A survey of 90 enterprises finds better total cost of ownership and fewer risks with Microsoft’s streamlined security tools.
Security is one of the chief concerns of IT decision makers. Along with purchase price, interoperability, maintainability and deployment costs, security is a critical factor in determining which platform to deploy across an enterprise or to serve a particular role.
For proprietary and open source software (OSS) alike, administering security updates are a reality in the enterprise and a significant factor in total cost of ownership (TCO). In order to get an accurate picture of how costs associated with patch management figure into the TCO equation, Microsoft recently commissioned Wipro Technologies Ltd., an independent consulting firm, to study the cost of updating Microsoft and open source software in a real-world environment for desktops, servers and database servers.
Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. When the costs of updating are distributed across the size of the environment and evaluated on a per-asset basis, the study shows Microsoft software to be less expensive to patch than open source equivalents. These findings confirm what many customers are experiencing in their deployment scenarios.
View: Full Article
News source: Microsoft PressPass
Security is one of the chief concerns of IT decision makers. Along with purchase price, interoperability, maintainability and deployment costs, security is a critical factor in determining which platform to deploy across an enterprise or to serve a particular role.
For proprietary and open source software (OSS) alike, administering security updates are a reality in the enterprise and a significant factor in total cost of ownership (TCO). In order to get an accurate picture of how costs associated with patch management figure into the TCO equation, Microsoft recently commissioned Wipro Technologies Ltd., an independent consulting firm, to study the cost of updating Microsoft and open source software in a real-world environment for desktops, servers and database servers.
Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. When the costs of updating are distributed across the size of the environment and evaluated on a per-asset basis, the study shows Microsoft software to be less expensive to patch than open source equivalents. These findings confirm what many customers are experiencing in their deployment scenarios.
View: Full Article News source: Microsoft PressPass
Key findings of the study include:
- On a per-asset basis, the Microsoft platform is less expensive to patch than a similar OSS environment:
-Windows desktops cost 14 percent less to patch than Linux desktops.
-Windows servers cost 13 percent less to patch than Linux servers.
-Windows database servers cost 33 percent less to patch than Linux database servers.
- OSS-based systems faced with high-level and critical vulnerabilities are at risk longer than comparable Windows-based systems.
- Survey respondents consistently overestimated the number of Windows vulnerabilities, while underestimating those for OSS.
- Through the use of best practices, Windows patching costs can be reduced by up to 55 percent.
As soon as I see that bit in the press release, I instantly switch off. Microsoft commissioned them to provide an independent report.. oh, how generous of them.
I'm only interested in these reports when they are truely independent.
I work in the IT industry and the major problem with Linux is not that it is inferior or better than MS but that the cost of implementation far outweighs any cost benefit from the fact its open source.
Also a Linux specialist costs an average of AU$300/ hour and takes two to three times longer to resolve issues than that on a Windows based system - food for thought.
I agree that the study should be looked at for bias, but just because it is funded by Microsoft does not mean the results would favor Microsoft. This was a PR move on Microsoft’s part; they wanted a 3rd party to confirm what they have been saying for 2 years now. On the flipside, studies are often littered with misleading information and I too would like to see a truly independent study.
The fact that Microsoft commissioned the report seriously biases their findings.
I think that both Linux and Windows servers are secure environments if the administrator knows how to make them secure, and knows how to keep up-to-date and deploy patches on their systems.
No one can argue that Windows is easier to deal with when it comes to installing applications, but that is what makes it so insecure at the moment. Users go to a website that plans on installing malicious software on the system and the normal user has no idea. Linux is complete control over the system, so yes it is harder to work with, but it is much more secure.
You just press a button (in Debian, it's dist-upgrade, in Gentoo emerge -u world) and every single program on the system is updated to the newest patched version.
Windows Update only takes care of the operating system itself.
So, to be honest, I think Linux has the upper hand here.
The same thing for installing applications. You just use a database with tens of thousands of programs. Very easy
Even though it hasn't changed for most users, yet, Microsoft has come up with a new update called "Microsoft Update" (http://update.microsoft.com/microsoftupdate/) which will allow you to update Windows, and Exchange.
microsoft update actually does more than just windows, and exchange. it does office, iis, sql, and many other microsoft products. in time it will do all microsoft products.
equally, the technology used in microsoft update is exactly the same that sys admins can download and run in the enterprise FOR FREE, this allows them to manually deploy and control patch deployment at a very granular level. it's addons like this that make windows easier to manage in the enterprise than linux.
"everything about linux is complicated and you always have to compile this, unpack that, configure this etc... I love my windows, though she may be a bitch sometimes shes all good. I can understand windows being more secure as its much easier to patch where as linux is hell to even install."
Simply not true at all...
I mean, all it takes is "./configure", "make", and "make install" to compile a program, how much more simple can it get?
Dependencies are the problem with this. "You need X before you can install Y" that is annoying.
hahahaha, how a free OS can be more expensive than a propietary OS? I will tell u the truth, my experience, updating linux is easy, no cost to u and quickly to path than a windows OS. This is obviously a study made by Microsoft to show to the people a untruth statement in favor of their propietary OS.
Edit: Found a translator here. ;p
That said the article is commissioned by Microsoft so it may be biased, just your reasoning for it being a lie seems horribly off in my oppinion
these comments come from a non-admin home user mesays
I'm running Unix Tru64 (2 Oracle Alpha clusters), Red Hat Enterprise (2 Web servers) and FORTY FIVE Windows Server 2003 based servers
Sure, overall, the *nix and *nux based servers are a bit more stable (mono application servers mind ya) but they're one hell of a quartet of bitches when it comes to system and application updates, the main pain being sure that update packages won't interfere with the installed apps (happens oh so often) or that dependencies are respected (not always the case with all in one updaters a la debian/RH). System wide baremetal backups have saved my ass quite a few times on these before patching, so much that in fact now I rely on an external contractor to do that (happy guy, paid $150 an hour for that stuff, but at least now i can blame HIM if anything goes wrong).
What about the 45 server 2003 systems? SUS (I'm deploying WU right now) and not a single hiccup so far, all systems updated within hours and automatically rebooted when possible
oh, another thing, if you have quite a few *nux servers, must be a pain for yas to update them through the vendor associated update service, no update proxy at your company, no traffic throttling technologies, no parent/child update server infrastructure. I'd like to see your traffic bills and or slowdowns when it comes to get them all patched...
ah and, last nail in the coffin, gonna kick out RH Enterprise soon, their support policy (install any unsupported app/hw and it voids your support options, nice heh?) and prices are through the roof, been testing IIS6 and apache 2 on win2003 for a while, I really think they'll do fine
Besides which people seem to be getting confused by the two seperate issues of cost and security. Even if Linu/Unix was in any sense more expensive to deploy (which again I doubt, providing your administrator has a sufficiently advanced skill set) then this has nothing whatsoever to do with wether or not Linux/Unix (or Windows) is any more secure.
Even in the unlikely scenario that Linux was judged to be more expensive to deploy, clearly several large and influential organisations have deployed it - and more continue to do so each year. Why would they do this if Windows was so much cheaper to deploy? Do you really think they are all dumb that they have not run full cost/benefit studies between the various platforms and that they have not spent large sums of money devising test scenarios to find any potential flaws and weaknesses? (This is certainly true in the case of the military) Do you imagine that they are all somehow utterly ignorant of the reality? Even if Linux was more expensive to deploy than Windows I am sure many of these organisations would have cottoned on to this a long time ago - through their own unbisased internal studies - but they have chosen nonetheless to install Unix/Linux because they believe they can make it more secure.
Your Windows servers might be easier and less trouble to manage and to use and may even cost less (although again I doubt this - if that is you really know what you are doing) but that does not mean in any sense that they are any more secure.
Best regards,
GJ
I love Microsoft and I love Windows. I even convinced my bosses to use Windows Server for our domain thereby kickin' out Red Hat Enterprise.
But I am one of those who think security comes from having good policies, staying alert of the latest developments. These studies have nothing for the average user, rather they're focused towards corporate customers. And these companies have sys admins on payroll to be responsible of their networks. Who in my opinion share the biggest burden of security.
So lets leave aside these studies as they are!
That's my honest opinion.
Same here.
... U can surf to any website with malicious scripts and spyware and none of this affect linux, ...
You can (basically) achieve the same thing by browsing with a limited XP account (which I have). It's not as easy to setup and use but it is possible, not that (I think) more than about 5-10% of 'normal' users do...
Hmm....
It never ceases to amaze how Microsoft can fuddle numbers to make a free OS appear more expensive than their own product line. I'd really like to see a breakdown of their line of reasoning here, because with modern linux software, there's no expense in retraining, you may have to pay an extra couple of grand per year for a sysadmin who is able to clearly distinguish their arse from a hole in the ground, but on the other hand, there's no downtime for viruses. I could use the free software argument, but since OpenOffice et al are also available for Windows, that's something of a moot point, I mean, it's not like you have to spend hundreds of dollars on an inferior office suite just because you spend hundreds of dollars on an inferior OS.
So the only difference that I'm able to figure out is having to pay for a competent sysadmin (no offence to the legion of MCSEs out there, there's just too many of you for the qualification to be worth anything monetarily). Let's be generous and say it would cost an extra $10,000 per year. Once you figure in the cost of the OS, along with downtime, viruses, spyware etc, that should be covered if you have more than 5 machines.....
I'm thinking of commissioning a study to say that Humvees are extremely fuel efficient vehicles, and global warming is a fairytale, unless someone already did that one.
Michael Crichton: State of Fear.
For years I've been one of those people that "just knew" that global warming was obviously and demonstrably true. And that it needed urgent attention from individuals, organizations, and governments everywhere.
Then I read State of Fear.
Crichton—who is no spin doctor for the Repulicans and the energy companies—makes the case that while catastrophic global warming might be a fact, it's a fair distance from being a slam-dunk certainty.
If nothing else, this book will make you think twice about taking commonly held assumptions at face value without actually checking out the facts first.
It's not one of his better "stories", but in this case I think the "science" came first and the "fiction" second.
You just cited a work of fiction in response to a discussion about a real-world issue. Way to stick to the facts, there, brainiac.
You must be thinking of John Grisham. Michael Crichton is a "doctor/novelist"; a graduate of Harvard Medical School.
Anyway, as far as the human-generated vs. natural phenoma causes of global warming are concerned, he's not asserting one theory over the other, he's simply stating that we don't really know with any certainty what's going on.
Yes, global temperature has been rising since 1850, and yes, carbon dioxide levels (and pollution levels in general) have been rising in this century. But there's no conclusive evidence to show that the latter is the sole cause of the former — or even that this phenomenon is "catastrophic". In any case, he points out** that the various models used to predict global climate change vary amongst themselves by as much as 400% — which is another way of saying that these models are "educated guesswork", not scientific fact.
And, as Crichton so aptly puts it, "Educated guesses are still guesses." Which means that if you're going to start spending large amounts of time and money trying to fix a problem, you'd better damned well be sure that:
1. You actually have a problem, and;
2. You know with a reasonable degree of certainty what that problem is and what its causes are.
When you're talking about decades of time and billions (or even trillions) of dollars, guesses just don't cut it!
The above notwithstanding, it should be pointed out that his book is not about global warming and climate change per se. It's about the politicization of those phenomena. His real beef is with the various environmental organizations that are screaming that catastrophic global climate change is an undeniable scientific fact; that human activity is the irrefutable cause of that change; that we can reliably predict the eventual outcome of that activity (catastrophe), and; that this situation can be remedied — but only if we continue giving them lots and lots of money.
It would seem reasonable to suspect that maybe a conflict of interest exists here.
To quote Crichton himself:
* Before making expensive policy decisions on the basis of climate models, I think it is reasonable to require that those models predict future temperatures accurately for a period of ten years. Twenty would be better.
* We need a new environmental movement, with new goals and new organizations. We need more people working in the field — in the actual environment — and fewer people behind computer screens. We need more scientists and many fewer lawyers.
* We desperately need a nonpartisan, blinded funding mechanism to conduct research to determine appropriate policy. Scientists are only too aware whom they are working for. Those who fund research — whether a drug company, a government agency, or an environmental organization — always have a particular outcome in mind. Research funding is almost never open-ended or open-minded. Scientists know that continued funding depends on delivering the results the funders desire. As a result, environmental organization "studies" are every bit as biased and suspect as industry "studies." Government "studies" are similarly biased according to who is running the department or administration at the time. No faction should be given a free pass.
* I am certain there is too much certainty in the world.
* Everybody has an agenda. Except me.
** Crichton's main data sources are the NASA-Goddard Institute for Space Studies and the Global Historical Climatological Network maintained by the National Climate Data Center.
As for which is better/cheaper/faster and the the debate surrounding these issues, i strongly suggest that people spend as little time on this as possible, especially when it gets to the stage of rousing emotions.
Windows is easier to use than linux for *most* humans in the world.
Linux is, well, Linux.....
The choice is simple.
How the heck are you posting here? You just happen to have a chip that handles a TCP stack and i/o chip (5309?) wired together in a way that it can decode html and post.
A) a mutant
or
B) insane
What a joke.. I can't belive MS keeps embarassing themselfes this way.
MS would do well trying to embrace Linux and learning from it, rather than using biased reporting to steer people to their Windows.............
Barney
And updating on Linux is better than on Windows...on Linux you get your programs updated, you get updates QUICKLY (not like once every two months when everybody are infected), you get new features and application fixes unlike in Windows updates, where they only fix some "security holes" that don't concern 90% of users.
Microsoft just doesn't get it.
It's not that it cannot be done but rather that they have never thought about it.
Surveying 90 companies is anything but useless, and general market research has been done for decades, far before Microsoft ever did it. If you imply that by "throwing" money at this, they are holding back on it elsewhere, let me clue you in: There are these things called departments. Sales and marketing have absolutely nothing to do with development.
"Shouldn't they rather spend their time and money on making Longhorn a good OS..."
See above.
"...instead they're stripping all the features and adding useless stuff."
You sure you want to stick by the statement of "all" the features are gone, and yet useless stuff is going in? This is the best example of an oxymoronic self-contradiction I've ever seen.
The rest of your reply is deflection and inaccurate.
Mram: oh really, there are researches?! Another fanboy with pathetic "arguments" just so you can defent Microsoft, huh? You don't get it kid, no survey can't be trusted is one of the company included in survey pays for it. What part of this don't you understand?!
I won't "defent" Microsoft on this issue, my point was that this practice (surveys) is done all the time. Read CAREFULLY what I wrote, sir.
But that's OK, let their be anti-nix FUD spread. I mean people STILL think you have to compile stuff. That's like me telling a Windows user "Well I'd use Windows when they get away from being a 16 bit OS".
Wipro surveyed 90 companies in the U.S. and Western Europe with 2,500 to 113,000 employees where both the Windows and open source operating systems were simultaneously being run. When the costs of updating are distributed across the size of the environment and evaluated on a per-asset basis, the study shows Microsoft software to be less expensive to patch than open source equivalents. These findings confirm what many customers are experiencing in their deployment scenarios.
Really read what this is saying. They surveyed desktops as well. Unless you really know what you doing, keeping every desktop in a company patched for Linux can be a pain and take more time than a Windows machine. I would like to see this study's numbers so they can be broken down into servers, desktop and then databases. I don't want to see them all together. I don't think anyone can argue Linux is easier on the desktop to patch. The numbers are not flawed, the study is.
Patching a server in Linux or M$ based prodcuts requires care. You have to first look at each patch and what it could effect before implementing. I have seen some piss poor admins. that are "patch happy" screw up many a system or network. So, yes, there is a difference IMO. Servers require care and therefore the patch time should be the same no matter what product you're using. Most admins would prefer desktops patch automatically for security patches.
I'm not an expert on system administration by any means, but updating doesn't seem to be that difficult
& in other news, microsoft says IE is more secure than firefox, well of course it is, it has a bigger market share.
Last edited by 48788 on 27 Jun 2005 - 12:38