Novell is now a part of Micro Focus

Fact Finding: Things Microsoft Doesn't Want You to Know

Articles and Tips: article

01 Feb 2005


Linux is the fastest growing operating system, used from desktops to the most demanding data centers.

Recently Microsoft has been challenging the suitability of Linux for the enterprise, bending the truth quite a bit to make it fit its view of the world. Novell launched a new Web site dedicated to unbending the truth and setting the record straight. The following is a sample of the information you'll find there. Take the time to explore the facts and you'll understand why Microsoft is challenging Linux, and more important, why Linux is often a better choice than Windows for satisfying the business needs of enterprises everywhere.

The Bottom Line

Linux can deliver a lower TCO; it is arguably more secure than Windows; and the indemnification program and patents Novell offers for its open source products provide comprehensive protection for customers who wish to migrate to Linux. Read the full reports for yourself and see why Linux is gaining more and more fans every day.

Linux is the fastest growing operating system, used from desktops to the most demanding data centers. (See Figure 1.) According to the IDC server group's numbers, Linux server shipments grew 45.7 percent from 2002 to 2003. They forecast that by 2008, 25.7 percent of all servers shipped will be running Linux.

Figure 1

According to an InformationWeek survey, "Linux is now the dominant manifestation of open source. Nearly 70 percent of 420 business-technology professionals surveyed already use the operating system. Three quarters of those using Linux on some of their companies' servers chose it for its performance capabilities and reliability." (For more information, read the report online.)

Why Linux is a better choice than Windows

There are several areas in which Microsoft is comparing Linux and open source software with Windows and claiming advantages for Windows. Let's take a closer look at three key areas of great concern to most IT professionals:

  • Security

  • Performance and Reliability

  • Total Cost of Ownership

Linux is more secure

First, let's examine the security of Linux and open source software versus that of other platforms and technologies. Consider three critical areas when comparing Linux and open source software security to other solutions: vulnerability, patch management, and availability and distribution of security information. Microsoft has made several misleading claims in an attempt to deflect the many published reports of its continuing failures on this front. Here are some facts to counter those claims.

Vulnerability Claim

Linux and open source software are just as vulnerable to security attacks and breaches as proprietary platforms.

FACTS

The Evans Data Summer 2004 Linux Development Survey revealed the following:

  • Almost all of the respondents (92 percent) said they have never had their Linux systems infected with a virus.

  • Fewer than 7 percent said they had been the victims of three or more hacker intrusions. Only 22 percent of Linux developers said that their systems had been hacked. Of those, almost a quarter of cases (23 percent) involved unauthorized intrusion initiated by companies' employees. (Read the full story online.)

Patch Management Claim

The effect of downtime for patch management does not need to be considered when calculating TCO.

FACTS

  • In discussing security, Microsoft does not take into account the time, effort or cost of patching systems for security breaches. Recent studies showed that only 10 percent of today's security breaches would have been successful had all known security patches been applied. But companies are slow to apply patches because it costs them in downtime and testing time, and the patches may break other things. (Read the full article online.)

  • A recent Economist report estimates the cost of applying a single software patch to be $900 USD per server and $700 USD per client. These numbers are staggering in the context of large enterprises that manage more than 50,000 servers and clients and deploy several hundred software applications supplied by as many different vendors. (For more information, read the full article online.)

  • According to www.technewsworld.com, "one major financial institution had to go to its board of directors to approve an additional $10 million USD to finish this patch. After MS Blast and the cost of patching that, it's, 'Here we go again,' as new vulnerabilities are found deeply ingrained in Microsoft systems." The article also mentions the plight of another financial institution that was forced to take down its IT system for three weeks to patch its Windows desktop machines.

  • A frequently quoted study from the Robert Francis Group study in 2002 found that Windows installations require twice the number of administrator hours based on the average amount of time spent patching systems and dealing with other security related issues. See Figure 2. (For more information, read the full article online.)

Availability and Distribution of Security Information Claim

The distributive nature of Linux and open source software makes it difficult to receive or even be aware of security patches and vulnerabilities.

FACTS

  • Microsoft will no longer guarantee fixes for security issues in Internet Explorer versions beyond those on Windows XP. "It's a problem that people have to pay for a whole OS upgrade to get a safe browser," said Michael Cherry, an analyst with Directions on Microsoft in Redmond, Washington, in an article on Microsoft's policy. "It does look like a certain amount of this is to encourage an upgrade to XP." (Read the full article online.)

  • Microsoft offers select companies access to patches before others. Commenting in an internetnews.com article (www.internetnews.com/security/article.php/3406851) on this policy, security analyst John Pescatore described the prerelease of security information to high-end customers only as "an extremely dangerous practice." He said, "I know that Microsoft provides some advance warning to the Department of Homeland Security on things that could affect critical infrastructure. But I've never seen Microsoft give advance information only to customers who pay. That would be a terrible thing to do. That should only be allowed when we are talking about vulnerabilities that affect critical infrastructure. Not 'pay me more and I'll tell you earlier.' It's a very bad practice."

  • According to a recent NetworkWorld Fusion article, "Microsoft's licensing policies and legal restrictions that forbid schools from distributing software patches to many students are leaving IT executives at universities with potentially thousands of unmanaged desktops that pose a serious security risk." (Read the full article online.)

Figure 2

Linux outpeforms Windows

For Linux and open source software to become more widely adopted across the enterprise, customers must be certain that the performance and reliability of the platform is the same as or better than existing proprietary technologies. Microsoft is attempting to persuade the public to believe that Windows outperforms Linux, in spite of years of experience to the contrary. Here are the facts:

Claim

Proprietary platforms have better performance and reliability than Linux and open source software.

FACTS

  • In a recent InformationWeek Research survey, "41 percent of 281 business-technology professionals at companies using open source software say they're doing so across their organizations. Forty-two percent say they use production databases written with open source software, and another 33 percent are considering using it for their databases." (Read the full article online.)

  • According to the same InformationWeek survey, "Linux is now the dominant manifestation of open source. Nearly 70 percent of 420 business-technology professionals surveyed already use the operating system, up from 56 percent a year ago. Eightythree percent of 287 companies running Linux use it primarily to run Web or intranet servers. Application development, database management, and e-mail and message hosting are also top uses that survey respondents cited. Three quarters of those using Linux on some of their companies' servers chose it for its performance capabilities and reliability."

  • The first benchmark with SUSE LINUX Enterprise Server 9 and IBM DB2 Universal Database Express Edition set a new world record for best price-performance with $1.61/tpmC (transactions per minute) on an HP ProLiant Server. The result demonstrates the ability of SUSE LINUX Enterprise Server to handle corporate customers' requirements in a high-performing yet cost-effective way. (Read the full press release online.)

  • Oracle, NEC and Intel have set another world record in low-cost computing. On a server with 32 Intel Itanium II CPUs on 64-bit SUSE LINUX Enterprise Server 9 from Novell, Oracle Database 10g is more than 18 percent faster and 22 percent less expensive than Microsoft SQL Server Enterprise Edition on Windows Server 2003 Datacenter Edition. (Read the full article online.)

  • Tests by IT Week Labs in 2003 indicate that "the latest version of the open source Samba file and print server software has widened the performance gap separating it from the commercial Windows alternative. IT managers say Samba's better performance means they can use cheaper servers than would be possible with Windows software. And if they run Samba in a completely open source environment, such as on Linux, they could remove the cost of Windows server licenses." (See the full article online.)

  • An October 2004 Netcraft survey reveals that Apache is still the dominant Web-server platform, with 37.6 million total installations, followed by IIS with 11.7 million Web sites. (See the full article online.

Linux has lower total cost of ownership than Windows

Microsoft has been challenging the assertion that Linux and open source software are free and offer a lower TCO than Windows. It urges customers to look beyond Linux being "free" and evaluate it as they would any other platform. The studies it released to support this idea focus on three specific areas that it claims will disprove that notion and reveal hidden costs that drive up the TCO. The studies cite staffing and training, support costs, and administration and management tools. But upon closer examination, we find that many of those claims are false or misleading. A June 2004 article published in the IT Manager's Journal: Tracking the Evolution of IT articulates the fundamental superiority of Linux in reducing TCO. (Source: IT Manager's Journal: Tracking the Evolution of IT online.)

Four out of four experts agree: Linux lowers TCO

Can a company count on Linux to lower the TCO of an enterprise system? Reaction to this question from CIOs and IT managers usually goes something like this: "Well, of course it saves money on the bottom line: I don't have sky-high enterprise licensing fees every year; I don't have over-the-top support subscription costs; I can maintain the code in-house; I have fewer security and access issues so my system downtime is low; I'm not paying for unnecessary bells and whistles in end-user software; and there's no worrying about mandatory upgrades every year and a half."

We talked to independent analysts, developers and IT company executives. They all fairly agree on one answer to the question: Yes, generally there are fair-to-good TCO savings with Linux--sometimes huge savings. But variables in every organization's mix will determine exactly what that monthly, quarterly or yearly savings will be. (See the full article online.)

Staffing and Training Claim

There is a scarcity of Linux expertise among IT professionals, which will make staffing difficult and expensive.

FACTS

  • The transition between UNIX and Linux is fairly straightforward, so UNIX expertise in an IT staff will translate directly into Linux expertise. And while Windows expertise is somewhat more available today than Linux or UNIX expertise, companies need to be aware that there will also be a training hit for Windows experts when Longhorn releases. (Longhorn is the next major desktop Windows release which will follow Windows XP.)

  • In other words, any change requires training. Here is an interesting analysis:

    "Going from Win95 to Win98 was easy, they were similar enough. Even the 98 to 2000 migration was fairly livable, the programs were pretty similar. Sure, things like AD caused some heartache, but it was not unlivable.

    "Longhorn is very different from Windows, and upgrading will be a major pain. Pain in this realm equates to dollars. Add in the scarcity of experienced Longhorn admins, and you have more pain and more money flow. Not good once again.

    "Slightly related to people and differences is training. When you move to a new paradigm, even if it was similar on the surface, it can cause problems. Again, the 95 to 98 move wasn't bad. 98 to XP with something as simple as a new desktop brought major pain, confusion and training costs to the secretary set.

    "Longhorn is very different from 98, the problems will be worse yet. Chalk another win up for Win. All of these issues, admin work, support, training and ease of upgrades will lessen over time as familiarity with this 'brand new' OS creeps into the enterprise, but that is the future. For now, all the people issues, unless your organization is staffed by IT workers who must be ahead of the curve, will cost you a lot. (Source: The devastating case for Windows against Linux is the devastating case against Longhorn, by Charlie Demerjian.)

  • For those who need to augment their expertise, Novell has an industry-leading Linux certification program and a full Linux curriculum.

  • Novell certification courses are not limited to those with previous Linux or even UNIX experience. Corporations can utilize the classes--which span the full spectrum of expertise--to train their staffs. See the complete list of courses and certifications.

  • Novell is a leader in certification. According to a June 2004 report by Gartner, "Novell invented the technical certification program in the late 1980s with NetWare certifications. Today, Novell delivers 2.5 million hours of training to 80,000 customers and partners per year. Novell's training services portfolio includes technical-skills assessment, advanced technical training, custom training and curriculum development, self-study, and certification and testing. It offers a training road map for Novell SUSE LINUX. Novell has revamped its certification programs to make them practicum-based and continues to broaden its reach with nearly 2,400 Certified Novell Instructors (CNIs). In addition to the traditional Certified Novell Engineer (CNE), CNI and Master Certified Novell Engineer (MCNE) certifications, Novell now offers certifications for Certified Linux Engineer and SUSE-Certified Linux Professional. Companies should investigate Novell training services to appraise their technical staffs' strengths and weaknesses or establish Linux training and certification programs in their organizations." (Source: Novell Services focuses on Identity Management and Linux. Read it online.)

  • Novell has a number of different certification classes that corporations can utilize to train their staffs, including:

    • Linux Fundamentals

    • Linux Administration

    • Migrating to SUSE LINUX

    • SUSE LINUX Administration Custom On-site Training

Support Claim

The distributed nature of the open source software model diminishes its ability to respond to issues on a real-time basis.

FACTS

  • In addition to the vast free resources that are in place for Linux developers worldwide, Novell and other companies are bringing an additional level of professional support to Linux, making it more attractive to enterprises with an understandable aversion to risk. The mature, experienced technical support organization at Novell provides industry-leading 24x7x365 Linux support for businesses around the world. This infrastructure gives CIOs the peace of mind that comes from knowing Novell will be there to back them up whenever problems occur. With more than 800 support personnel located in seven support centers covering every region of the world, Novell can deliver unmatched levels of service on a global scale. In addition, Novell support escalation procedures are designed to ensure quick resolution and guaranteed response times.

Novell service contracts also allow you to buy only as much technical support as you need and integrate Linux support with your other support needs. Novell service professionals can help you evaluate the overall service levels your systems require, then choose the service that will best support your needs and objectives--regardless of business size.

Peer-To-Peer Support

One of the great advantages to using open source code is that it is infinitely customizable, and there is terrific peer-to-peer support offered by other developers who are using the same code base. This is a tremendous asset for the developers who work in a large organization to create specific applications that are tailored to the needs of their enterprise. The distributed nature of open source software provides an increased opportunity to get support via three popular mechanisms: mailing lists, forums and wikis.

When developers encounter a problem, there are numerous mailing lists specific to software packages and Linux distributions that have searchable databases full of solutions. If you don't find it by searching, you can send out an e-mail that will be received, in most cases, by hundreds of other people who are using the same software that you are. Jason Jones, a Linux developer and early adopter, vouches for the speed, reliability and specificity of this kind of support when he says, "The specific answers to my specific questions have usually come in less than 10 minutes from more than five sources."

Through mailing lists, Linux developers usually have access to the creator of the software package, who can provide more tailored answers than any manual could ever have.

Forums provide the same quality of response, but are conducted online. Wikis, a relatively new addition to the support offerings, provide a mechanism for expertise to be distilled, improved and constantly updated via a robust searchable online interface. All of these resources combine to offer a fast track to Linux expertise to anyone willing to ask questions.

Administration and Management Tools

Manageability is a key factor in determining any system's total cost of ownership. When it comes to installing, deploying, updating or securing Linux servers, blades, desktops or laptops, the unique Novell resource management solutions make it easy and costeffective to manage these assets throughout their entire lifecycle.

Novell ZENworks Linux Management gives IT administrators the ability to centrally control how they deploy and update systems inside the firewall. This industry-leading resource management solution offers best-of-breed Linux management capabilities at a much lower cost than the Red Hat Network solution. As a result, businesses typically see a return on their investment within days of deployment. Novell ZENworks also gives organizations the ability to dramatically simplify management across their whole infrastructure by cost-effectively managing systems running Windows, NetWare and Linux. (See Figure 3.)

Figure 3

Also, many independent software vendors (ISVs) such as BMC, CA and Tivoli and independent hardware vendors (IHVs) such as HP, IBM and others, have ported their management solutions to Linux. These large vendors treat Linux as a Tier 1 operating system just as they do UNIX and Windows. In addition, small software vendors such as Cassatt, Scali, Scyld Software and others offer Linux management solutions that integrate with those of the large IHVs and ISVs. Today, there are Linux management solutions available for every application area where Linux is used.

In addition to these cross-platform management tools, YaST (which stands for Yet another Setup Tool) is a key differentiator between SUSE LINUX and other Linux offerings. YaST provides assistance with installation, configuration and administration. Once the system is configured and running, YOU (YasT Online Update) offers a unique system-maintenance service. YaST manages all of the system configuration data behind the scenes and allows you the freedom to manually configure and edit system data. In addition, YaST is completely open. It supports the common information model (CIM) standard and is compatible with third-party management solutions such as HP OpenView, Novell ZENworks Linux Management, IBM Tivoli and CA Unicenter.

Claim

Administrative and management of Linux is difficult and inconsistent because there is a lack of sophisticated and effective tools.

FACTS

  • ZENworks 6.6 Linux Management provides precise control over the scheduling of Linux software updates, as well as automated and intelligent Linux package dependency analysis and conflict resolution for in smoother software installations. Using either an intuitive Web-based console or a powerful command-line interface, administrators can centrally configure and distribute software selections, manage users and organize groups of machines for installations and updates. ZENworks Linux Management is also included as part of the ZENworks suite, the only cross-platform systems management solution that supports Linux.

  • According to Fred Broussard, senior analyst with IDC said, "As Linux continues penetrating the enterprise, software necessary to manage Linux becomes more important, and it is helpful when a vendor known for this type of system management provides capabilities for managing emerging technology. With ZENworks Linux Management, Novell continues to provide a suite of products that meets a broad spectrum of customer needs." (Read the full quote in a Novell press release online.)

  • The powerful combination of Red Carpet and ZENworks now allows Windows, NetWare and Linux to be managed as one from a common console.

  • The SUSE LINUX distribution from Novell provides a common administrative and management framework for both Linux and other products. These intuitive tools simplify and streamline management tasks.

  • SUSE LINUX Enterprise Server 9 features integrated management capabilities, including support for ZENworks Linux Management, which enable IT professionals to more easily deploy, configure and update Linux servers.

  • YaST, which was released to the open source community to enable the community to use a common framework, is a comprehensive installation, configuration and administration tool. YaST gives IT personnel a common foundation for managing operating system components, network services, open source components and third-party applications. YaST now supports the common information model (CIM), a standard interface used by enterprise systems management solutions, which makes it easier to support large-scale IT environments and to interact with third-party systems' management tools. The AutoYaST feature allows IT administrators to automatically deploy Linux servers without user or IT intervention.

Don't Be Fooled By The Fud

If the world were as Microsoft describes, Linux would not be the world's fastest growing operating system; but it is. (See Figure 1.) ISVs would not be writing to it in ever-increasing numbers; but they are. Partners would not be looking to sell it; but they are. And Microsoft would not have put a revenue caution related to Linux in their latest SEC filing. But they did. (Read the full article online.)

So now you have some of the real facts. When making purchases to run a business, whether it be technology or other equipment, you need to make decisions on an individual basis, taking into account your specific needs. This holds true for the purchase decision of Linux and open source software.

In some instances, it may not make sense to implement Linux or open source software for certain parts of a business yet, but it may be a perfect fit in other areas. Just make sure you rely on all the facts to make an educated decision--not on rhetoric from vendors trying to spread FUD (fear, uncertainty and doubt) in the marketplace. For more information about dispelling the Linux myths coming from proprietary vendors, visit www.novell.com/linux/truth/.

* Originally published in Novell Connection Magazine


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates