Slashdot Mirror
The Hidden Cost of Using Microsoft Software
Glyn Moody writes "Detractors of free software like to point out it's not really 'free,' and claim that its Total Cost of Ownership is often comparable with closed-source solutions if you take everything into account. And yet, despite their enthusiasm for including all the costs, they never include a very real extra that users of Microsoft's products frequently have to pay: the cost of cleaning up malware infections. For example, the UK city of Manchester has just paid out nearly $2.5 million to clean up the Conficker worm, most of which was 'a £1.2m [$2million] bill in the IT department, including £600,000 [$1 million] getting "consultancy support" to fix the problems, which including drafting in experts from Microsoft.' To make the comparisons fair, isn't it about time these often massive costs were included in TCO calculations?"
For example: The State of Vermont's Agency of Human Services just went through a similar exercise and I'm sure it cost them a fortune. The state is suffering financially as it is and yet, we haven't heard a WORD (there really isn't any investigative news in VT) about the outcome or how much it is costing
You might have a point.... except that Apache is far more popular than IIS and yet IIS is the one routinely attacked.
Really? You are allowing an infected machine to remain on the network with only a free firewall protecting the rest of your corporate network? Pulling a stunt like that would probably get me fired. It's not a matter of how technically sound the solution seems to be - it's a very high ongoing risk factor to the stability of the rest of the network.
As if the idea wasn't intrinsically bad enough, he said that he puts the free firewall on that box itself! What's to prevent the malware from simply deactivating or circumventing the firewall? Malware has proven itself able to deactivate all kinds of software -- Windows Update, A/V, etc. -- what makes your free firewall so special?
Seriously, disinfecting PCs without reformatting them can be a PitA, but it's still possible. Stop being so lazy / stupid.
Agreed that it's foolish. Some moron is bound to plug his thumb drive into it at some point, and spread the crap everywhere.
Still, we very seldom have viruses on our windows network, and the ones we get are all installed "accidentally" by stupid users, and they never spread because the network is well partitioned, and well configured.
If you're still having virus problems at that level NOW, there is something seriously wrong with the way your IT infrastructure is set up.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I meet your cost and raise you the cost of regular hardware upgrades necessary to continue running Windows. When XP came out, 256MB was plenty, now with the updates and everything, 1GB is cramped. When it came out, a Pentium 3 667Mhz was plenty, now a multicore multi-Ghz is needed. This too has to be taken into the TCO.
Karma Whoring for Fun and Profit.
You might have a point.... except that Apache is far more popular than IIS and yet IIS is the one routinely attacked.
Citation needed? ;)
Seriously, some data would be nice.
http://uptime.netcraft.com/up/today/requested.html
"Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck
That is no longer true. Windows Vista & 7 both default to a limited user, not admin. I've been using Linux for my OS for 8 or so years, but you gotta give credit where credit is due.
What a joke! I just tried this on my wife's Vista laptop. Your two options for account creation are 'administrator' or 'standard account', with 'standard' being the first defaulted choice. The only problem with this is that you can't install software at all with the standard account. Good luck with trying to install Microsoft Office from a standard account...
There is so much software out there that simply won't install correctly if the user is not an administrator, I don't even try any more...
And of course, this does nothing for the bulk of Windows home users, running Windows XP. These are the principal vectors of most malware...
You're essentially complaining that "being root lets you do stupid things". This is a given, and this is why we don't run as root all the time. I can't think of any distributions that don't make you log in as root (or use sudo) by default in order to install things via apt/yum/whatever.
No, the primary strength of Linux is that it is not attempting to cluelessly
pander to the "normal user". Apple panders to this sort of user but it tries to
be smart about. Microsoft tries to pander to this user and f*cks it up. If Linux
tries to follow Microsoft's lead in some sort of stupidity, there will be enough
users bellyaching that it's a really bad idea. Who's there to send up the red
flags in Redmond?
The Mac is a pretty good demonstration of the idea that you don't have to
be an idiot to accomodate "idiots".
Much of Microsoft's trouble comes from violating principles that were beaten
into your head if you were computing online in the 80s.
A Pirate and a Puritan look the same on a balance sheet.
You forget about the Linux server market, where Linux is number one, and this fact hasn't upped the amount of viruses whatsoever.
1. It's patched.
2. It only affects webdav which is disabled by default
3. webdav is an extension of IIS, not IIS itself. I wouldn't say a vulnerability in PHP is a vulnerability in apache.
4. it's not a remote execution exploit. all you can get out of it is access to some page you might not have been previously allowed. considering webdav is only really used for exchange, this probably isnt a huge deal.
Or connects through a firewall...
They call me the wookie man, I guess that's what I am
Microsoft's tech "support" costs are truly one of the largest hidden costs of ownership. Assuming you can get a human on the phone at Microsoft, you're frequently directed to the wrong person, the wrong automated telephone system with inappropriate choices, the wrong department, the wrong planet... Spent 3 hours this weekend trying to get my temporary Vista Enterprise software (temporary 30 day solution) downgraded to Home Premium, which I legitimately own without having to reinstall everything. I was trying to be honest. After 3 hours, I just gave up, got online and hacked the registry to turn off notifications. 3 hours, 4 tech "support" personnel in India, 5 different, useless phone systems and .....nothing. Microsoft's eventual demise will be their own fault, plain and simple. Windows used to make my life easier. Those days are long gone.
Please do not read this sig. Thank you.
Permissions, primarily. As I sit here in front of my Debian/Ubuntu machine, my user name is "guy". I can do nothing outside of my home folder. I can't infect another user's files, can't touch any system file, can't touch root's folder. There is no C:\Program Files - meaning that I don't have write permissions to ANYTHING outside my home folder. If I wish to install a program on this machine without becoming root, I can install it to my home folder. In such a case, the program has no write permissions outside my home folder. Using any programs that root has installed doesn't give me write permissions even to that program's folder - any data that the program needs to save to my profile, history, or whatever is written inside my own home folder. In fact, I don't have access to all the programs that root has installed. I have to become root to use things like Wireshark properly, or to use the package manager.
With Windows, a limited user has to ActiveX among other things. A limited user can save files to various places outside his home folders, unlike *nix. While the Windows Administrator can lock down a lot of Windows system files, he can't prevent even a limited user from making changes and/or writing files that might be booby traps lying around waiting to be executed by a more privileged user.
While NT variants of Windows are vastly superior to Win9.x in that they actually HAVE a security model, that model doesn't compare with that of any *nix system.
Until I type in my password for sudo or root, I have fewer privileges on Debian than I would have on a limited account on Windows. I can't even open an internet connection - root does that at bootup with a script.
And, to be perfectly honest, I don't NEED privileges very often. I could probably run this account for the next year without becoming root, and manage to do everything I wanted to do, except for testing new programs and updating.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Permissions, primarily. As I sit here in front of my Debian/Ubuntu machine, my user name is "guy". I can do nothing outside of my home folder. I can't infect another user's files, can't touch any system file, can't touch root's folder.
So, just like Windows then ?
There is no C:\Program Files - meaning that I don't have write permissions to ANYTHING outside my home folder.
Regular users in Windows do not have write privileges to %PROGRAMFILES%. At least, not by default.
If I wish to install a program on this machine without becoming root, I can install it to my home folder. In such a case, the program has no write permissions outside my home folder. Using any programs that root has installed doesn't give me write permissions even to that program's folder - any data that the program needs to save to my profile, history, or whatever is written inside my own home folder. In fact, I don't have access to all the programs that root has installed. I have to become root to use things like Wireshark properly, or to use the package manager.
Again, just like Windows.
With Windows, a limited user has to ActiveX among other things. A limited user can save files to various places outside his home folders, unlike *nix.
Where ?
While the Windows Administrator can lock down a lot of Windows system files, he can't prevent even a limited user from making changes and/or writing files that might be booby traps lying around waiting to be executed by a more privileged user.
Of course he can.
While NT variants of Windows are vastly superior to Win9.x in that they actually HAVE a security model, that model doesn't compare with that of any *nix system.
Actually, that security model is superior to traditional UNIX. It is both more comprehensive and more capable.
Until I type in my password for sudo or root, I have fewer privileges on Debian than I would have on a limited account on Windows. I can't even open an internet connection - root does that at bootup with a script.I have no idea what you're trying to say with "open an internet connection", but rest assured a regular user in Linux can make outgoing network connections by defaut in pretty much any non-locked-down distro.