The following comments follow the flow of Mr. Ballmer's letter. Not surprisingly, the points made by Mr. Ballmer leverage only those statements in its commissioned studies that reflect most positively on Microsoft. A broader look paints a much more objective picture, one more favorable to Linux. 1. OBJECTIVITY: In teeing up the research results, Mr. Ballmer states that "In each case, the research methodology, findings and conclusions were the sole domain of the analyst firms. This was essential: we wanted truly independent, factual information." This is somewhat at odds with what transpired. Microsoft generally specified the configurations to be used. As an example... Based on two studies on Microsoft's "Get The Facts" website entitled "Windows Server 2003 Outperforms Linux for File Serving" and "Windows Beats Red Hat in Multiple Configuration Web Server Benchmark Tests" (Veritest 2003 and 2004), Microsoft concludes that Microsoft Windows 2003 Server has higher performance than Linux as a file- or web server. However, the test used Windows protocols only, while Linux had to emulate the Windows protocols using Samba. As far as we can see, the testers did not even make the smallest optimization for this Linux/Samba setting, while Microsoft helped Veritest fine tune on Windows. Microsoft provided a registry setting that turns off the standard Windows 8.3 file-naming convention. Another tweak was made to the TCP stack on the client machines. Yet another tweak was made to the buffer-cache pool on the server. Obviously, Microsoft invested considerable time and effort in finding the best possible configuration. 2. TOTAL COST OF OWNERSHIP: To support his TCO arguments, Mr. Ballmer quotes extensively from Yankee Group's report entitled "Linux, UNIX and Windows TCO Comparison" Yankee Group, April 2004". That report, available on Microsoft's site, also states the following, which Ballmer did not cite:
- "...corporate customers report Linux provides businesses with excellent performance, reliability, ease of use and security. Yes, Linux is a viable alternative to UNIX and Windows. In addition, Linux is the most serious competition to Microsoft’s dominance in the server operating system market to date."
- "Linux shows measurably improved TCO compared with UNIX and Windows in small firms, in organizations with customized vertical applications and in "greenfield" networking situations where there is no existing software infrastructure."
- "The ability to modify and customize the Linux source code affords customers the most intriguing possibilities for custom application development. This ability stands in stark contrast to the closed or proprietary nature of the Windows operating system. In recent years, Microsoft has opened up Windows to a limited extent and released numerous APIs. This enables third-party ISVs to efficiently produce interoperable applications that more easily integrate with Windows. However, this is nothing like the changes developers can make with Linux, where there is total access. The open source philosophy is deceptively simple: allowing developers, programmers and engineers to read, modify and redistribute the source code via standardized Linux interfaces spurs software development and evolution."
- "In summary, the Yankee Group’s TCO survey found that Linux does offer compelling cost savings, economies of scale and technical advantages, as many a satisfied user will attest. However, the cost savings and benefits are not automatic; they are not achieved without customer due diligence and they do not necessarily apply in every user scenario. Ultimately, the TCO and ROI of Linux may be less than, comparable to, or more expensive than UNIX or Windows depending on the individual corporate deployment circumstances."
4. SECURITY: Mr. Ballmer brings up the issue of security, which admittedly must be much on his mind. He states "I think it's fair to say that no other software platform has invested as much in security R&D, process improvements and customer education as we have at Microsoft." Novell applauds Microsoft's continued efforts to improve their product quality. Novell deplores any malicious attack or any company or any software. But the reality is that the financial impact to the economy and to customers of the malicious attacks on Microsoft products has run into the billions.
Mr. Ballmer further states "We believe in the effectiveness of a structured software engineering process that includes a deep focus on quality, technology advances, and vigorous testing to make software more secure". We cannot argue that point, but isn't this the same process used in developing the products that have been plagued by malicious attacks? Something has to change. Open Source provides an equally structured process, but different than the one Microsoft utilizes. Open source – modular in its nature - is much more flexible and, being open, it's processes and code are much more amenable to scrutiny and improvement. Partly for this reason, Linux has a strong security record. Mr. Ballmer brings up the Forrester report titled "Is Linux More Secure than Windows?" He concludes that the study "highlighted that the four major Linux distributions have a higher incidence and severity of vulnerabilities, and are slower than Microsoft to provide security updates." Mr. Ballmer failed to mention that the study found Microsoft had the highest number of critical flaws. 67 percent of Windows flaws had been rated "critical", under the U.S. National Institute for Standards and Technology's ICAT project standard for high-severity vulnerabilities. This compared to 63 percent for (pre-Novell) SuSE Linux, 60 percent for MandrakeSoft, 57 percent for Debian and 56 percent for Red Hat. Note also that this study measures the time to fix a flaw from the time it is made public. In open source, this is immediate, so a fix can be generated quickly. Microsoft delays making the existence of a flaw known as long as possible, unless your company has signed a special non-disclosure agreement with them. The Forrester study does not take this differing public start time into account. This is like a golfer starting on a tee closer to the hole saying they are a better golfer because they have fewer strokes. The Yankee Group study that Mr. Ballmer referred to earlier in his message states "Overall, a 76 percent majority rated Linux and UNIX reliability comparable, while 70 percent of the respondents rated Windows Server 2003 reliability equal to Linux. However, Windows administrators complained about the amount of network administration time and manpower spent performing security and patch management functions in their environments. In addition, although Windows servers—particularly the newer Windows Server 2003—rarely crashed, the administrators often said installing a critical security patch comes with unplanned downtime. This is because they did not want to risk delay in applying the patch until off-peak hours or the weekend. Overall, security and patch management were clearly the biggest problems for corporate customers. In addition, from a customer’s standpoint, they are the most glaring Windows weaknesses. In this regard, only 12 percent of Windows 2000 customers said that the Microsoft platform was comparable to Linux. Security and patch management specific reliability improved somewhat for Windows Server 2003 —with 18 percent reporting that it is comparable to Linux reliability in terms of unnecessary reboots." Evans Data Corporation, in their Linux Development Survey dated Summer, 2004, shows:- Ninety two percent of survey respondents indicated that their Linux systems have never been infected with a virus.
- Fewer than 7% said that they'd been the victims of three of more unauthorized intrusions.
- Only 22% of Linux developers said that their systems had ever been invaded (of those, almost a quarter of cases (23%) involved unauthorized intrusion initiated by companies' employees, i.e. people having available accounts allowing to log in corporate Linux servers.)
- Twenty five percent of developers believe that the Linux operating system has the best innate security
- Nine of ten companies developing Linux claim that their systems have never been infected by a virus, while four of five companies assert that their systems haven't ever been down due to hacking.
5. IP ISSUES: On the subject of indemnification, Mr. Ballmer states that "it is rare for open source software to provide customers with any indemnification at all". If he were to check the slides he himself used at the Massachusetts Software Council address he gave on September 1, 2004, he would see a slide where both Microsoft and Novell are "checked" as offering indemnification, Novell referring to our Linux offering. Granted that same slide showed a "no check" for Novell regarding patents. Since that time Novell has made public its stance of using its patents to protect its open source offerings. See here.
6. SAVINGS FROM UNIX MIGRATIONS: On the subject of costs savings and UNIX migrations, Mr. Ballmer claims customers will save significantly by switching to Windows. But many of the savings realized by customers moving off UNIX will be on hardware costs as they move to x86 systems. UNIX skills and administration knowledge are more transferable to Linux than Windows. It would be unlikely that the resultant Windows environment would be less costly than an equivalent Linux one. The Yankee study quoted earlier by Mr. Ballmer states "Linux shows measurably improved TCO compared with UNIX and Windows in small firms, in organizations with customized vertical applications and in "greenfield" networking situations where there is no existing software infrastructure." In talking about Unix migrations, Mr. Ballmer highlights a survey purporting gains in performance by moving to Windows and suggests that Windows outperforms Linux in UNIX migration scenarios. We provide the following independent analysis of the performance capabilities of Windows 2003 vs. SUSE LINUX Enterprise Server 9: Flexbeta posted a Microsoft Windows 2003 vs. Novell SUSE Linux Enterprise 9 Comparison, dated 23 October 2004. Flexbeta states "that Novell's SLES9 is a very worthy contender to Microsoft's Win2k3 Server in a Windows environment. Not only does SLES9 perform better on the same hardware, but it costs less – possibly more than 1/10th the cost of a Microsoft solution." Flexbeta also states "Novell's SLES9 pretty much more than doubles the performance of Microsoft's Windows 2003 Server on the exact same hardware in both categories. This is very, very impressive, and shows the strengths of both Samba and the Linux kernel, as well as the attention to detail Novell/SUSE employees had when implementing the default settings. With this hardware Windows 2003 Server seems to max out on performance at approximately 30 Clients with a throughput of about 135Mbps, where SLES seems to max out on performance at approximately 60 Clients with a throughput of about 255Mbps. The response time is also about twice as fast on SLES9 than on Win2k3 on the same hardware. So, in theory, you can handle twice as many clients on the same hardware using SLES9 compared to using Windows 2003 Server." CONCLUSIONIn his closing remarks Mr. Ballmer states that "it's pretty clear that the facts show that Windows provides a lower total cost of ownership than Linux; the number of security vulnerabilities is lower on Windows, and Windows responsiveness on security is better than Linux; and Microsoft provides uncapped IP indemnification of their products, while no such comprehensive offering is available for Linux or open source." The facts do not show this at all; read the complete reports on Microsoft's site, not just Microsoft's chosen sound bites. Given the increased adoption rates of Linux by customers, many of them also appear to disagree with Mr. Ballmer's negative assessment of Linux. So do the large number of ISVs who have already or are planning to port to Linux. Microsoft's most recent 10k presents another, perhaps more realistic, assessment of the prospect for Linux and Open Source software: We believe that Microsoft’s share of server units grew modestly in fiscal 2004, while Linux distributions rose slightly faster on an absolute basis. The increase in Linux distributions reflects some significant public announcements of support and adoption of open source software in both the server and desktop markets in the last year. To the extent open source software products gain increasing market acceptance, sales of our products may decline, which could result in a reduction in our revenue and operating margins.
Talkback
I wonder if MS calcuated the time/cost of the Windows tweaking as part of the TCO. If they did not it is more than deceptive, it's an outright lie.
After reading Mr. Ballmer's claims I can only conclude:
1. Mr. Ballmer has fear, an enormous fear.
2. Mr. Ballmer thinks customers are stupids. They do not know how to add and substract, that's the reason why they are not aware of JUST THE FACTS. (in another circumstances this would be comic, in these, this is pathetic)
3. You, Mr. Ballmer, can not hide the sun with your thumb. If your products are so wonderful, they will sell by themselves. They shouldn't need from your wisdom to illuminate people about JUST THE FACTS.
Please, Mr. Ballmer, stop this cheap marketing strategy of FUD. I wish you and Mr. Gates to duplicate or triplicate your personal fortunes!, but for your own good: try to not think customers are stupids, because, after this sort of claims coming from you, the only gay that appear to be stupid are you.
Post scriptum: When I use the word "stupid" is in the clinical sense, so please, no hard feelings.
Yours very truly,
Andrés González Cantú
Use free software. Use GNU/Linux.
Ballmer says MS has the shortest average time from the announcement of a security hole to the release of its patch.
That's statement is true. Unfortunately it misrepresents the reality.
Security holes in the Linux kernel and in Linux applications are announced *immediately* upon discovery, and posted to "bugzillas", along with demonstration scripts, so that users are immediately informed and can test their installations and take precautionary measures.
Microsoft, on the other hand, has forced security organizations to inform only them and not the general public. Microsoft has sat on some security holes for months, only to "announce" the hole the same day they release the patch. Worse, they attempt to generate upgrade revenues on their applications holes by not patching holes found in older products. Meanwhile, consumers use their Windows platform and products unware that they are placing their personal information at severe risk by connecting to the Internet.
Fortunately, Microsoft has been less than forthcoming *so often* on so many holes, that consumers are voting with their feet and moving to FireFox in HUGE numbers!
When the dog barks, it is afraid of something, like what Baldmer is doing now!
For all open-source lovers.
I wish that number of Linux and Windows desktops in the world be 50/50.
In that case the number of hackers will be as well 50/50. So far Linux has been used only by developers, which would never admit any flaw on that perfect system, but only try to hack Windows systems, used on 98% of computers.
Yes, use Linux everyone and spend 50% of your free time trying to figure out how to do simple things, which you used to do with just one click on Windows.
The last comments sound like something that someone who either works for Microsoft or has never tried open source would say. I have had several computer novices give different pieces of open source software, commonly OOo and Mozilla offerings but also Linux, a shot. The most common response is that the open source software is actually easier to use and more intuitive than the Microsoft products. As for security, if you are so sure a 50/50 mix would render open source software so much less secure than Microsoft's offerings, why is Apache - which has a majority share of the market - more secure than Microsoft's counterpart offering?
I've helped people with both Open source and MS software. What people usually find most annoying is when they ask for help with a MS product, a lot of the answers they get say "switch to linux" and vice versa. Maybe if more tech savvy people actualy helped others with what they actually asked for help with, more people might be open to trying the other product. Then they can make up their mind on what works best for them.
Software is a tool. Use the one that works best for what you're using it for. Hype like "rock solid linux" and "MS is easier to use" just convince most people that they can't trust anybody to give them helpful advice.
This shows how unstable the Microsoft Corporation is. Whithlies and lies again they try to maintiain the marketshare. last report did show a 11% growh of the company. The one before 20%. What we will see next is 5% then -5%. And then the stock will fall like a rock.
Microsoft have not shown any kind of willingness to compete fair in anyway in the business. This makes the future LOSER in the market. This 'get tthe fact' campaign is just bullshit whithout even overdoingit.
In Europe , Asia whole countries are leaving the Microsoft OS for better alternatives like Linux/mac/Free BSD and other. Even EU have a plan to leave Microsoft as a customer. And it gets worse. USA's defence have already left Microsoft behind and have installed Linux to save moey and to be more secure.
So the conclusion is that this is the beginning of the END of Microsoft. If you own any stock sell them now before it is too late. Next year the real Desktop take over begins. And thats the nail in the coffin.
Open source is good, but tell us more
http://comment.zdnet.co.uk/other/0,39020682,39171751,00.htm
I will honestly never know why Microsoft wants to destroy the competition with back-handed, false lies in smear campaign adverts, than try to make a product that can fairly rival the competiton. I think it cost too much to take WiMP out of Windows XP for the UK to make a decent version of Windows...
Microsoft products are perhaps more "convienent",which is one large security flaw. When I first started using Linux, I had to get used to root passwords, and account passwords(very annoying). I do confess however that I do not miss having my virus program(Windows XP) telling me it has detected a virus and then my PC crashing anyway. I don't miss the constant nagging of windows popping up messages that insults my intelligence. TCO I cannot comment on. With Linux I have found that the TPM(Total Peace of Mind) during the mydoom attacks and other attacks too numerous to remember when my co-workers had down PC's(lost revenue) they were relieved to learn I still had uncorrupted data on that "strange system I use". I feel with the fast progress Linux is making, Microsoft is uneasy.
My boss just bought an WinXP powered laptop, and tried to install antivirus software on it. The time he established the connection and downloaded the updates, the laptop was infected with Sasser... Gasp. My linuxbox is acting as a firewall at home and since 3 years of ADSL connection, no hacking and no crash. Where is the security mister Ballmer ? In a software than can't stay reliabily conected for 10 minutes ?
Microsofts' 'get the facts' URL needs a redirection to:
http://news.bbc.co.uk/1/hi/technology/3600724.stm
PERIOD.
In response to Anonymous and his remark that you can spend 50% of your time trying to figure out Linux:
God forbid that you would actually have learn something in order to be secure and productive. This argument is usually put forth by incompetant visual basic users who read a "Learn Visual Basic in 21 days" and decided to call themselves experts. Or worse yet, MCSE's who have no real understanding of basic Computer Science concepts.
The truth of the matter is: How much time do you spend rebooting, applying 50+ security patches, waiting for Windows just to start, installing Adaware detectors, spyware detectors, updating your virus signature, dealing with viruses, dealing with pop-ups, defraging your hard disk, RE-Installing, activating, and all the other fun things that come with windows.