.) It compares the Linux way and the Windows way. These were the actual procedures used, that I carefully documented, for two different projects that accomplished exactly the same goal. Here it is. (Scroll past the lameness filter stuff at the beginning.)
Did you guys *read* the paper ? I did as long as I didn't have to vomit.
On Windows they applied some normal patches; while the 'milestones' on Linux included real heavy stuff: upgrading glibc, upgrading mysql. Plus patches.
When I upgrade mysql and glibc I upgrade from W2K to Server2003; so to say.
Serious upgrading and normal patches cannot be compared.
So, to me, it is and remains FUD.
On purpose they would not use a period including an update from W2K to 2003; or XP. Even less one when you migrate Exchange from 5.5 to 2000 or similar.
They feel the pain and now spend some big money to some Herbert, PhD, to invent a useless situation.
Deception.
[ends]