Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hidden Cost of Using Microsoft Software

Posted by kdawson on from the badware-tax dept.

Glyn Moody writes "Detractors of free software like to point out it's not really 'free,' and claim that its Total Cost of Ownership is often comparable with closed-source solutions if you take everything into account. And yet, despite their enthusiasm for including all the costs, they never include a very real extra that users of Microsoft's products frequently have to pay: the cost of cleaning up malware infections. For example, the UK city of Manchester has just paid out nearly $2.5 million to clean up the Conficker worm, most of which was 'a £1.2m [$2million] bill in the IT department, including £600,000 [$1 million] getting "consultancy support" to fix the problems, which including drafting in experts from Microsoft.' To make the comparisons fair, isn't it about time these often massive costs were included in TCO calculations?"

9 of 691 comments (clear)

  1. Can't by jav1231 · · Score: 5, Insightful

    MS can't include these into calculations for obvious reasons. They must proceed as if such vulnerabilities don't exist in order to market their product. What's funny is they don't want you to either. They want to hold themselves up as either "just as good as" the next guy or make excuses for their lack of security.

    In the long run this is a cost that need not be spent. There are alternative OS's and it's high time governments, of all entities, started using open alternatives. It's not just costing them in terms of being beholding to corporations like MS but in real dollars as well.

  2. Re:Sadly, I don't agree. by gurps_npc · · Score: 5, Insightful
    Your comment is 100% completely correct and also 100% completely irrelevant.

    The question is not "Is Linux inherently as cheap as Microsoft". No. The question is, if we include all costs, including virus and other malware related costs, will Microsoft cost more than Linux.

    Just as Microsoft is correct that when considering the real cost of 'free software', you have to include costs such as training, you ALSO have to consider the costs incurred due to malware.

    --
    excitingthingstodo.blogspot.com
  3. Re:You cannot use viruses/bugs as an example of co by gurps_npc · · Score: 5, Insightful
    Wrong. Just because there is a logical REASON for Microsoft to have more viruses/bugs than Linux does NOT mean that you should not include such costs when considering whether or not to use Linux.

    Yes, your complaint would apply if the entire world was considering switching from Microsoft to Linux. But when I advise my boss about the comparitive costs of using MS or of Linux, I would be foolish to refuse to include costs related to viruses simply because if in a mythical world where people used Linux more than MS then in that mysthical world the virus cost would be lower for Microsoft.

    As a busineman, I must live in the real world and base my costs on reality, not your dream world. In reality, currently, Linux has lower virus related costs and I there MUST include the cost to deal with such problems when calculating the lifetime cost of software.

    --
    excitingthingstodo.blogspot.com
  4. Re:You cannot use viruses/bugs as an example of co by Anonymous Coward · · Score: 5, Insightful

    I am not following your argument, since windows has a higher market share than FOSS solutions it is exempt from malware removal costs? I think the point of the article is that while CSS vendors tout that FOSS solutions are not 'free' in terms of TCO, they neglect this cost that affects them more heavily than the completion.

    I don't think the reason behind them having the higher cost (higher market share) is relevant. It is a cost, and they have a disproportionately large percent of it, admittedly for a quite valid reason.

  5. Re:You cannot use viruses/bugs as an example of co by Z00L00K · · Score: 5, Insightful

    Probably because when the web server is IIS it's always the same operating system platform behind, which in turn means that as soon as a breakthrough occurs it's often easy to continue with the penetration.

    On an Apache web server you can't tell what kind of platform it runs on, which means that an attack that works on one server may be completely useless on another.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  6. I have an idea by joeytmann · · Score: 5, Insightful

    How about patching your systems in a timely manner so you don't have to suffer through these reactionary costs? The patch for the exploit conficker used was released in Nov 08. When did conficker start spreading around, Jan 09? Just saying.....

    --
    Insert funny smart-ass comment here.
  7. What about the other costs of AV? by goltzc · · Score: 5, Insightful

    My company was hit pretty hard by the conficker virus. It took a lot of users offline for days. The cleanup effort included bringing in a small army of consultants to help fix the issue. After everything was cleaned up and ready to go, IT's response to the outbreak was to kick our Virus Scanner into some crazy ultra cautious mode. The end result of that is 50% of my cpu is being used up by my virus scanner constantly and opening an app or compiling something in eclipse takes substantially longer than it used to. The fact that virus scanning software decreases worker productivity by tying up substantial system resources should be part of the TCO as well.

    --
    Our bugs are smarter than your test scripts.
  8. Re:You cannot use viruses/bugs as an example of co by jedidiah · · Score: 5, Insightful

    "hacked" and "infected" are worlds apart.

    This is the difference between your personal server being
    rooted and the entire internet being brought to it's knees.

    It's like the difference between needing to go to the hospital
    because someone decided to stalk you and then shoot you versus
    getting some plague like disease for going out in public.

    Being hacked generally requires personal attention on the part of
    some conscious assailant rather than just some automated bit of
    malware exploiting some fundemental design flaw in the software
    you're using. ...and there is "anti-exploit" code in Unix. It's probably been
    around longer than the comparable "code" in DOS and Windows. The
    fact that Unix is a harder target and it's users are intolerably
    smug doesn't mean they aren't thinking about the problem.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  9. Re:You cannot use viruses/bugs as an example of co by zieroh · · Score: 5, Insightful

    The answer is, is that it's because the IT staff obviously were not on top of the maintenance of the computers. Rolling out Windows Updates is not a difficult task, computers can be set to do it themselves, or you can use a centralized roll-out system like WSUS.

    You've failed to address one of main reasons why "big shops" don't get updates out in a timely manner: The need for updates must be carefully balanced against the likelihood that updates are going to disrupt mission critical systems.

    As an IT guy, you should probably know this. Maybe your systems aren't so critical, and you can afford to believe the absolutist tripe about how it's the IT staff's fault for not getting the update out in time. IME, the real world is rarely so black-and-white, and keyboard badasses that make grand pronouncements are rarely worth listening to.

    --
    People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.