Worms Jack Up the Total Cost of Windows 658
rbrandis writes "Dealing with widespread worms like Sasser raises the cost of using Windows, a research analyst said Wednesday. "This is part of the carrying cost of using Windows," said Mark Nicolett, research director at Gartner. "The cost of a Windows environment has gone up because enterprises have to install security patches very rapidly, deal with outages caused by secondary problems with these patches, and deploy additional layers of security technology." "The Sasser worm attacks confirm our prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on April 13 were likely," said Nicolett and his Gartner colleague, John Pescatore, in an alert posted on the Gartner site."
I'll save money (Score:5, Funny)
Re:I'll save money (Score:5, Funny)
http://www.dunkels.com/adam/contiki/links.html
Re:no viruses for linux yet because.... (Score:4, Insightful)
Re:no viruses for linux yet because.... (Score:5, Insightful)
in all fairness if the tables were turned and M$ had only 5% and linux had 90% of the users out there you can bet we'd be seeing virues/trojans/worms and hacks coming from all over the place, and we'd be talking about that instead of windows.
And this would only infect people running Linux as root all the time who use email clients that execute scripts sent from complete strangers without telling them. Yes, people would write Linux viruses and worms (they already do), but the effect would be minimal at best.
Re:no viruses for linux yet because.... (Score:5, Insightful)
Mmmm... that's not entirely true. Lately, a lot of virus writers have just been preying on the stupidity and gullibility of the average user. Hell, I got one of them zipped one day that practically had freakin' installation instructions... and people were STILL getting infected!
However, for this to work on a Linbox, there are two requirements: 1) the user must save the binary and make it executable and 2) the user must then run it. Now, once that happens, there's really not much going to go differently on a Linbox than a Winbox. The thing can still bind to a high port and zombify the machine for spammers, which is what the majority of viruses do as of late. On a desktop, there's no reason to believe that granny Gretchen won't do just that once she learns how to whip out chmod +x on everything's ass. The nice thing, however, is that if you're running in a corporate environment, you can isolate users to their own filesystems to protect them from doing stupid things like this. Yea, maybe they'll trash their own data, but at least they'll be isolated from critical system information and the network (excepting zombification... but you would be smart and block all those ports, right... you don't have chewy on the inside network security... right?). Great for corporate networks, FAR better than the Windows situation (Yea, I know.. you can use Active Directory, but that's not a native part of Windows). However, for desktop users at home... well... they'd still shoot themselves in the foot.
Worms, on the other hand, are another story. First, patching a Linbox is often a matter of grabbing a patch a day or two after the vuln is known and slapping it into the system. Since Linux is built on the Unix philosophy of tools in a toolbox, you don't have to worry that a patch for program x is going to change code that program's y and z also use (unless it's a library or something). Windows? Not the case. If you have to patch MSHTML, anything from IE to your damned titlebars can get fucked up as a result.
On top of that, Linux systems are not (currently) very homogenous. Part of what makes Linux a tantalizing target for manual attacks is that it's just damned hard to write malicious code that will work on a widespread number of systems. Unfortunately, as the dust settles and some companies really do start to take up the mantle of "desktop linux", that heterogeny may just go away for desktop users...
The point is this: Linux CAN be much, much, MUCH more secure than Windows. However, Linux also does the same thing Unix does: "Look, you can make me secure if you want, but you can also use me to blow your toes off one at a time... YOU choose.. I'm not going to decide for you." A lot of geeks forget that. Linux is not inherently secure (OpenBSD is inherently secure... and I don't think it's going mainstream desktop like that any time soon), and it WILL happily let you shoot yourself and your nearby friends if you so choose. Desktop users at home will do just that. It does do some things inherently better, but it still won't protect the world from people who don't bother to learn anything at all about their new toy. You can code against stupid people, but your system isn't going to do much when you're done.
Re:no viruses for linux yet because.... (Score:4, Insightful)
By LinBox, do you mean Lindows or Linux? Lindows lets the user run as root by default, just like Windows, but Linux generally does not.
So I didn't see the step where the running program gets root permissions, presuming you weren't talking about Lindows. Or are you saying that a user process can open ports without root-level permissions?
Sincerely confused,
--IceAgeComing
Re:no viruses for linux yet because.... (Score:4, Informative)
Re:no viruses for linux yet because.... (Score:4, Insightful)
That's because it is unnecessary.
I don't know why this mistaken idea that "malicous code not running as root can't do any real damage" has gained acceptance, but please stop repeating it.
Re:no viruses for linux yet because.... (Score:5, Funny)
from: coed_hotties68@hotmail.com
subject: superhotsexy screensaver
Hi! My hot lesbian coed friends and I made this hot lesbian coed screensaver! To install it, just do the following in a shell:
hope you enjoy!
Re:no viruses for linux yet because.... (Score:5, Funny)
Re:no viruses for linux yet because.... (Score:5, Insightful)
Hmm, sounds a lot like "Do not run unknown attachments from email". Doesn't work. Been telling users for years. Doesn't work.
Re:no viruses for linux yet because.... (Score:5, Insightful)
It doesn't matter if only a very small minority of gullible users get infected. In the scheme of things, it doesn't cost the worldwide community that much. The cost becomes significant however when a significant percentage of the population gets infected.
The problem with Microsoft is that it wants to remote control your box. It wants to know what you have installed and how you're using it. That's why Microsoft boxes are insecure, it's not because Microsoft isn't smart enough, it's because it's not in their interest to make your box too secure.
Re:no viruses for linux yet because.... (Score:4, Insightful)
100 attacks each hitting 1000 computers does as much damage as 10 attacks each hitting 10,000 computers. True, small isolated incidents regarding virus attacks are insignificant in the grand scheme of things, but its not like Microsoft can leave it alone.
For every kiddie script or virus variant out there, theres a hundred Joe Average users screaming at their computers. For every hundred screaming Joe Average users, theres 10 system admins having to go around and remove the virus, update their computers, and then give a lecture on how to prevent from something like this happening again (not that Joe Average will listen). For every 10 system admins running around needing to solve every virus problem, theres one programmer out there who has to come up with a program that bypasses the virus, seeks out the virus, and eliminates the virus. That and they have to figure out how it works, how it spreads, how can they get rid of it, if theres any clues as to who made it, etc.
So like you said, yeah in the scheme of things one or two attacks doesn't cost the worldwide community much. Except for the fact that one or two of these types of incidents seem to happen everyday. Now if you'll excuse me, I have to download anti-virus protection for my parent's computer, install it, update it, run it regularly, then debate on whether its worth paying $200 for an official CD-key, scream at the fact that the computer slows to a halt due to new anti-piracy software methods, call up the company and complain, and then come back to Slashdot to post a 'Askslashdot' topic regarding the sheer amount of frustration of dealing with anti-virus programs as the 'system admin' of my house.
Re:no viruses for linux yet because.... (Score:5, Informative)
Some email worms exploited an autoexecute from the preview pane bug in IE, but most of them were social engineering exercises in convincing the user to run the attachment. I think it's easy enough to launch an attachment in say Kmail or Evolution. The only challenge is delivering an executable that'll run on enough Linux machines (perl? bash? static binary?). The only reason we don't have a mass mailing Linux worm is because noone's tried it yet . It's not THAT hard.
Re:no viruses for linux yet because.... (Score:5, Insightful)
I don't know where to start discrediting your post.
The "running as root" argument is garbage. Any privilege escalation vulnerability in Linux history (or any other history, for that matter) is an existence proof.
The "without telling them" argument is garbage. The vast majority of viruses transmitted by e-mail are done so because the user did something dumb, not because of some long-fixed auto-execute vulnerability in a popular mail client. You wouldn't need root access to fall for something like that, by the way.
You think a major Linux worm would have a minimal effect? Do you have any idea how many critical systems run on Linux these days? Hit Windows, hit the desktops. Hit Linux, hit the servers. Put your sysadmin hat on and tell me which is worse.
Linux is not immune to security issues, and any claim that many eyes make for few bugs and thus OSS is fundamentally safer than Windows-based equivalents can be discredited with the slightest thought about reality rather than theory. Linux remains relatively safe because of the culture surrounding it, not because it's inherently flawless.
Re:no viruses for linux yet because.... (Score:4, Insightful)
that's a cost of trading off good security for a (little) ease of use.
compare that to windows, where the "default" is running as administrator.
people would write viruses, and they would still propagate if linux had 90% of the market share. just not as quickly and wouldn't affect as many people.
Re:no viruses for linux yet because.... (Score:5, Interesting)
The concept of running with as a priviledged account by default seems to be based on MS Win32 practices. Users didn't want to put up with logout as user, log in as administrator, install/config, log out as administrator, log in as user. For UNIX, that isn't necessary. I do think though that users converting from MS Win32 will likely continue that bad habit, but it's not a fault of the OS, just years of a limited OS.
Re:no viruses for linux yet because.... (Score:4, Interesting)
It's not necessary with Windows either. The "run as" command has no problems running installers or other graphical applications.
Heck, I've installed service packs fine using "run as".
Not to mention the fact that you can set Windows Installer to automatically request administrator privelages.
Why is this any different from Linux?
Re:no viruses for linux yet because.... (Score:4, Interesting)
Counterexample: MacOS X
Normal users aren't admins, but can have sudo access. When some installation requires elevated privileges, the user is presented with a dialog box for typing their password. It's considerably more convenient than having to log in as root, but doesn't let malicious code run at an elevated privilege level without the user knowing it.
But there have been Linux worms (Score:5, Insightful)
And of cours there's the Lion [symantec.com] worm, etc..
It doesn't take a lot of computers to cause trouble, and no platform is wormsafe. Windows is prolific, of course, which doesn't help, but it's also got so many ways in. That's the real catalyst.
Rule for ANY operating system; When the default install is weak, you'll see worms. The big catalyst for Ramen and Lion (I hate to say it) was in my observations default RedHat installs that had tonnes of services on by default.
Re:But there have been Linux worms (Score:5, Interesting)
But the newer or newest distributions generally have most things turned off by default now. And if you want to turn these services on, you are warned by the install program. It's a misconception that default installs are insecure now.
The difference (Score:5, Insightful)
With Microsoft Windows you now get one family 2000-XP-2003 all which share the same security problems. So 94% of the compurters out there come with some really bad security settings and flaws. Some will patch, but by default most of those systems are insecure.
If you don't like it, what do you do? Windows from Dell is as insecure out of the box as Windows from Compaq or Gateway, no choice, you can't buy a "safe" windows machine out of the box.
On the other hand.......
Default security in the Linux world is determined by the distribution. So if a distrubtion defaults to having a firewall, no insane file assocaitions for email and web browsing, limited services running, automatic security updates and practically forcing the user create and run a non root account. Then that distrubition will be pretty much virus free.
What will happen is this
Distribution A will have 12% share and gets infected 2% of the time
Distibution B will have 14% share and get infected 2.5% of the time
Distribution C will have 8% share and get infected 18% of the time.
It won't take long for Distribution C to get a bad rep. Computer makers will no longer offer Distribution C, or will add "value" by fixing the defaults.
To believe that Linux boxen will be as virus riden as Windows, you would have to belive that everyone will use Linux someday and that people will choose and stick with an insecure distribtuion.
Unlike Windows or MacOS, if Linux ruled, there would be healthy compitition and consumers would have a choice of which OS they ran.
Re:no viruses for linux yet because.... (Score:5, Funny)
TCO (Score:5, Funny)
I keed, I keed!
Re:TCO (Score:5, Insightful)
Talk about coming full circle....
Actually, I think the TCO for most organizations to run Linux vs Windows is actually about equal. The difference being -
What do you wish to invest your money in:
+ A quality, knowledgable IT staff who tailor solutions for your company and receive a decent salary and benefits in return
or...
+ Bill Gates bank account
Re:TCO (Score:5, Insightful)
So free beer is only free if you don't consider your time drinking it worthless? Next time I'll tell the waiter he owes me 3 bucks for that half hour - the price of that beverage.
I play around with linux in my free time.
Seriously, time = money only from nine to five.
Re:TCO (Score:5, Insightful)
Re:You may be a pirate, most of us aren't (Score:4, Insightful)
And I don't believe you're going to convince many people here that pirated software equals lost revenue. That's about as weak an argument as the RIAA's.
Re:You may be a pirate, most of us aren't (Score:4, Interesting)
I bought and paid for the crappy program, and now I can't even install it on my computer?
I'd like to see a few more lemon laws on softeware if they want to start treating IP as real property.
Heck, I'd like to see imported IP properly subject to tarrifs as well, thanks. I mean, if it is actually property and all...
You can't have it both ways.
I can relate (Score:5, Informative)
Re:I can relate (Score:5, Insightful)
Re:I can relate (Score:4, Funny)
. . . activate your WinXP software firewall . . .
So, when does the worm that exploits the security flaws in the WinXP firewall and/or Windows Update get released?
Autopatcher (Score:5, Informative)
There are versions for 9x all the way up to XP. You could fit everything onto one cd, and if you wanted you could even script that install. Thanks Autopatcher guys!
Repeated shutdowns while DLing the service pack (Score:4, Insightful)
Actually, Just install the latest service pack
This costs money for a CD from Microsoft. If the user tries to download the service pack instead of buying the CD, the user will probably get hit with Blaster or Sasser while trying to download the service pack itself, as the size of the service pack exceeds what a dial-up user can download within the time it takes for Blaster or Sasser to shut down the computer.
There are versions for 9x all the way up to XP.
Really? I read from here [autopatcher.com]: "AutoPatcher 2000 is still being worked on."
Re:Autopatcher (Score:5, Funny)
In your institution have an Coherence 101 course? :)
Re:I can relate (Score:3, Interesting)
Our lab is in a sad state because our windows server and its security patches: Patch the server, oracle breaks / don't patch the server, someone hacks it... so now while we scramble to find an alternative DB engine we have to apply/un-apply this patch when ever we want to do any work. thanks M$ for wasting our time.
the end
Re:I can relate (Score:4, Insightful)
it's much easier to change platforms than change databases i'd think. in most cases, to an application, the database IS the platform, more so than the operating system on which the database runs.
Re:I can relate (Score:3, Interesting)
I'm about to install SQL 2000 Server on a Windows Server 2003 machine. There is a vulnerability in SQL 2000 Server that allows the machine to be infected with the slammer worm [microsoft.com]. Unfortunatly I must install SQL and then each of the 3 service packs individually. I'm not safe from the worm until I get to the 3rd SP. My boss suggested that I simply disconnect the WAN connection but thats really not going to help me much when I'm trying to do this over the internet via Terminal Services (Its at a well known colo
Re:I can relate (Score:3, Informative)
Re:I can relate (Score:5, Insightful)
Exposing ANY database directly to the net is dangerous at best.
Comment removed (Score:4, Informative)
Re: (Score:3, Interesting)
Re:I can relate (Score:4, Informative)
I just ran a Windows 2000 box that hadn't been patched in a year through Windows Update. Three reboots: One for a Windows 2000 Service Pack, another for IE, and a third for a whole bunch of security patches (which did all install as a unit). And that's without patching Outlook Express, which looked as though it needed its own reboot. The whole process for two machines (desktop and laptop) took about an hour (including some significant pfutzing to clear enough HD space to allow the Service Pack to install).
Re:I can relate (Score:5, Informative)
Yeah, you can also order all patches from M$ themselves.. I forget the link but you can order all patches on CD for free.. I had it come to me but the curior never left it at my house, and wanted me to come pick it up..
Yep, I ordered that as soon as it came out, and it finally came, but since the CD was made in Februrary, it doesn't have any of the patches that just came out in April (ie the one that patches against the Sasser worm), so it's back to making CDs by hand.
Re:I can relate (Score:5, Informative)
Wow. (Score:5, Insightful)
Ahem. This is -1, Redundant. No shit viruses/worms raise TCO. This is the case for ANY operating system, not just windows. Of course, the homogenous nature of Windows makes it a lot easier for worms to affect machines in a wide range. But we'd still need to take precautions with any system in use.
Re:Wow. (Score:5, Insightful)
You've got to be kidding me (Score:5, Insightful)
Re:You've got to be kidding me (Score:3, Insightful)
To run Linux in your company, you need a system administrator that knows Linux, someone that will cost you money.
To run Windows, you don't need a tech savvy administrator, and he will be much, much cheaper. At least that is what they told you 2 years ago.
Of course those who actually believed that are now paying the price.
Re:You've got to be kidding me (Score:5, Insightful)
Darn right!
and he will be much, much cheaper.
Cheaper to hire, but he'll more than likely cost the company a packet in the long run, like so many Windows administrators that neglected to apply (let alone test) the latest Windows patches. When the network is down, a non-savvy administrator would more than likely have considerably more trouble getting it up again.
Downtime costs money, but so many people don't seem interested in changing their ways to save it. One has to wonder if TCO is anything worth bothering about anyway, especially with the laid-back approach many companies take to securing their systems.
An administrator like this will more than likely help your company remain vulnerable to all of the latest worms and virii, and probably has the server(s) running at a minimal rate of efficiency, not to mention that in a state of crisis such an administrator would probaby have to call somebody out to help them (which again costs money).
Of course those who actually believed that are now paying the price.
And are apparently 'happy' to continue on their reckless paths.
Shocking behavior.
Re:You've got to be kidding me (Score:5, Informative)
Yes, this is news. And it's good news. In case people missed it, this is from the Gartner group. This is the holy tome of PHBs. The way and the light. Gartner says jump, and the PHBs jump, you better believe it. And after years of saying the Windows is the way and the light, they're finally acknowledging that poor security costs money. It's recommendations like this, more than anything else, that will move companies from Windows to Linux.
Re:You've got to be kidding me (Score:4, Insightful)
Because we all know there's no such thing as viruses, worms, trojan horses, etc in the Linux world. Right?
Poor security costs money. Period.
So does flawed thinking. This is not a Windows-only issue. And if you think it is, you are as guilty of myopia as the PHBs you cite. Gartner said jump, and you jumped. You're just jumping in a different direction.
Isnt Linux Beautiful? (Score:4, Interesting)
Thats just plain sexy.
Re:Isnt Linux Beautiful? (Score:3, Insightful)
What? No. If/when Linux hits the mainstream desktop, it will have the same problems.
Re:Isnt Linux Beautiful? (Score:5, Insightful)
2) It won't be anywhere nearly equivalent, though, since Linux is not a monoculture. You'll wind up with worms that affect RedHat but not SuSE or Mandrake or vice versa.
Actually, if Linux becomes what it could, you'll have worms that only affect Ted's Distribution for Musicians but not Tony's Special Video Editting Suite or Kevin's Kitchen Sink Distro.
The beauty of Linux is that it turns operating systems into a true marketplace, not just a monoculture. That severely limits the potential impact of any worm or virus.
Re:Isnt Linux Beautiful? (Score:3, Insightful)
You are right that after a Linux hole is fixed, future Dlers are protected, that does little to help those already installed. Do you want to talk your mother through doing a kernel update rebuild, just to protect her from a new Linux hole? I prefer having mine go to windowsupdate.com, far easier IMO.
Re:Isnt Linux Beautiful? (Score:4, Informative)
Any commercially supported Linux distribution will offer updates that can be installed by your mother just like she can use Windows Update.
For example, look at SuSE Linux, which has Yast Online Update.
Re:Isnt Linux Beautiful? (Score:3, Informative)
...or you just do it yourself via ssh.
...or you set up cron jobs to automatically update packages every night.
The online distro model (Score:5, Interesting)
If I go to download Fedora or Debian via ISO images, and burn them, I often have a maintained distrobution that is very young. Less than a month old.
If I go and buy Windows XP via Amazon and have it delivered next day, I still have an OS image which is over a year old, even the new one that rolls up SP1.
I don't have to make a CD up with 30+ patches on it, before it is safe to plug my machine on a network.
If I worked at Redmond, and was thinking about this problem, I think what I may do is work an installation script that combines with the firewall - and keeps all inbound connections out until a "tunnel" is established to Windowsupdate, and all patches are applied before "releasing" the IP stack.
Many of these systematic advantages come from the fact that Linux doesn't need a license key to install the OS. If Microsoft gave Windows away, there would be 0-day distros on their website as well.
Antivirus subscriptions included in TCO? (Score:5, Insightful)
Re:Antivirus subscriptions included in TCO? (Score:3, Interesting)
Antivirus software can also be compromised by viruses/worms. I will never again buy Norton products after having some kind of virus on my Win2K box that disabled Norton in the background, while making it appear that the antivirus software was working.
This was a year ago. Maybe Norton has finally admitted that their product is vulnerable and has supplied fixes. At that time, there was no fix or admission of a problem.
If I were a business owner... (Score:5, Insightful)
At some point somebody (Windows apologist or not) is going to point to Longhorn as the solution to security problems. Is there hard data on whether or not worms have been increasing or decreasing (in frequency and effects) the past couple of years?
We know what problems they've caused and how the media's gone nuts over each virus, making things seem bigger and bigger. But some old viruses were much nastier, and I sure don't hear about those types of infections anymore.
Re:If I were a business owner... (Score:4, Insightful)
Now somebody seems to be finding the vulerabilities, notifing MS and waiting for a preventative patch to be issued. About the same time as the patch is released, the vulerability is shown to a lackey script-kiddy along with some prototype exploit code. The lackey write the worm, by the time the worm is written, the clue-full have already installed the preventative patches, and the semi-clued are testing the patches.
The Somebody in the back-ground doesn't want the clue-full to get infected, because they understand their systems, have forensic tools and will complain to and actively assist law-enforcement/intellegence agents. The semi-clued realy don't want to admit that they were caught with their pants down other than a few rants on
The clue-less on the other hand are still vulnerable, and the somebody in the background comes in with a modified worm to capture their machine for his purposes, skimming credit-card numbers, relaying spam or something more sinister. While he's doing this the visable infection rate is decreasing and law-enforcement is looking for the lackey while the priority of the case decreases.
Of course it's also posible I put my tin-foil hat on crooked this morning.
Not anymore... (Score:3, Informative)
http://www.internetnews.com/article.php/3317211 [internetnews.com]
(It's a link to the story about Microsoft including antivirus software in Windows XP Service Pack 2.)
Re:Not anymore... (Score:5, Informative)
Read the article again. There's a footnote at the bottom:
Corrects earlier version which incorrectly stated SP2 would include a built-in virus scanner. The offering actually includes a pop-up monitor that checks the settings of third-party anti-virus and firewall applications, and allows users to modify them if necessary.
ROTFLMAO (Score:5, Funny)
Who said these guys didn't know how to design an OS?
Patching (Score:5, Insightful)
Re:Patching (Score:4, Insightful)
That being said, 99% of all viruses can be preventued by that automatic Windows Update, and employees not running stupid shit on my boxes. I run a small company, and my employees actually ask me before they open any email attachment (I hire good people).
My Job (Score:5, Informative)
Re:My Job (Score:3, Insightful)
In Related News... (Score:5, Funny)
if TCO was all there was (Score:5, Interesting)
TCO (Score:5, Insightful)
Perhaps one of the reasons that Linux has an inherently low TCO is because the users who have installed it, configured it, compiled it and made it run on their toaster have taken the time to read the docs. They're familiar with the hardware, the apps they run, the OS under the apps they run, and viola -- things run nicely.
But in the Windows world? Everybody has a support line to call for absolutely everything. Almost every product offered has some form or another of support to it, to an extent that the people who are using these systems no longer have to use any mindshare whatsoever to get their stuff working. At your place of business a PC tech is waiting to coddle you. At your home you can call your ISP, call your PC vendor, call your OS manufacturer, call your application developer, call everybody in order to figure out what's wrong with the system. The suggestions they give you to fix it may seem arcane and strange, but if you follow them assiduously you have a 30 to 40% chance of getting things working... and if it doesn't work out, you can always call back 'til you get ahold of someone who really knows what's going on.
Small wonder the TCO is so incredible. I can understand that worms have an impact on this number - hell, I've logged plenty of overtime hours securing machines against the latest potential threat (the Army is rather proactive in locking things down against explotation - with good reason). I've spent countless nights securing our systems against worms that use ports that are not open on our firewall. I've spent hours updating virus signatures and restoring systems lost because a user thought it was a fine idea to open up an encrypted zip file they received from someone they didn't know. I've spent many a fine weekend and holiday at work restoring people's email because they deleted without consideration for the fact that bringing it back takes serious time.
My site would have far lower TCO if the users exercised a small, trifling fraction of their potential intelligence. Am I overestimating the abilities of the average human, here?
sigh... *Lots* of things go into TCO. My overtime, paid to fix these kinds of problems, is a significant part of it at the site I work for. End of rant.
WOW! (Score:3, Funny)
I've been hearing rumors that MS products cost more than the open source alternatives too. But it's just a rumor...
"Fate favors the bold"
You'd have to be really stupid... (Score:5, Interesting)
These are some of the large-scale operations that were affected by the worm, some of the frantic preparing for the worm strike. I have never, ever believed for a second that the TCO for Windows is lower than e.g. Linux of BSD, past the first month of switching. Even with higher sysadmin costs, the overall increase in productivity equals this and then some. Christ, potentially sick people had to reschedule their CAT / MR exams [www.ing.dk] because of a fucking Microsoft Worm (TM)?
How much more are we willing to up up with? I made two switches, first from Windows to Linux and then from Linux to Mac. The only thing I regret is not switching earlier.
Today, my employer lost 25 USD, since an article I wrote disappeared when Word crashed and I had to re-write it for one half hour. It seems the defaut Word behaviour in custom OEN installs that our IS get is to NOT autosave for recovery due to "performance issues"
Lower TCO my ass.
Re:You'd have to be really stupid... (Score:5, Informative)
This is why I love Gartner (Score:5, Insightful)
Next, argument against disclosure (Score:4, Insightful)
"The Sasser worm attacks confirm our prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on April 13 were likely,"...
We all knew these attacks were likely. Did their timing have something to do with the disclosure? Possibly. Would they have happened without the disclosure? Yes, I think they would have.
The root of the problem, in this case, lies squarely with Microsoft, and the various design decisions they made implementing their OS and other products.
In related news... (Score:5, Insightful)
Seriously, though, it's good that stuff like that surfaces on PHB-radar range. Maybe somebody will ask things like "So why should *I* be taking all these measures because *your* software is buggy?" the next time the M$ rep comes in, hawking the latest and greatest from Redmond.
Windows worms increase TCO of everything (Score:5, Insightful)
Windows worms(and malware in general) do not just adversely affect windows users, they have the potential to harm society in general(though I don't agree with the figures that some of these anti-virus people put out, they are just looking for sensationalism to sell their products)
Windows worms are everyone's problem, do your part to stop them!
interesting spin... (Score:3, Insightful)
I have seen (Score:5, Interesting)
In my case, working with 10,000+/- clients, I have seen this on repeated occasions.
Various MS patches would break the following:
Novell client on 2k/XP (but not 98/95)
Some third party business-specific applications (stat software, database, etc.)
Video drivers (easily fixed, but still)
In one case, recently, it BSOD'd several NT boxes (the IE 6 security rollups)
Irritating to be sure, so on one hand, you need to patch immediately (or risk the wrath of a new worm/virus)
On the other hand, patching immediately can lead to loss of productivity
On the third hand (you do have three hands don't you?) you can't wait for an AV package to have the proper updates, as (to my viewpoint anyway) AV products should be the last line of defense, not the 1st.
On the fourth hand, training is key to clients, but as the saying goes, you can lead a luser to enlightenment, but you can't make them think.
I keep waiting for *seriously* damaging viruses to show up in the wake of the leaked (partial) source code to Windows 2000. That may be the last straw to many a business.
Not Just Windows (Score:5, Insightful)
Of course it is true that owning and operating a Windows computer costs more because of the need to keep current with patches, to test them and to apply them in a timely manner. Every sysadmin knows this even if their cost-conscious boss doesn't see this big picture.
But, to be fair [and I'm no MS apologist - they need to be taken to task all over the place for lots of reasons], even if you run a MacOS X, Linux or even an OpenBSD system, there are implicit costs associated with maintaining those systems, too.
Since the software cost for FOSS is zero, the single most important cost is this installation and maintenance. As such, it ought to be quantified.
The advantage of doing this is that these kinds of costs are no longer swept under the rug and people can start asking more detailed questions about Windows maintenance costs in terms of sysadmin time- not just estimated costs of downtime on the business.
Then maybe, too, people will start to ask questions about what kinds of implicit future costs they incurred via early decisions to use some vendor's application that locks their valuable business data inside a proprietary format.
TCO? Don't they mean TCL? (Score:5, Insightful)
Re:TCO? Don't they mean TCL? (Score:5, Funny)
This increases TCO because...? (Score:4, Insightful)
I see one bad thing and two good things here...anyone else with me? I mean, shouldn't we work our best to keep our environments 1) current and 2) as secure as we can afford to?
The patches and the closed-sourcedness are, however, a PITA.
As far as TCO goes, I see the same people just working more salaried hours to fix issues arising from bugs, etc. And they haven't had to have the admittedly more extensive training behind running a *nix environment.
Of course... (Score:4, Insightful)
It's things like this that make me wonder if the "TCO of Windows" is more likely the "TCO of having highly unqualified people working in your IT department who know how to spell XP, but nothing more than that". If you have idiots running your network, you're paying to throw money out the window (no pun intended).
I'll say it again (Score:5, Interesting)
And it isn't the initial purchase cost. They could give away Windows and it would still be too expensive. Dealing with the virus du jour and the patch du jour is just too much anymore. Add to this (from recent Slashdot stories) large companies' estimates that half of all their Internet traffic was to/from Windows Update and the cost of maintaining Windows goes even higher.
Well, I quit. I am just done with patching Windows. All Windows machines are hidden behind a firewall (Linux based and I do patch it religiously; gee, there's been one critical patch in 1 1/2 years!), we don't use IE or Outlook and I only patch Windows when there are functionality problems.
Now, I know I'm gonna get a lot of flack from everyone here about "firewalls not being the final solution", "you gotta patch every day" yada, yada, yada. But the combination of a firewall, not using IE or Outlook and scanning ANY computer from outside before it is allowed on our LAN works for us. We weathered SQL Slammer, Blaster, Netsky, Bagel, Sasser, etc, etc with not one hiccup in our daily operation.
The key here is not to trust Windows on the Internet. No, one step further: don't trust any Microsoft software on the Internet! Don't use it for e-mail, don't use it to browse the Web and never, ever hook up a Windows machine unprotected to the 'net!
Vendor-dominated security group issues bad report (Score:5, Interesting)
Virus authors have nothing to worry about from this security group.
Some excerpts:
-
While strong out-of-the-box security configurations are preferred, it is recognized that updating existing products to
comply with this requirement can be costly, time-consuming and can result in various incompatibilities with current
and supported versions of the product. As a result, it may not be possible for a vendor to transition a product to a
more secure out-of-the-box state for several years, depending on product release cycles.
...
Whose side are these guys on?In conjunction with the above recommendations, the requirement for medium or higher assurance evaluations (Evaluation Assurance Level 4+ [EAL4+]) for commercial products should be dropped, since the stated reason for higher assurance evaluations by the proponents is the ability to do vulnerability analysis. Higher assurance evaluations for commercial software impose a cost burden that even the largest IT vendors cannot bear or should not bear; they do not substantially improve product security, but may result in vendors paying multiple times for the same evaluation in different markets. Furthermore, finding faults in software that has already shipped is far more expensive and less effective than giving vendors the tools to be used during the development process. ...
In order to promote the evaluation of more products, the U.S. Government should help offset the expenses of CC evaluation through research and development tax credits or paying part of the evaluation costs.
Stating the Obvious (Score:4, Funny)
Predicting that multiple recently announced security flaws in windows will be exploited is like predicting the sun won't explode tomorrow.
Mastercard (Score:5, Funny)
Anti-Virus Software for Windows XP corporate: $7000
The billing rate for 10 contractors to come out and clean your systems: 700$/hour
Seeing the face of your CEO when you tell him linux is free: Priceless
There are some things money is wasted on, for everything else there is linux.
Linux/Windows and worms (Score:4, Insightful)
an old saw (Score:5, Funny)
Another problem with Windows ... (Score:4, Funny)
I know! I'll just stop using Windows, and brick up the holes! That'll make my life better won't it!
Re:Server-based patching (Score:5, Informative)
I know it isn't perfect, and I shouldn't even have to pay for a server to keep our MS stuff up-to-date, but it has saved us tons of time and hasn't given us any problems yet. Maybe we are an exception.
Re:Excellent (Score:3, Insightful)
BTW, are upgrade costs included in the estimates?
Re:And the point is...? (Score:5, Insightful)
Analogy: Cars A and B have lower power engines and higher efficiencies than car C. Sure as gas prices go up, Cars A and Cars B will still see increases in fuel consumption dollars, but in comparison to Car C which has lower mileage per gallon, will *still* beat it.
I agree, a heteroculture is best; each machine for each best use, and a proper mix for maximum robustness, but I disagree that the TCO wouldn't matter in the long run. It would still be cheaper on a Mac or Linux setup, I believe, at least until the competition caused Micrsoft to shore up it's design!
Comment removed (Score:4, Interesting)
Re:I got this great idea.... (Score:5, Insightful)
I work as a sysad in a huge german company and whenever I say "Linux" they answer "retraining cost".
C'mon, I KNOW my users now for almost 5 years and I can guarantee you the vast majority of them got never ever trained on their machines and will never be. They are totally clueless most of the time and only a few use more than two or three apps throughout the day. After upgrading them to XP they didn't even recognize a difference. It just can't be that hard to move them over to a Gnome or KDE desktop. We had a 18year old for practice here for two weeks who knew nothing about PCs except browsing the Web with IE. He installed Knoppix on a machine, and the only time he asked during install was when the drive had to be partitioned.
Bah, I just can't believe the fairytale of trainingcost anymore. As if companies would train their staff... They just replace them if they find someone else who does the same job in less time, regardless if it was just that one could use Words serial-letter features and the other had never heard of it...
Re:um... (Score:4, Informative)
No. You are one among many that apparently think Automtic Updates covers everything when it doesn't. The Automatic updates are not all-inclusive of the patches released to address vulnerability/security issues.