Windows Cheaper to Patch Than Open Source? 473
daria42 writes "Is Windows cheaper to patch than open source software? Of course this Microsoft-commissioned report thinks so - but a number of people disagree, including a key Novell Asia-Pac exec, Paul Kangro. Kangro highlights problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' says Kangro. 'When I patch my Linux box I don't need to bring it up and down any number of times.' Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."
Microsoft is working on this (Score:3, Interesting)
IIRC, this is one of the things Microsoft is working on for Longhorn, being able to patch and install drivers "on the fly" without a reboot.
With XP SP2, if you enable the automatic downloading of updates, it will restart the computer automatically after teh updates are installed, unless you continuously click cancel when it comes up every 5 minutes. If your not at the computer, but have web downloads going on and it does this, it can be a real pain.
Honestly... (Score:3, Interesting)
I can see two potential differences between Windows and Linux on this front, though, and they both seem to favor Linux. First, you don't have to buy a second license to run the test server. I would assume you can get away with this in Windows by not activating the product, but I could see some test phases taking over 30 days. Second, since you basically know excatly what you are updating in Linux, and what other packages are dependant on what you are updating, your testing phase can be more focused. This isn't to say that it would take less time, but rather that you know what is prima facie in the testing order.
So corporate sysadmin geeks out here... where is the advantage in this area to using either os?
Include Reboot Costs (Score:4, Interesting)
This is a really underated cost that not many people include or even consider. The environment I work in has a few thousand servers and 130K desktops; all running a mix of 2K, 2003, XP - and other Windows flavors. (Like that's my choice).
The reboots after patching are a major pain, everything needs to be checked and always, and I mean ALWAYS, some servers will fail to come back up.
It's costly stuff...
Re:Xen (Score:5, Interesting)
Comment removed (Score:5, Interesting)
Get the facts? (Score:5, Interesting)
@ Both Linux and Windows can be easily configured to auto-update patches.
@ Windows patches are smaller (binary diffs as opposed to full updated packages).
@ However, there are more critical updates to Windows.
@ Windows has SUS [microsoft.com], whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.
If bandwidth costs (it does), it could well be that Windows easily has less data to transfer for large organisations.
If we're talking about uptime then yes, Linux will be more "cheaper" (better uptime, minimal loss of business) in this respect.
Don't see how... (Score:3, Interesting)
Re:Cost of Rebooting??? LOL (Score:5, Interesting)
I think Kangro was referring to more than lost business but also lost productivity.
In the case of desktops, it's going to be lost productivity. Sure you can schedule them to update and reboot in the middle of the night, but what if the user was working on something? The admins have to spend some time planning and scheduling mass updates or leave it to the user. It's trivial to reboot; it's harder to schedule for many machines so that productivity is minimally affected.
Also your argument only applies to mission critical or production machines. It does not include any development and/or testing machines that may not have a backup. Many organizations do not have the money to have a backup for every non-essential machine.
Our company is installing a new enterprise application. Every time we are rebooting the test servers, our consultants and employees are not working on the app. With new system setups, rebooting a lot is not uncommon.
Re:Reboots (Score:1, Interesting)
Not quite, it's not just the OS. (Score:2, Interesting)
DIY Patch System (Score:2, Interesting)
Re:Get the facts? (Score:3, Interesting)
Upgrade any hardware device driver and you have to reboot in Windows
Upgrade your hardware device, do rmmod module and modprobe module (can even be automated). The only way you have to reboot is if you have updated your kernel.
A fully updated mailserver (for about 1000 accounts - 1 processor server load 0.00,0.00,0.00) running Linux here has not been rebooted the last 250 days. The Exchange cluster (also for 1000 users - Exchange can't handle the load on 1 dual xeon server) needs to be rebooted every WEEK for a new upgrade or patch
@An average Linux patch takes about 2kb (a real patch, not a whole new version). Windows patches take at least 1MB.
@I have not seen a whole lot remote exploitable holes in Linux, in Windows there are still being exploits reported by a security scanner after all patches and upgrades applied
@With Linux you have the choice to have any kind of distributed patch management and all countries have at least 1 regional server with the updates for your flavoured distro where you can get at least 300kb/s. With Windows I have to connect daily with my SUS to 1 main Windows server in the United States and download my patches at a mere 50kb/s
XP with SP2 finally solves the patching issue (Score:1, Interesting)
Re:Well. (Score:3, Interesting)
I have two Red Hat 9 desktops that I would like to upgrade to Fedora 3. Today. Both are running Win4Lin and I want nVidia video acceleration.
I've downloaded "How to Install Win4Lin on FC3" from a Google search. Prints out to about 2-1/2 pp of 10 point on kernel recompile (and more pages on blog follow-up issues).
But nVidia acceleration is also a patch. But, but, but..... It is my understanding that you don't patch a patched kernel because the patch assumes it is being applied to an unpatched kernel and the patch won't patch. Tried it once on nVidia "custom" install with a Fedora Core 1 Win4Lin patched kernel and the nVidia splash came up, the background came up -- and it locked.
So, undolt me. How do I get the functionality of _multi_-patching linux kernels?
Make sure it is simple. Remember, I'm a dolt.
I'll check back.
Re:apt vs windows update (Score:3, Interesting)
You know what bugs the fuck out of me? Windows XP changing the behaviour of the "turn off" option to "download updates". The rare times I actually do boot into Windows only serves as a reminder of why I don't like doing it.
Sure it's cheaper (Score:1, Interesting)
Re:Not exactly objective.... (Score:3, Interesting)
do ssh "root@$a" apt-get update
done
How hard is that?
Re:OT: Your sig (Score:3, Interesting)