Forgot your password?
typodupeerror
Upgrades Security Microsoft Operating Systems Software Windows Linux

Windows Cheaper to Patch Than Open Source? 473

Posted by Zonk
from the fud-for-breakfast dept.
daria42 writes "Is Windows cheaper to patch than open source software? Of course this Microsoft-commissioned report thinks so - but a number of people disagree, including a key Novell Asia-Pac exec, Paul Kangro. Kangro highlights problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' says Kangro. 'When I patch my Linux box I don't need to bring it up and down any number of times.' Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."
This discussion has been archived. No new comments can be posted.

Windows Cheaper to Patch Than Open Source?

Comments Filter:
  • Well. (Score:4, Insightful)

    by Sierpinski (266120) on Friday May 20, 2005 @08:41AM (#12587917)
    It might be easier if you have no idea how to really use a computer, and are not willing to learn. Those people will never leave the "comfort" of a familiar thing. They fear change, especially when it forces them to actually think for themselves.
    • Re:Well. (Score:2, Insightful)

      by psiphre (454612)
      how the shit is this redundant, mods? It was the first non-troll post.
    • Re:Well. (Score:3, Insightful)

      by Soybean47 (885009)

      It might be easier if you have no idea how to really use a computer, and are not willing to learn.

      If they're talking about the "cost of patching," they're talking about large corporations. Large corporations have people in charge of IT who, we hope, have some idea how to use a computer. ;)

      It really doesn't take much to patch most new-ish linux systems.

      emerge sync && emerge -uD world

      is probably one of the most complicated, and that's all there is too it.

      • Don't forget the timing. If you only do this about once a week or so, it's best to light it off before you go to bed.
        That is, unless you modded a bunch of XBoxen into a poor man's distcc compile farm...
    • How arrogant!

      a) Nothing in the report suggests the users 'have no idea how to really use a computer';

      b) Nothing in the report remotely suggests anyone is not willing to learn how to use a computer;

      c) Everything suggests that people do think. The thinking might be along the lines of: "My computer is a tool. Do I really need to know how to fiddle endlessly setting up the tool?"

      Why is it that there is no questioning buying precooked food, taking appliances and vehicles to repair shops for the simples
      • I hate to tell you, but there *ARE* hammer geeks out there... note that said geeks (blacksmiths) are usually building tools to do certain tasks, but they certainly are modding hammers... :-)
      • And yet when someone treats a computer simply as the tool it should be, they are branded 'fearful of change' and 'unthinking'?


        I've been involved in the computer industry in various fields for about 20 years now, and I have seen first hand how people interact with computers. Back when mainframes were still mainstream, their operators knew what they were doing. Nowadays all you need is $400 and a credit card to get a home computer, so naturally the skill level of computer users, on average has dropped cons
  • by Anonymous Coward on Friday May 20, 2005 @08:43AM (#12587932)
    So microsoft says windows is cheaper to patch, whereas Novell (who own Suse) say linux is cheaper to patch.

    Can someone tell me why this is news?
  • Xen (Score:5, Informative)

    by mattdm (1931) on Friday May 20, 2005 @08:43AM (#12587933) Homepage
    [...]problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' [...]

    Oh, come on. Practically speaking, we don't have Xen for Linux *now*. Sure it's cool and all (which is why it's slipped into this basically unrelated story) but it's not nearly ready for the Linux mainstream and I'd be surprised if more than a handful of people are using it heavily in production.
    • Re:Xen (Score:5, Interesting)

      by jbgreer (4245) on Friday May 20, 2005 @08:58AM (#12588090) Journal
      I wouldn't be too sure about that; I just installed Xen on a box this past week, and the testing branch has been remarkably stable. Have you actually used Xen? That said, I like to think that the poster's larger point is that virtualization technology and its implementations - in VMWare, Xen, etc. have made patch management easier to manage, especially with all of the work going on in migrating apps and OSes. That, to me, will be the real benefit of such work.
      • by mattdm (1931)
        I wouldn't be too sure about that; I just installed Xen on a box this past week, and the testing branch has been remarkably stable.

        That's my point.

        Have you actually used Xen?

        Tried it. Not in production. I imagine that's the case for many people -- but actually, still a relatively small number of bleeding-edge experimenters. For that reason, obviously the numbers here will be higher than in the world in general.

        That said, I like to think that the poster's larger point is that virtualization technolog
      • Re:Xen (Score:5, Informative)

        by DBarker (885511) on Friday May 20, 2005 @09:52AM (#12588668)
        I think that Paul Kangro may have been talking about "Zen" for linux a Novell product (See link http://www.novell.com/products/zenworks/sneakpeek. html [novell.com] ) that is an update to Ximian Red Carpet Server and red-carpet client used for distributing patches to linux distributions and applications as well as imaging, and asset (inventory of hardware and software) management.
    • Actually, if you're using SuSE (i.e. from the Novell PoV) you actually do have it now - it ships with SuSE Professional 9.3. They've also tweaked YaST to do "Install in a directory for Xen", although this feature of YaST is fairly basic right now. Xen's running on lots of production systems but it's yet to get deployed fully by any "big names". Most sophisticated machine & cluster management tools are absolutely essential for this.
  • by EEproms_Galore (755247) on Friday May 20, 2005 @08:44AM (#12587937)
    Every time I read about another "paid by Billy G" report it always reminds me of the joke.. How many Microsoft engineers does it take to change a lightbulb. None Microsoft defines darkness as the new standard..
    • by Anonymous Coward on Friday May 20, 2005 @08:46AM (#12587965)
      Or the other jokoe:

      Q: How many Linux engineers does it take the change the lightbuld?

      A: RTFM, n00b. J00 suz0r, go back to M$ Winblows, l4m3r.
      • Q: How many Linux engineers does it take the change the lightbuld? A: RTFM, n00b. J00 suz0r, go back to M$ Winblows, l4m3r.
        Yup. 'Cos, you know, it's not like you can find that attitude amongst windows users.

        Oh, wait... yes you can, can't you?

      • by Intron (870560) on Friday May 20, 2005 @09:29AM (#12588405)
        Q. how many Apple engineers does it take:

        A: We don't use light bulbs any more. We have high brightness iLED displays for only $599.
      • by yasth (203461) on Friday May 20, 2005 @09:40AM (#12588536) Homepage Journal
        Or the other other one:

        Q: How many *BSD engineers does it take to change a lightbulb?

        A: One could probably do it, if only there were any left.
      • Or:

        Q: How many IBM engineers does it take to change a lightbulb?

        A1: That depends on your service contract.

        A2: 31. Four to schmooze the customer, sixteen to go over the contract, three to prepare the site for installation, one to operate the crane, one to drive the truck that carries the replacement, four to oversee installation, one to flip the switch and one to actually install the bulb.
  • by xmodem_and_rommon (884879) on Friday May 20, 2005 @08:44AM (#12587938)
    Really? The 'apt-get update && apt-get upgrade' i did earlier today on my debian (testing) box took less than a minute, and isntalled not just the latest security patches but also the latest versions of all my software. That was pretty-much free.

    Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.
    • by I confirm I'm not a (720413) on Friday May 20, 2005 @08:53AM (#12588041) Journal

      Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.

      Windows Update worked its magic on my workstation yesterday; I was busy and didn't reboot afterwards. For the rest of the morning (until I caved and rebooted the bloody thing) Windows Update popped-up an annoying dialog box every ten? fifteen? minutes inviting me to restart the PC. Needless to say, everytime the diaplog appeared it was when I was typing, and half a line of code got piped to Window's equivalent of /dev/null.

      I think we should *thank* Microsoft for promoting Linux ;-)

      • Needless to say, everytime the diaplog appeared it was when I was typing, and half a line of code got piped to Window's equivalent of /dev/null.

        Or, you could take about a minute of your time and set up the Windows Update service to download the patches, remind once that it has them and hopes you'll install them, and then do it when you know it's convenient to restart services/the OS. It's a couple of mouse clicks.
        • Or, you could take about a minute of your time and set up the Windows Update service to download the patches, remind once that it has them and hopes you'll install them, and then do it when you know it's convenient to restart services/the OS. It's a couple of mouse clicks.

          I can confirm that, because it's exactly what I've done. My problem is once Windows has installed the updates - which it's going to need to do at some point, no? - it then wants to reboot immediately, and doesn't want to take my word f

          • That bugged me this morning as well. You could try a program like ClickOff, and set a really low scan interval so it'll close the dialog almost immediately. You still might lose a keystroke though.

        • by SomeoneGotMyNick (200685) on Friday May 20, 2005 @09:32AM (#12588439) Journal
          It's a couple of mouse clicks.

          OK. Sound easy. Let's do it.

          Clicks Start | All Programs | Windows Update
          Hmm.... just sends me to a MS web page. Meanwhile, for some reason I can't shut down the IE window until it finishes "checking" my computer for updated "Update Software"

          Clicks Start | All Programs | Accessories | System Tools.
          Hmm..... Nothing there for Windows Update.

          Left click on the Windows Update icon in the system tray (it's GOTTA be there..)
          Up pops a "Ready to Install" update screen.

          Whoops, I forgot I should RIGHT-CLICK the icon to get a detailed menu of choices. I right-click
          Up pops a "Ready to Install" update screen, no menu

          Ah, Control Panel...
          Click on Start | Control Panel
          Double Click on Automatic Updates
          There we go. A window with a green shield and a red shield and 4 radio buttons. Wait, they're all ghosted out!! And I'm logged in as an Administrator. I can't believe I go so far only to be blocked from changing the settings....

          apt-get and emerge seems so much easier to use...
          • by ScentCone (795499) on Friday May 20, 2005 @10:08AM (#12588879)
            Methinks you doth protest too much. For me:

            1) Open Control Panel
            2) Open Automatic Updates
            3) Choose 'Download updates for me, but let me choose when to install them.' (this was the default, by the way!)
            4) Done.

            Was that so hard? Definately better, though, to teach grandma how to get her syntax exactly right at the command prompt. That's much better.
            • 3) Choose 'Download updates for me, but let me choose when to install them.' (this was the default, by the way!)

              Still doesn't explain why my choices are all ghosted out, while logged in as administrator. If grandma even got this far to change the settings, what would she do next? Also, your default selection wasn't the selected item on my screen.

              teach grandma how to get her syntax exactly right at the command prompt. That's much better.

              A lot of Grandmothers were skilled at typing. After all, keyboards
            • by jlar (584848) on Friday May 20, 2005 @10:34AM (#12589148)
              "Was that so hard? Definately better, though, to teach grandma how to get her syntax exactly right at the command prompt. That's much better."

              Or maybe just show her how to use synaptic (a nice graphical front end for apt). Then her applications will be updated as well - and she will be able to search for and install new applications if she pleases.
            • Definately better, though, to teach grandma how to get her syntax exactly right at the command prompt.

              Right, 'emerge sync; emerge -u world' is complex syntax. Or, better yet, don't tell grandma anything, make it a cron job. Even better yet, get grandma a PDA capable of sending email and solitaire. Better still ANSWER THE PHONE WHEN SHE CALLS, she won't be around forever and can't type that fast. Shouldn't you spend more time talking to grandma?

              I'm praying for the day my data-processing business gains
          • Wait, they're all ghosted out!! And I'm logged in as an Administrator.

            Maybe they are ghosted out because your sysadmin at work doesn't want you messing with them? Even if you are a local admin of your machine the options can be unavailable.

            With a combination of Active Directory settings and SUS, you get some measure of automated patching, without any interaction (interference?) from end users. Maybe this is your situation if this is your work computer. If so, someone else is taking care of it, do

      • by nra1871 (836627)
        This has to be one of my biggest pet peeves. Why do programmers feel the need to pop windows up right in front of my face, and always when I'm typing? Nothing should ever interrupt my focus, put a window in the background or on the toolbar, but NEVER interrupt my typing.
        • Why do programmers feel the need to pop windows up right in front of my face, and always when I'm typing?

          The answer is really pretty simple. You obviously have no idea where you want to go today...
      • What seems to work for me in that instance is leaving the dialog open, but dragging it nearly entirely off screen.

        You know what bugs the fuck out of me? Windows XP changing the behaviour of the "turn off" option to "download updates". The rare times I actually do boot into Windows only serves as a reminder of why I don't like doing it.
    • Not that this nullifies the comparison you've made, but Windows update can also update your MS Office products as well. Naturally, your point is that it does not update non-MS products. Just thought I'd make that distinction a little more clear. Not that I use MS products. Er, that is...
    • The cool thing about stable debian is, that it *doesn't* upgrade to the latest version of all the software.

      It just installs security updates.

      That way, I don't need to worry about database upgrades, configuration file changes, API/protocol changes etc. etc. etc. Everything that ran before, runs afterwards, unchanged.

      *that* is cool. If you're running production servers in the real world at least :)
    • Businesses running critical infrastructure or with large numbers of desktops do not blindly use apt-get / up2date / yum to install patches.


      While I agree that it's handy to be able to do just that at home, it is necessary in the enterprise to be able to see a list of patches, the advisories for those patches, the dependencies between patches and be able to deploy (and rollback) them to all, some or specific boxes that are managed by a single patch server.

    • That's pretty easy, but I have all of the SuSE boxen I administer set to auto-update nightly, so I never type a thing. Either way -- one line at the CLI or a few clicks when you set up the box -- it's pretty cheap. Of course, you can set Windows to auto-update, too, but it has to reboot every time, and only installs so-called "critical" updates. Nonetheless, if updating any recent Linux distro is cheaper than any recent version of Windows, or vice-versa, it amounts to a rounding error in the grand scheme
    • Never having used Debian, and being a bit of a noob on Linux (although I used to admin HP-UX a long time back), I don't seem to have it as easy as you do for updates.

      I'm using Suse 9.2, and while the auto-updates in YaSt seem to work very well and only occasionaly ask for a reboot, they don't update things like Firefox with any patches I can see at all. I wanted to go from the included beta release to the 1.01 awhile back and had the damndest time installing it to somewhere where I could find it and run
      • "I was running PaperPort on my Wife's Windows machine the other night and it automatically updated itself to 10SP1."

        But really, plain-Jane users ought NOT to be able to update the software -- PaperPort should NOT be able to update itself unless you are running with administrator privilege.

        Of course, I'll guess that you were running as an administrator -- one of those double edged sword things. It makes administration of the box a little easier for the user, but it also makes administration of the bo

  • Cheaper, maybe... (Score:2, Insightful)

    by mph_az (880372)
    ...but only if you don't count the hours of lost or reduced productivity waiting for MS to get around to releasing their patches.
  • Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied.

    I didn't RTFA but any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already. It is not difficult to stagger the application of patches to server machines in a farm, which all but eliminates the cost of a reboot.

    Anything from Novell that is spoken against Microsoft is suspect anyway. I'm not a big Microsoft fan, but the ani

    • by Tsu Dho Nimh (663417) <abacaxi AT hotmail DOT com> on Friday May 20, 2005 @08:56AM (#12588070)
      "any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already. It is not difficult to stagger the application of patches to server machines in a farm, which all but eliminates the cost of a reboot."

      How about desk-bound employees and their patches? Don't we count?

      I use a lot of non-MSFT apps, and if one of them fails to work with the patched Windows system, I'm goung to lose a lot of time. I've already had one "security patch" to something do wierd things to my system, making it impossible for me to see the hard drive password prompt. Multiple that by every laptop in the company and you have a lot of support calls.

      Another "security patch" seems to have hosed the network finder so that it can't automatically pick up a new IP address from the LAN. I have to manually change the settings and ..... guess what? REBOOT to force it to pick up the new IP address. Every time I have to log on from home, that's TWO reboots and two manual interventions to what should be automatically happening.

    • by UnknowingFool (672806) on Friday May 20, 2005 @09:10AM (#12588180)
      but any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already

      I think Kangro was referring to more than lost business but also lost productivity.

      In the case of desktops, it's going to be lost productivity. Sure you can schedule them to update and reboot in the middle of the night, but what if the user was working on something? The admins have to spend some time planning and scheduling mass updates or leave it to the user. It's trivial to reboot; it's harder to schedule for many machines so that productivity is minimally affected.

      Also your argument only applies to mission critical or production machines. It does not include any development and/or testing machines that may not have a backup. Many organizations do not have the money to have a backup for every non-essential machine.

      Our company is installing a new enterprise application. Every time we are rebooting the test servers, our consultants and employees are not working on the app. With new system setups, rebooting a lot is not uncommon.

    • There is actually a theoretical reason why a reboot is a good idea in some cases (not just in kernel replacements, either). Not rebooting can leave long running programs using old versions of libraries, which is a bad thing if the the long running process is a server and the new version is a security fix. In some cases involving dynamic loading and linking of libraries, it can even result in unpredictable behavior, such as data loss or a crash (although it would the application crashing, not the OS).

      The p

      • Yeah, but you don't have to "reboot" in order to restart all the daemons on Linux (or any Un*x that I'm familiar with). The kernel doesn't use the dynamic libraries, so the only reason to reboot the kernel is if you're installing a new kernel. Even then a lot of kernel modules can be removed and reinserted without a reboot.

        XP has fixed this, but it used to drive me nuts that Win98 would make you reboot the computer just to change any of the network settings.
  • Flawed (Score:4, Insightful)

    by republican gourd (879711) on Friday May 20, 2005 @08:47AM (#12587975)

    Any company where the majority of the cost is in the patching process itself, rather than the testing of the patch, the secondary servers in the test lab that they can make sure it doesn't blow services up on, the payment of skilled people to identify the problems and fix them *when* they happen and various other people costs is of course going to be more expensive than "I set up windows updates once, so now it updates me magically whether I like it or not", even without the reboot thing.

    There is also some really iffy logic in breaking down one single piece of the ownership cycle and claiming that it is cheaper and ignoring the rest. I tell you, paying for college for my persistently vegetative child is uber-cheap, I can't say enough for persistent vegetation...

  • by brontus3927 (865730) <edwardra3.gmail@com> on Friday May 20, 2005 @08:47AM (#12587978) Homepage Journal
    Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied.

    IIRC, this is one of the things Microsoft is working on for Longhorn, being able to patch and install drivers "on the fly" without a reboot.

    With XP SP2, if you enable the automatic downloading of updates, it will restart the computer automatically after teh updates are installed, unless you continuously click cancel when it comes up every 5 minutes. If your not at the computer, but have web downloads going on and it does this, it can be a real pain.

    • That xp notification is really annoying. You end up reboot just to stop the damn messages appearing.

      The only drawback with whats coming with Longhorn is that it will bring us another step closer to subscription based MS software.
  • Reboots (Score:4, Insightful)

    by Nytewynd (829901) on Friday May 20, 2005 @08:47AM (#12587984)
    The cost of rebooting on some machines is astronomical. I know we had some management software on a data line connected to the stock exchange. From the hours of 8-5 any downtime would cost over $10k/second, not to mention any lawsuits that could have been processed if someone lost money and couldn't sell their stocks when they wanted. On the other hand, most machines are not nearly that critical, and reboots can be done at off hours. I would say that Windows systems are less costly to patch for another reason. Almost anyone with technical ability can patch windows. You can hire windows admins on the cheap. To get Unix admins will cost more if you want someone that knows what they are doing. I wonder if they take the cost of knowledgable staff into the equation. Otherwise, the cost of patching for either can be huge or trivial depending on the patch and the situation. Also, Windows is a lot better now with the reboots. You don't have to reboot nearly as much as in the past.
    • Re:Reboots (Score:4, Insightful)

      by zr-rifle (677585) <zedr@nOSpAM.zedr.com> on Friday May 20, 2005 @08:52AM (#12588025) Homepage
      Well, to avoid the rebooting problems you need redundacy - load balancing, etc - which obviously costs money. That means higher TCO than on *NIX, which fares better and is generally safer with less "armor".
      • Re:Reboots (Score:2, Informative)

        by Nytewynd (829901)
        That's true. But you can argue that any system critical enough already has load balancing and redundancy. All of the Unix machines I work with have mirrors and load balancing. I don't know many people that patch their production machines while they are live anyway. Even though it is possible, it is still highly dangerous.

        Both sets of hardware are about the same, so the cost is a wash.
    • In the environment where rebooting comes at a high price, I fail to see why a test server wouldn't be built with the proposed updates, tested, and then slipped into the server farm. From there, you can decomission the outdated system with little or no downtime. Obviously this is not feasible in small business environments, but how many small businesses lose $10k/sec of downtime?
    • "You can hire windows admins on the cheap. To get Unix admins will cost more if you want someone that knows what they are doing. I wonder if they take the cost of knowledgable staff into the equation."

      Any company that hires unknowledgable sysadmins deserves the trouble they are going to get. Just because it's more obvious to click a couple of buttons than run a couple of commands (I wouldn't say it's easier) doesn't mean your sysadmin shouldn't know any more about the computer.

      When you hire competent admi
    • From the hours of 8-5 any downtime would cost over $10k/second

      I hacked that computer and installed an application. It's pretty brilliant. What it does is every time there's a bank transaction where interest is computed, you know, thousands a day? The computer ends up with these fractions of a cent, which it usually rounds off? What this does is takes those little remainders and puts them into an account.

      -- This sounds familiar.

      Yeah, they did it in Superman 3.

      -- Right.

      Underrated movie, actually.
  • I'd really like to know what the study means by "cheaper to patch". Does it mean that, since time is money, the cheap is available sooner and installs faster? Are the guys doing the job available for less money? As the article points out, rebooting a mission critical server, especially on windows, after applying a patch, is a royal PITA, something that hardly happens on a *NIX machine.

    did someone manage to get a copy of the PDF from Microsoft before it went down?
  • Honestly... (Score:3, Interesting)

    by Philosinfinity (726949) on Friday May 20, 2005 @08:49AM (#12588002)
    I may be a bit green to the corporate methods of updating a production OS, but I would think that the process would have to be the same. You have to set up a test environmnet, ensure that the updates produce the necessary results. Then you have to test to make suer that no other software/productivity is affected. Then you have to compare baselines. Regardless of the beginning OS, these steps are necessary.

    I can see two potential differences between Windows and Linux on this front, though, and they both seem to favor Linux. First, you don't have to buy a second license to run the test server. I would assume you can get away with this in Windows by not activating the product, but I could see some test phases taking over 30 days. Second, since you basically know excatly what you are updating in Linux, and what other packages are dependant on what you are updating, your testing phase can be more focused. This isn't to say that it would take less time, but rather that you know what is prima facie in the testing order.

    So corporate sysadmin geeks out here... where is the advantage in this area to using either os?
  • Can't agree (Score:4, Informative)

    by dark grep (766587) on Friday May 20, 2005 @08:50AM (#12588012)
    I just can't agree with that report. From 1999 to 2002 I did work for a datacentre with 150 Linux servers and 26 NT and then Windows 2000 server servers. Keeping figures on those I can say that the total downtime due to upgrades and patching for both groups in total was almost the same.
  • .yeah, right... (Score:2, Informative)

    by Anonymous Coward
    until recently, I was in charge for the Windows servers patching for a ~1000 units server farm, and all I can say is Microsoft sucks big time when it comes to fix high availability systems. I even developped in-house a patch management system because of the chronical unreliability of SMS for patch distribution. Comparing to a Linux based system using the simple APT, Microsoft is nowhere, useless, dangerous.

    SUS, SMS, WUS, ... all are great when you speak about gui, all sucks when you speak about efficiency.
  • Here's what else the Microsoft report found....

    Linux will recalibrate your refrigerator's coolness setting so all your ice cream melts and milk curdles. It will demagnetize the strips on all your credit cards, reprogram your ATM access code, screw up the tracking on your VCR and use subspace field harmonics to scratch any CDs you try to play. It will give your ex-boy/girlfriend your new phone number. It will mix antifreeze into your fish tank. It will drink all your beer and leave its dirty socks on the coffee table when there's company coming over. It will hide your car keys when you are late for work and interfere with your car radio so that you hear only static while stuck in traffic. Linux will make you fall in love with a hardened pedophile. It will give you nightmares about circus midgets. It will replace your shampoo with Nair and your Nair with Rogaine, all while your current boy/girlfriend is dating behind your back and billing their hotel rendezvous to your Visa card. It will seduce your grandmother. It does not matter if she is dead, such is the power of Linux, it reaches out beyond the grave to sully those things we hold most dear. Linux will give you Dutch Elm disease. It will leave the toilet seat up and leave the hairdryer plugged in dangerously close to a full bathtub. It will remove the forbidden tags from your mattresses and pillows, and refill your skim milk with whole. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve. These are just a few signs. Be afraid. Be very, very afraid. Windows is so much safer.

    The weak spot in the credibility is always..."Microsoft commissioned report".
    (Apologies to Laika)
  • Include Reboot Costs (Score:4, Interesting)

    by Jackdaw Rookery (696327) on Friday May 20, 2005 @08:55AM (#12588063) Homepage Journal
    "Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."

    This is a really underated cost that not many people include or even consider. The environment I work in has a few thousand servers and 130K desktops; all running a mix of 2K, 2003, XP - and other Windows flavors. (Like that's my choice).

    The reboots after patching are a major pain, everything needs to be checked and always, and I mean ALWAYS, some servers will fail to come back up.

    It's costly stuff...
  • emerge -uDN world (Score:2, Insightful)

    by Bazzalisk (869812)
    does windows have en equivalent? I think not.
  • by rbanffy (584143) on Friday May 20, 2005 @08:58AM (#12588088) Homepage Journal
    We, Unixers, usually miss the point that, while we don't have to reboot the whole computer at each and every important patch, we have to bring services down and then back up when they are significantly patched. For a database server it's not the system uptime that counts - it's the database uptime. If it goes down, I could as well have rebooted the whole server - the phone will ring just the same.

    While this is a whole lot better than Windows, they are getting closer.

    And... Well... The fact it was paid by Microsoft says nothing about the report. I sure would like to see the other reports paid by Microsoft that say FOSS is cheaper, more reliable, more ethical and that are tucked away somewhere in a folder marked "secret"
    • by joto (134244)
      For a database server it's not the system uptime that counts - it's the database uptime. If it goes down, I could as well have rebooted the whole server - the phone will ring just the same.

      Except that rebooting a computer takes around 2 minutes (maybe more if it's a heavy server. Restarting the DBMS (which is already cached in RAM, remember) should take less than a second. If you get phone calls then, just pretend you went to the loo for a minute and wait for it to calm down :-)

    • by Peeteriz (821290) on Friday May 20, 2005 @09:18AM (#12588272)
      Well, the point is that on Unix machines you don't have to bring down your database system to install a security fix for a webbrowser.
  • This is another of those reports full of fluff with little meat. I can't stand these documents that say nothing, think they're "stating the obvious" and just go around in circles repeating the same old company line over and over in the name of neutrality. I would argue that this document is one of those sorts of documents which goes around in circles repeating the same company line again and again.

    So, all in all, another report with lofty hopes but a poor delivery. It sickens me that people get paid to pro
  • So an exec from a company that owns a Linux distro doesn't agree with a Microsoft commissioned report that finds Windows is cheaper to patch?

    Mein Gott im Himmel! This really is astounding! Call the BBC - it'll be front page news in no time!
  • Hmm.. In my experience, most of the time taken to patch systems is downloading the patches, not actually applying them.

    With things like Debian, etc you can have local mirrors of security repositories to speed up the application of patches on lots of machines.

    Is the same thing available for Windows Update? If not, I wonder what additional bandwidth costs as well as download times would be incurred from having down download the same patches every time from a Microsoft server via Windows Update.
  • Get the facts? (Score:5, Interesting)

    by MoogMan (442253) on Friday May 20, 2005 @09:05AM (#12588143)
    Well, lets look at the facts:

    @ Both Linux and Windows can be easily configured to auto-update patches.
    @ Windows patches are smaller (binary diffs as opposed to full updated packages).
    @ However, there are more critical updates to Windows.
    @ Windows has SUS [microsoft.com], whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.

    If bandwidth costs (it does), it could well be that Windows easily has less data to transfer for large organisations.

    If we're talking about uptime then yes, Linux will be more "cheaper" (better uptime, minimal loss of business) in this respect.
    • Re:Get the facts? (Score:2, Informative)

      by kernelfoobar (569784)
      @ Windows has SUS
      Actually, you can distibute patches with Linux as well. You can use yum and point it to a local repository with the selected updates/patches or all, then have the yum service running which automatically updates the system for you. (guys, am I incorrect here?)
    • Re:Get the facts? (Score:2, Informative)

      by Loonacy (459630)
      In addition to yast and yum, in Mandrake you can set up an RPM source (as a directory, share, HTTP URL, or removable media..) and it will update from there. So you would only need to download the patches to one central server, and set that up to be the repository for all the other computers on the network.
      Pretty much any distro with package management can be used this way.
    • Re:Get the facts? (Score:3, Interesting)

      by guruevi (827432)
      @Both Linux and Windows can be easily configured to update but
      Upgrade any hardware device driver and you have to reboot in Windows
      Upgrade your hardware device, do rmmod module and modprobe module (can even be automated). The only way you have to reboot is if you have updated your kernel.

      A fully updated mailserver (for about 1000 accounts - 1 processor server load 0.00,0.00,0.00) running Linux here has not been rebooted the last 250 days. The Exchange cluster (also for 1000 users - Exchange can't handle the
      • Re:Get the facts? (Score:5, Insightful)

        by spongman (182339) on Friday May 20, 2005 @10:27AM (#12589080)
        Upgrade any hardware device driver and you have to reboot in Windows
        This isn't generally true. Windows doesn't require a reboot after a driver update. However, many driver writers are lazy and don't take the time to implement in-place upgrades for their drivers.
    • Re:Get the facts? (Score:3, Informative)

      by Ogerman (136333)
      Windows has SUS, whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.

      Windows has one distributed patch management system. With Linux/BSD/etc. there are multiple approaches depending on what works best for your organization. Every Linux distro I've used is quite flexible in this regard. In my opinion, the ultimate is diskless workstations running off a fast file server (SCSI RAID, 1000Bt network). (30-40 workstations per server, repli
  • I'm sick of this MS nonsense reports. It is not even accessible (or slashdotted ?) for me to check it.
    But knowing that a Linux distro allows you to update any program you have, and hey, even third parties can add their repository for the package manager, I don't understand how Windows patching can be cheaper, really.
    Do they imply that getting patches by hand and applying them is cheaper than what a package manager with automatic notification does ?
    Did they compare patching Windows with patching an entire Li
  • Don't see how... (Score:3, Interesting)

    by Chanc_Gorkon (94133) <[gorkon] [at] [gmail.com]> on Friday May 20, 2005 @09:06AM (#12588156)
    I don't see how Windows can be cheaper from a compute cycle standpoint. You lose compute cycles during patches on all systems, it's just with Linux, you lose WAY less. You don't have to reboot. All you have to do is bounce services and your up and going. Microsoft just tells you to reboot because of the nutso way they run things. Even on Windows, you can do things to make reboots unnecessary.

  • by QuietLagoon (813062) on Friday May 20, 2005 @09:07AM (#12588167)
    When Microsoft continues to fund these highly biased reports and surveys, the Open Source community should be happy. It means that Microsoft considers Open Source to be a real competitor. In effect, Microsoft is doing more to validate Open Source and increase the visibility of Open Source than anyone could hope for.
  • Xen or Zen (Score:3, Informative)

    by Trongy (64652) on Friday May 20, 2005 @09:14AM (#12588217)
    Do you think that Novell's Kangro might have been talking about Novell Zenworks for linux?
    http://www.novell.com/products/zenworks/ [novell.com]

  • Comparing windows to whatever open source platforms an organization happens to be running is utterly meaningless. Patching procedures vary wildly between Linux distributions, and between Linux and other open source platforms. For example, I know admins who manually recompile software on at least a half dozen platforms for some common daemons (like sshd). Others, including myself, simply test and roll out vendor supplied packages for the most part.

    Another aspect they seem to gloss over in the summaries i
  • Uh huh (Score:5, Insightful)

    by Colin Smith (2679) on Friday May 20, 2005 @09:34AM (#12588464)
    Sorry but this stuff is particularly trivial, patching 10, 100 or 1000 machines.

    e.g.
    echo 'ALL:root: 15 18 * * * /afs/admin/scripts/patchme' >> /etc/crontab.master

    Where the crontabs are centrally managed, patchme checks for resources, goes to sleep for a while, runs OS, platform and rev specific patch download and install subroutines which run yum update, apt-get update, patchadd, rpm -Uvh etc. Report progress to a central monitoring system like Big Brother or Zabbix as the patching process runs through the various stages.

    Even talking about the cost of the patching process itself is missing the point. Anyone who has a lot of machines will already have a largely automated enterprise wide cross platform patching system in place. Applying a specific patch will be a case of dropping a pre-tested file into a directory on a file server. If you don't have such a system WTF are you doing wasting your time on Slashdot?

  • Well, this might be true if you consider just the operating system itself, but it doubt even this. For the begining, let's consider the following : 1). The bare OS (be it linux at a minimal install or windoes) it's mostly unusable except for browsing the web, writing things in notepad or wordpad and a few other minor things. In the real world there are a lot other things you install, from movie players, codecs to complex applications like IDE's, Office suites or business applications. In the end a typical
  • troll bait (Score:2, Insightful)

    by alumshubby (5517)
    I wish I could mod this entire article (-1, Troll) -- it's like shooting fish in a barrel.
  • DIY Patch System (Score:2, Interesting)

    by datadriven (699893)
    Another factor tht's not considered is that with FOSS products you are free to write your own patch system if you don't find any that meet your needs. With windows you're stuck with what they offer.
  • Story? Please? (Score:4, Insightful)

    by NemosomeN (670035) on Friday May 20, 2005 @09:59AM (#12588768) Journal
    Why is this a story? I mean seriously. These TCO articles come out all of the time, and they are bullshit all of the time. Don't we already know this? Does anyone with half a brain pay attention to these "studies"? There's nothing we can do to stop them, and we only discredit them here... Where everyone knows they are bullshit. It doesn't even have anything to do with some prejudice against Microsoft. Any company will bs their way to more sales. Welcome to life, people.
  • by Saeed al-Sahaf (665390) on Friday May 20, 2005 @10:24AM (#12589052) Homepage
    'When I patch my Linux box I don't need to bring it up and down any number of times.'

    Sure this is an inconvenience, but (still) overrated. It's just not a major issue to reboot a machine. Word. Move on.

    What continues to be a major road block to widespread adoption of Linux by the masses is not just patching, but just installing applications at all. It just can not be said with a straight face that installing patches or an application on Linux is as easy as with Windows for average computer users. There are just way too many pitfalls that can trap a user in hours and days of searching for strange dependencies and other things. And a smooth GUI installer....

    • by EXTomar (78739) on Friday May 20, 2005 @11:50AM (#12590090)
      Windows installers are nightmares on the enterprise level. Too many dialogs that feature settings that should have been issued on a command line. Too many dialogs with non-installation information. (Hello?...EULA/README SHOULD BE HANDLED IN THE APPLICATION!!) These two create a situation where if you are going to install a piece of software on more than a handful of machines you really wish they had a silent install. More often than not you are stuck babysitting installs blindly clicking "Yes"s and "Okay"s and "Next"s. Yay for the TCO.

      A "sin" Microsoft cultavated along time ago is confusing "installing" and "configuration" together. If you tie both of these process together it makes support murky. Did the installation fail to place files or did it mess up setting some value somewhere? Installers should be concerned with tracking/placing software components. Programs should be concerned with configuration. Because of MS including this level of complexity it also had the side effect of making it hard for a user to inspect packages before installing. There is no way for a desktop user to find out what a MSI package provides, what it requires, etc before installation. Another side effect is that people writting installers are often forced to package all depedancies with their application instead of making seemless stacking installs.

      Making a Windows installer actually enforce component dependancies suffers from the same "DLL Hell" type problem that has plagued Windows forever. Most installations are written loosely: you can uninstall CompA which ProgramB depends upon and the system happily complies.

      With all of that said, Windows installers are bad. Linux and other Unix-like systems are okay but they are more interested in software integraty than ease of use. You can't beat Mac: Drag a folder into the apps folder and its installed, take it out of the folder to uninstall it. At this point I can't imagine why anyone would any system to be more like Windows.
  • A Truce? (Score:4, Insightful)

    by suwain_2 (260792) on Friday May 20, 2005 @11:18AM (#12589612) Journal
    Can Slashdot concede that Microsoft-funded studies will come out in favor of Windows being better, and that some non-Microsoft-funded studied will come out in favor of Linux, and stop wasting our time with this banter?

You will be successful in your work.

Working...