Microsoft has sparked heated debate by claiming that Windows software is cheaper to patch than open-source alternatives.
A Microsoft-commissioned study — conducted by its business partner Wipro — outlined the main areas of so-called "cost savings" by using Windows.
A survey of 90 organisations revealed that Windows database servers cost 33 percent less to patch than their open source counterparts. Respondents said on average, Windows clients are 14 percent cheaper to patch.
The findings were criticised by several quarters, with some critics dubbing them unrealistic and outdated.
These sorts of studies can't be used as a real-world guide to the cost of patching or maintaining applications, said Frost & Sullivan Australia security analyst James Turner. "All organisations have different needs," he added.
"ROI [return on investment] and TCO [total cost of ownership] figures should be taken as a guide — they are the vendor's estimates," said Turner.
Paul Kangro, Novell solutions manager for Asia Pacific, highlighted several problems in the research.
Although the study was conducted last year, it referred to problems faced by administrators during 2003 — before significant improvements were made to Linux patching tools, Kangro said. "We didn't have tools like Xen for Linux then. When I patch my Linux box I don't need to bring it up and down any number of times."
There was also no mention of costs associated with rebooting systems after a patch is applied. "If I am patching a Windows box I typically need to find a time where I can bring it offline and reboot it. That is not mentioned anywhere in this report, which I find rather interesting," said Kangro.
However, Sean Moshir, chief executive of application patch specialist PatchLink, said that Microsoft's patches are in fact cheaper to apply than open-source platforms.
"PatchLink's finding is that on a per-patch incident basis, the Microsoft patches are cheaper to apply. Testing Microsoft patches for quality assurance and documenting their positive and negative behaviours are also cheaper than open source software [per incident]. This is mainly due to the fact the open source software can have a much larger variety of configurations and setup," said Moshir.
Novell's Kangro conceded that "some technical issues in the past meant Linux was 'procedurally' more difficult to cope with" but said: "If I have somebody that is equally skilled on both platforms, I don't believe it is complex.
"Generally the issue is one of familiarity — people may be able to potentially patch Windows boxes faster because they have had a lot of practice".
The research, entitled The Total Cost of Security Patch Management: A Comparison of Microsoft Windows and Open Source Software, is available free of charge from Microsoft's 'Get The Facts' Web site — which aims to persuade customers that proprietary software is superior to open source alternatives. programs.
The Get the Facts campaign — in existence for a number of years — has come under heavy fire from open source advocates over its use of methodologies that generate TCO and ROI statistics which favour Windows.
The open source community has retaliated with its own research showing proprietary software is more expensive to use and maintain.
Wipro is a Certified Gold Support Partner for Microsoft and has forged a strong relationship with the software heavyweight since 1999 across areas such as systems integration and .Net migration.
Survey participants comprised companies in the United States and Western Europe with between 2,500 and 113,000 employees.
Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.
Talkback
When will Microsoft realise that these self-funded "independent" results just making them a laughing stock? Are we seriously supposed to believe that they'd let reports out the door which were critical of Microsoft products?
The pains of rebooting after a patch are the biggest problem with Windows at the moment - at least from a patching perspective.
My firewall (Linux based) has had 6 updates in the last 12 months. One was a Kernel update and required a warm re-boot.
My SuSE is updated regularly and hasn't needed a reboot since it was installed.
Yesterday, I got the Windows Installer update, it required a reboot... Erm, it is a separate program, it isn't the kernel, if the code is properly isolated there is no way it should require a reboot!
And patches like that mean arranging a time with my customers to schedule a reboot, typically after all the users have finished working, that's inconvinient for me and costs the customer more money for out of hours support, hardly makes it cheaper than an open source update, which typically doesn't require bringing the server down.
And if a reboot is necessary on one of the Linux boxes, it takes about 2 minutes to shutdown and reboot, my Windows Server 2003 - running on faster hardware - takes anything up to 8 minutes to boot-up, and then there is the couple of minutes it requires to shut down in the first place...
Rebooting during the day isn't really acceptable for a workstation, but it is fairly well accepted these days - mainly because of MS's dominance of the desktop. What they need to take into account when moving into the server room is that 0 down time is the only acceptable policy - what's the use of RAID array's, redundant power supplies, UPS, multiple network cards to try and ensure that the server runs 24/7, when the operating system keeps bleating for a reboot?
They really need to look closely at how the traditional server market works. Putting their software into the server room and saying that you have to reboot your servers regularly, because that's the way MS software works is not acceptable. They need to improve the quality and reliability of their server software to match what is already there if they want to compete over the long term.
I accept that sometimes the Kernel will need updating, but not every month or every second month, and if the update is to a subsidiary service or driver, then that service or driver should be re-initialised, it shouldn't require the whole machine to be restarted.
I am not anti-Microsfot per-se (I run a mixed Windows/Solaris/Linux environment), but when they come out with rubbish like this, it just makes me laugh. For a IS department using just Windows and thinking of going open source it might scare them enough to stay MS, for a department that uses a variety of platforms, it just makes for a great joke at coffee time with colleagues!
Microsoft can learn a lot by looking at the ease of management and reliability of traditional server OS's (and Linux). Telling people that Unix and Linux are difficult to maintain and don't have proper backup doesn't make it true. They should reduce the budget for the spin department and invest it in producing stable software that meets their customers requirements - and their customers real requirements, not what they think their customers want.
Compared to what disto of Linux. Mac do this too - choose the most expensive Linux distro (RedHat Enterprise Server) do price comparisons against it. Totally myopic view of 'Linux'. Do there figures take into account widely used distributions like Debian or Gentoo? I think not. This article is just more FUD designed to obfuscate and confuse MS used considering a lif without Windows.
Microsoft must be getting desperate. So far open source has proved cheaper to buy, cheaper to run, cheaper to maintain, more reliable and more secure. Apparently this just leaves Microsoft whinging "Our's is cheaper to patch".
How pathetic.
My Linux boxes and server run 24/7. Updated regularly, without re-booting. I have one windows box which is re-booted several times a week due to blue screens, GPF's, lockups, and the occasional update. This
report is just more smoke from MS and anyone who believes this trash let me know.
I have a bridge in Brooklyn I would like to sell.
The "fact" could be different from another point of view.
Cost of roll-back?
Ever had to roll-back a highly critical should-have-been-installed-yesterday Microsoft patch because some important application choked on it?
If you did and you truly know what really makes organisations tick at what cost then you understand how realistic pro-Microsoft reports really are.
What looks good on paper in the eyes of stuck-behind-a-desk decision makers hardly ever survives the reality of the work floor where things actually happen and can't hide behind paper "facts".
It really is time to listen more to the people who have solid working experience with more then just one platform.
I believe that Patching a windows system is far more expensive than patching a Linux system. Where I work
the firewalls are all Linux boxes where as 98% of the other servers are Windows Servers of various type NT4 or 2000. Before considering a Windows Update I have to book downtime to allow for either a reboot or unexpected problems with the patch, which means loss of production time and the company paying me overtime, and more import me getting an ear bashing from the misses for being late home.
On the Linux boxes I just set them to auto update and let them sort them selves out with no fear of any problems.
Until Microsoft can sort out the need for the system to be rebooted I can't see how they can claim their system has a cheaper TCO when it comes to patching, more to the point we would not need to patch MS products if they tested the code properly in the first place.
Picking a single daisy in a field full of brambles and thorns, Microsoft says "look at me!"
This is so ridiculous. Microsoft is hand picking the one thing they can find that might be a little cheaper, all the while ignoring any other issues with their OS.
The real reason it seems cheaper to patch MS Oses is because they have MCSE trained people applying the same methodologies used to upgrade MS servers working on Linux.
You don't hire a bicycle mechanic to work on your Ferrari, and you shouldn't hire MCSEs to maintain your unix machines.
With Windows, you have to be VERY careful applying patches to production machines. One slip and you've got a server that is has a scrambled brain and is never going to boot ever again.
With ALL versions of Unix / Linux I've ever used in production, the package management system allows packages to be backed out with little or no harm should the upgrade fail to work properly.
But the real issue is how much does downtime cost, how much does loss of data cost, etc... The cost of patching is like looking at the part of your corporate budget you spend on the electricity used to run the water cooler.
I was reading this thread when I was sent to: "You have been redirected to this page during a temporary period of planned downtime." Planned downtime at 18:45 GMT? But, if I understand netcraft.com, the server OS for zdnet.co.uk is Linux. So not everything is "down" to Microsoft.