Sunday, February 17, 2008

Lies, Damn Lies, and Statistics

I recently came across some Total Cost of Ownership (TCO) information Microsoft has published on their website, showing how using Windows Server gives you a better Return On Investment (ROI) than Linux. Given the ubiquity of Microsoft Windows, you may think that what they have to say would hold a good deal of truth to it. I think the truth is a little closer to "Microsoft makes it as expensive as possible to break out of the lock-in their products create."

The whole "package" the site is selling (Windows Server) is put together very nicely, but there is strikingly little hard data available. But we'll use what's there, without digging into the allegorical studies they've conveniently linked. Remember: there are two sides to every story, and Microsoft is known to lie on occasion. Even to a judge, on one occasion. During a trial in which they were convicted of being an abusive monopolist. But I digress.

Have a look at Microsoft's numbers in the TCO section of their site. What if you tried another server that has better uptime than Microsoft's servers that had just 1% better uptime? Suddenly, all the figures change -- and if you use a pie chart to express this, it really looks like that staffing figure balloons by about 5% for a change of 1% to uptime. And the training component? Wait a second here... the Windows platform gets an upgrade anywhere between every 3 and 5 years, so doesn't this get repeated every couple of years? And don't tell me Vista is exactly the same as XP, so no training is required. Once you know a POSIX-based OS (including Mac OS X, Linux, UNIX, FreeBSD, etc.) you've got pretty much all you need as you move through different upgrade levels. Even better, you can upgrade when you're ready, not on Microsoft's time schedule. Another point: upgrading something like a Linux OS will typically not require more hardware resources. Try squeeze Vista onto any 3 year old computer and see what happens.

Straight from Microsoft:

Choosing a reliable platform that’s easy to manage and maintain reduces the direct costs of reacting to downtime as well as the costs associated with end-user productivity.

Of course, avoiding that downtime is even better. When is the last time your IT team had to take down the Exchange server because of a virus, or due to some critical maintenance issue? Check this against your ISP, which probably uses a UNIX/Linux-type system. I'm just guessing your ISP handles a lot more email than your average company, and I can't even recall the last time I had a problem getting email from an ISP. UNIX/Linux and other POSIX-based systems just aren't prone to viruses the way Windows is. POSIX-based systems were designed to be used by many people, often all at once. Windows was designed to put a pretty face on DOS, and has grown up with that legacy. To get anything done, you have to use it with administrative privileges.

Reliability: getting your computers to do what you want, when you want them to. Is Windows easy to configure? Yes, as long as it's within the parameters of what the GUI says it can do. Otherwise, wade through the Registry and figure out the extra tweaking options. Linux and alternatives become easier to maintain day by day, even if you do have to edit a text file; the files are usually much smaller and better organized (and commented, even) than the Windows Registry. And once it's configured, you can rest in peace, knowing it will work consistently, even across security patches.

Okay, so maybe Microsoft's OSes aren't really the cheapest or most reliable, maybe they are. They're the most secure, right? So go ahead, run your Windows Desktop or Server without antivirus or antimalware software. Microsoft is secure, so this isn't an issue. Now back to reality: Microsoft has one of the worst track records for security in the computing industry. Thousands of viruses, trojans, spyware and the like infest the Internet, at times causing major slowdowns and disruptions to organizations and individual users. Yes, other platforms have problems occasionally, and you can argue that it's because there are so many Windows systems out there by comparison. But I would pick a Linux computer without antivirus over a Windows computer without antivirus any day. The basic security model of Windows is just flawed.

Linux is developed using an open development model; the code is put out in the open, where thousands of eyes can look at it and scrutinize it, like the way the scientific community scrutinizes new discoveries and papers. It puts warts and all out in the open, so that while the "bad guys" can figure out how to exploit a problem, there are dozens (if not more) "good guys" at work fixing the problems. Microsoft keeps these warts hidden, and from experience we know there are many. Just because they only disclose the ones they know they have a fix for, or are forced to disclose those that clever hackers find, doesn't make Microsoft's security model better.

Try running Windows without using an administrative account for a month and see how user friendly it is. That may be more secure, but you can't do much with it. Which is my final argument for the security (or lack thereof) comparisons Microsoft likes to expound, comparing it to the likes of Red Hat, Ubuntu or Debian systems. Any of these Linux-based distributions comes with everything you could possibly need to run on your computer, quite often free of charge (Red Hat charges for add-on service for their products). And Microsoft counts every little bug in each of them as a security flaw multiple times. Even though Microsoft Windows doesn't come with an office suite by default (you have to buy that later), they count the bugs in things like as being bugs in all of the comparison OSes. Even though the same bug may affect Konqueror, Firefox, Epiphany and other open source web browsers, Microsoft will include these stats individually in comparing their security to Internet Explorer.

Microsoft loves to tell you how much choice you have with the Windows OS. Supported by the most vendors, served by the largest number of certified technicians, etc. What would you expect of the vendor with 95% of the market? If they didn't have this kind of stuff in place, they wouldn't be around long. Especially with the amount of support needed to keep a Windows computing environment functional. I mean, just start out with having to purchase the firewalls, antivirus, antimalware, office suites, mail servers, terminal servers, file servers, application servers, hire the staff to look after all that and you've got quite a support network. Now, take the first 8 items I mentioned there and put the money back in your pocket. Use a free Linux-based solution for each of those, and hire the right people to take care of it all (they're out there, and they're not that hard to find).

MCSEs are a dime a dozen, and usually worth about that much. Their certification only lasts until the next Microsoft product comes out to replace the one they certified on, and the new software, I guarantee, has things they don't know squat about. Grab a qualified Linux professional and you've found someone who knows how to problem solve, how to learn, how to adapt to any given situation. The base of a Linux system has remained stable for years, and figuring out one Linux compared to another isn't that difficult when you know what you're looking for. You may be able to customize the hell out of a Linux server, but you don't need to to make it work like a Windows server. The fact that you can makes its value all the more, not an added expense.

How would you like your IT guys to be able to check in on any server or desktop right from their office? See detailed information on what the processors are doing, add a software package, or just remotely control the user's desktop that's having trouble finding a lost document? Sounds like some expensive Microsoft solution, doesn't it? How about, it's a built-in feature of most Linux configurations? While it is true that Enterprise management solutions for Linux are "slim pickings" and maybe not as well-rounded (aka. slick-looking) as the Microsoft Windows options, you can just plain do more with a Linux system by remote than you would ever imagine with a Windows system. You are really only limited by your IT staff's imagination. How's that for manageability?

Such a big word to mean so little, coming from Microsoft. Interoperability to Microsoft means being able to work with their servers, their file formats, their authentication systems, their world. And since they run their world, of course they are interoperable with it. Microsoft has a long history of "embrace, extend, extinguish" and this is just another facet of that behaviour. Microsoft has embraced things like Lightweight Directory Access Protocol (LDAP) and Kerberos authentication in their Active Directory Services (ADS), extended their use enough that it is a proprietary secret how to achieve full authentication, then locked out any alternative from being able to work with it. That last part, they've achieved pretty well, aside from those tenacious open source folks, who've worked around the problem in dozens of ways, in the name of interoperability.

They've done the same thing with the Web. Any web browser should be able to view any site. Instead, we have sites that exclude anything but Internet Explorer, and even some sites that exclude all but specific versions. The amount of pressure Microsoft is able to put on users without most of them even realizing it is incredible. They provide a "free" browser with their OS, and users never realize they are seeing a side of the Web unavailable if they switch; and if they do switch, it's nearly impossible to get some sites to work, leaving the impression the alternative product is somehow defective.

So Microsoft owns the game, and they don't really want any other players. Which is probably why they're currently trying to buy Yahoo! And they have the money to do it. Hell, they even lied to a judge and tried to get away with it. Come to think of it, I'd say they did.


Anonymous said...

Our ISP does use Microsoft Windows Servers, including Exchange, which is why we do have strange system drop outs from tiem to time.


Wolfgang said...

Yeah, right, that reminds me of the German Telecom. When they switched to Exchange servers, their mail service was down for weeks...


Wolfgang said...

Of course, nowadays, no one is really using those. There are so many free and better alternatives, whose management would never be that silly to use proprietary & expensive crap instead of something free & stable...

ed wiget said...

I have been preaching this same story for years. You provide some very valid points. I liked the article so much, I linked it to a tco forum post on