Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows Cheaper to Patch Than Open Source?

Zonk posted more than 9 years ago | from the fud-for-breakfast dept.

Upgrades 473

daria42 writes "Is Windows cheaper to patch than open source software? Of course this Microsoft-commissioned report thinks so - but a number of people disagree, including a key Novell Asia-Pac exec, Paul Kangro. Kangro highlights problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' says Kangro. 'When I patch my Linux box I don't need to bring it up and down any number of times.' Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."

cancel ×

473 comments

Sorry! There are no comments related to the filter you selected.

Who is driving? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12587912)

Bear is driving!
How can that be(first post)?

Well. (4, Insightful)

Sierpinski (266120) | more than 9 years ago | (#12587917)

It might be easier if you have no idea how to really use a computer, and are not willing to learn. Those people will never leave the "comfort" of a familiar thing. They fear change, especially when it forces them to actually think for themselves.

Re:Well. (2, Insightful)

psiphre (454612) | more than 9 years ago | (#12587956)

how the shit is this redundant, mods? It was the first non-troll post.

Re:Well. (0)

Anonymous Coward | more than 9 years ago | (#12588092)

It's redundant in that it's SSDD.

With apologies to Mr King.

Re:Well. (3, Insightful)

Soybean47 (885009) | more than 9 years ago | (#12587976)

It might be easier if you have no idea how to really use a computer, and are not willing to learn.

If they're talking about the "cost of patching," they're talking about large corporations. Large corporations have people in charge of IT who, we hope, have some idea how to use a computer. ;)

It really doesn't take much to patch most new-ish linux systems.
emerge sync && emerge -uD world
is probably one of the most complicated, and that's all there is too it.

Re:Well. (1)

smitty_one_each (243267) | more than 9 years ago | (#12588291)

Don't forget the timing. If you only do this about once a week or so, it's best to light it off before you go to bed.
That is, unless you modded a bunch of XBoxen into a poor man's distcc compile farm...

Re:Well. (-1, Troll)

TrappedByMyself (861094) | more than 9 years ago | (#12588110)

Be careful what you wish for. If everyone cared enough to learn how to manage their computer, you would become just another peon.
...as opposed to just another peon who is slightly useful because you can fix the boss' computer.

Where would your false sense of self importance come from?


Battle of the Trolls

Re:Well. (0)

Anonymous Coward | more than 9 years ago | (#12588355)

i totally agree. People can become such idiots when they start to fear. Most people want to be masters of their own domain and never stray away because once they do they're exposed to the real world.

Not exactly objective.... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12587932)

So microsoft says windows is cheaper to patch, whereas Novell (who own Suse) say linux is cheaper to patch.

Can someone tell me why this is news?

Xen (5, Informative)

mattdm (1931) | more than 9 years ago | (#12587933)

[...]problems with the report including the fact that it refers to problems faced by administrators before 2003: before significant improvements were made to Linux patching tools. 'We didn't have tools like Xen for Linux then,' [...]

Oh, come on. Practically speaking, we don't have Xen for Linux *now*. Sure it's cool and all (which is why it's slipped into this basically unrelated story) but it's not nearly ready for the Linux mainstream and I'd be surprised if more than a handful of people are using it heavily in production.

Re:Xen (5, Interesting)

jbgreer (4245) | more than 9 years ago | (#12588090)

I wouldn't be too sure about that; I just installed Xen on a box this past week, and the testing branch has been remarkably stable. Have you actually used Xen? That said, I like to think that the poster's larger point is that virtualization technology and its implementations - in VMWare, Xen, etc. have made patch management easier to manage, especially with all of the work going on in migrating apps and OSes. That, to me, will be the real benefit of such work.

Re:Xen (1)

natd (723818) | more than 9 years ago | (#12588277)

I was beginning to think my lot were alone. Yes - it works and people have it.

Re:Xen (1)

XenoPhage (242134) | more than 9 years ago | (#12588431)

I think I missed something here.. Xen is similar to VMWare, correct? How does this help you to patch your machine without needing to reboot? Why would I want to run a virtual server on top of my regular server?

Re:Xen (1)

mattdm (1931) | more than 9 years ago | (#12588392)

I wouldn't be too sure about that; I just installed Xen on a box this past week, and the testing branch has been remarkably stable.

That's my point.

Have you actually used Xen?

Tried it. Not in production. I imagine that's the case for many people -- but actually, still a relatively small number of bleeding-edge experimenters. For that reason, obviously the numbers here will be higher than in the world in general.

That said, I like to think that the poster's larger point is that virtualization technology and its implementations - in VMWare, Xen, etc. have made patch management easier to manage, especially with all of the work going on in migrating apps and OSes. That, to me, will be the real benefit of such work.

*Will be*, sure.

Re:Xen (-1)

Anonymous Coward | more than 9 years ago | (#12588448)

"apt-get upgrade"?

yawn whats new (5, Funny)

EEproms_Galore (755247) | more than 9 years ago | (#12587937)

Every time I read about another "paid by Billy G" report it always reminds me of the joke.. How many Microsoft engineers does it take to change a lightbulb. None Microsoft defines darkness as the new standard..

Re:yawn whats new (5, Funny)

Anonymous Coward | more than 9 years ago | (#12587965)

Or the other jokoe:

Q: How many Linux engineers does it take the change the lightbuld?

A: RTFM, n00b. J00 suz0r, go back to M$ Winblows, l4m3r.

Re:yawn whats new (1)

NickFortune (613926) | more than 9 years ago | (#12588199)

Q: How many Linux engineers does it take the change the lightbuld? A: RTFM, n00b. J00 suz0r, go back to M$ Winblows, l4m3r.
Yup. 'Cos, you know, it's not like you can find that attitude amongst windows users.

Oh, wait... yes you can, can't you?

Re:yawn whats new (5, Funny)

Intron (870560) | more than 9 years ago | (#12588405)

Q. how many Apple engineers does it take:

A: We don't use light bulbs any more. We have high brightness iLED displays for only $599.

apt vs windows update (5, Informative)

xmodem_and_rommon (884879) | more than 9 years ago | (#12587938)

Really? The 'apt-get update && apt-get upgrade' i did earlier today on my debian (testing) box took less than a minute, and isntalled not just the latest security patches but also the latest versions of all my software. That was pretty-much free.

Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.

Re:apt vs windows update (1, Troll)

Kihaji (612640) | more than 9 years ago | (#12588008)

And if Microsoft started adding in patches for software that isn't theirs you would be screaming "MONOPOLY" at the top of your lungs.

Re:apt vs windows update (2, Insightful)

xmodem_and_rommon (884879) | more than 9 years ago | (#12588058)

no i wouldn't. I'd consider it a good thing that users of microsoft products have one easy place to go for patching all their software.

Now if microsoft used windows update to replace products on consumers' machines with microsoft alternatives, THEN i would be screaming MONOPOLY at the top of my lungs. But fortunately not even they are that stupid.

Microsoft is a monopoly because... (0)

Anonymous Coward | more than 9 years ago | (#12588377)

> And if Microsoft started adding in patches for software that isn't theirs you would be screaming "MONOPOLY" at the top of your lungs.

Wrong.

I scream "monopoly" because, if an ISP were to bundle various applications with their PCs, along with Windows, and were to offer an update service for all those applications, along with Windows, then Microsoft would punish that ISP (with higher prices or worse) unless they _removed_ support for any applications that Microsoft did not approve.

Microsoft is not a monopoly because of what they _include_.

Microsoft is a monopoly because of what they _exclude_.

To learn more about what makes Microsoft a monopoly, read the DOJ's Findings of Facts [usdoj.gov] .

For example, there is this passage where Bill Gates threatens Apple to force them to drop support for Netscape:

> Gates informed those Microsoft executives most closely involved in the negotiations with Apple that the discussions "have not been going well at all." One of the several reasons for this, Gates wrote, was that "Apple let us down on the browser by making Netscape the standard install." Gates then reported that he had already called Apple's CEO (who at the time was Gil Amelio) to ask "how we should announce the cancellation of Mac Office . . . ."

Or these passages where Microsoft threatens Intel to get them to stop helping Sun to improve Java performance on Intel hardware:

> To hinder Sun and Netscape from improving the quality of the Windows JVM shipped with Navigator, Microsoft pressured Intel, which was developing a high-performance Windows-compatible JVM, to not share its work with either Sun or Netscape, much less allow Netscape to bundle the Intel JVM with Navigator. Gates was himself involved in this effort. During the August 2, 1995 meeting at which he urged Intel to halt IAL's development of platform-level software, Gates also announced that Intel's cooperation with Sun and Netscape to develop a Java runtime environment for systems running on Intel's microprocessors was one of the issues threatening to undermine cooperation between Intel and Microsoft. By the spring of 1996, Intel had developed a JVM designed to run well on Intel-based systems while complying with Sun's cross-platform standards. Microsoft executives approached Intel in April of that year and urged that Intel not take any steps toward allowing Netscape to ship this JVM with Navigator.

> In one instance of this effort to stunt the growth of the Java class libraries, Microsoft used threats to withhold Windows operating-system support from Intel's microprocessors and offers to include Intel technology in Windows in order to induce Intel to stop aiding Sun in the development of Java classes that would support innovative multimedia functionality.

> Two months later, Eric Engstrom, a Microsoft executive with responsibility for multimedia development, wrote to his superiors that one of Microsoft's goals was getting "Intel to stop helping Sun create Java Multimedia APIs, especially ones that run well (ie native implementations) on Windows." Engstrom proposed achieving this goal by offering Intel the following deal: Microsoft would incorporate into the Windows API set any multimedia interfaces that Intel agreed to not help Sun incorporate into the Java class libraries. Engstrom's efforts apparently bore fruit, for he testified at trial that Intel's IAL subsequently stopped helping Sun to develop class libraries that offered cutting-edge multimedia support.

As to your suggestion that Microsoft offer an update service, experience has taught us to expect the following:

The updates for Microsoft's own software would work fine.

But the updates for competing products, like Firefox, or Java, would periodically cause those products to break.

It's in Microsoft's nature to cheat. They can't be trusted.

Re:apt vs windows update (5, Funny)

I confirm I'm not a (720413) | more than 9 years ago | (#12588041)

Conversely, windows update only updates windows (not my other apps), and takes at least 15 minutes every time i run it.

Windows Update worked its magic on my workstation yesterday; I was busy and didn't reboot afterwards. For the rest of the morning (until I caved and rebooted the bloody thing) Windows Update popped-up an annoying dialog box every ten? fifteen? minutes inviting me to restart the PC. Needless to say, everytime the diaplog appeared it was when I was typing, and half a line of code got piped to Window's equivalent of /dev/null.

I think we should *thank* Microsoft for promoting Linux ;-)

Re:apt vs windows update (1)

Joe U (443617) | more than 9 years ago | (#12588136)

Yeah, because it would be better if it didn't remind you and you left your system unpatched.

The alternative is when your system is destroyed 2 days later because you didn't reboot, you get to blame Microsoft for not reminding you enough.

Re:apt vs windows update (4, Insightful)

I confirm I'm not a (720413) | more than 9 years ago | (#12588204)

Yeah, because it would be better if it didn't remind you and you left your system unpatched.

No, it would be better if it [Windows Update] reminded me once and then respected my decision.

Re:apt vs windows update (0, Troll)

kayak334 (798077) | more than 9 years ago | (#12588406)

The problems is, most users "decision" is simply clicking "no" and forgetting about it forever. Then Shashdot posts a story about how Microsoft doesn't enforce security patches by simply letting users say "no I don't want to update my computer!!1"

You could have just saved your work and taken all of the 1-3min it takes to reboot a windows box.

Re:apt vs windows update (1)

oojah (113006) | more than 9 years ago | (#12588435)

Damn right.

Roger

Re:apt vs windows update (1)

ScentCone (795499) | more than 9 years ago | (#12588163)

Needless to say, everytime the diaplog appeared it was when I was typing, and half a line of code got piped to Window's equivalent of /dev/null.

Or, you could take about a minute of your time and set up the Windows Update service to download the patches, remind once that it has them and hopes you'll install them, and then do it when you know it's convenient to restart services/the OS. It's a couple of mouse clicks.

Re:apt vs windows update (1)

I confirm I'm not a (720413) | more than 9 years ago | (#12588245)

Or, you could take about a minute of your time and set up the Windows Update service to download the patches, remind once that it has them and hopes you'll install them, and then do it when you know it's convenient to restart services/the OS. It's a couple of mouse clicks.

I can confirm that, because it's exactly what I've done. My problem is once Windows has installed the updates - which it's going to need to do at some point, no? - it then wants to reboot immediately, and doesn't want to take my word for it that, no, really, later's fine. In this instance I'd deliberately left the PC on overnight for the update, and in the morning I wasn't prompted to reboot for a while after I arrived at work - by which time I was busy.

Re:apt vs windows update (1)

dtfinch (661405) | more than 9 years ago | (#12588425)

That bugged me this morning as well. You could try a program like ClickOff, and set a really low scan interval so it'll close the dialog almost immediately. You still might lose a keystroke though.

Re:apt vs windows update (4, Informative)

SomeoneGotMyNick (200685) | more than 9 years ago | (#12588439)

It's a couple of mouse clicks.

OK. Sound easy. Let's do it.

Clicks Start | All Programs | Windows Update
Hmm.... just sends me to a MS web page. Meanwhile, for some reason I can't shut down the IE window until it finishes "checking" my computer for updated "Update Software"

Clicks Start | All Programs | Accessories | System Tools.
Hmm..... Nothing there for Windows Update.

Left click on the Windows Update icon in the system tray (it's GOTTA be there..)
Up pops a "Ready to Install" update screen.

Whoops, I forgot I should RIGHT-CLICK the icon to get a detailed menu of choices. I right-click
Up pops a "Ready to Install" update screen, no menu

Ah, Control Panel...
Click on Start | Control Panel
Double Click on Automatic Updates
There we go. A window with a green shield and a red shield and 4 radio buttons. Wait, they're all ghosted out!! And I'm logged in as an Administrator. I can't believe I go so far only to be blocked from changing the settings....

apt-get and emerge seems so much easier to use...

Re:apt vs windows update (2, Informative)

nra1871 (836627) | more than 9 years ago | (#12588437)

This has to be one of my biggest pet peeves. Why do programmers feel the need to pop windows up right in front of my face, and always when I'm typing? Nothing should ever interrupt my focus, put a window in the background or on the toolbar, but NEVER interrupt my typing.

Windows vs Microsoft products (1)

benhocking (724439) | more than 9 years ago | (#12588117)

Not that this nullifies the comparison you've made, but Windows update can also update your MS Office products as well. Naturally, your point is that it does not update non-MS products. Just thought I'd make that distinction a little more clear. Not that I use MS products. Er, that is...

Re:Windows vs Microsoft products (1, Informative)

xmodem_and_rommon (884879) | more than 9 years ago | (#12588162)

does it? Around six months ago I was at a relative's house trying to figure out why excel was showing print previews on A3 even though the paper size was set to A4. So I decided to isntall the lates service packs, and had to go to another website, "Office update" that is seperate from windows update to get them.

(oh btw the problem turned out to be that the DPI wasn't set)

It's an option when you set up WU, IIRC (1)

benhocking (724439) | more than 9 years ago | (#12588318)

However, it has been a long time since I've done that, so I could be mistaken. One would like to assume that if I am correct, OTOH, there will be an option hidden somewhere in the bowels of Windows Update that would let you turn that option on or off. From my experience with MS products, however, this would not necessarily be a safe assumption.

Re:apt vs windows update (2, Insightful)

Oestergaard (3005) | more than 9 years ago | (#12588202)

The cool thing about stable debian is, that it *doesn't* upgrade to the latest version of all the software.

It just installs security updates.

That way, I don't need to worry about database upgrades, configuration file changes, API/protocol changes etc. etc. etc. Everything that ran before, runs afterwards, unchanged.

*that* is cool. If you're running production servers in the real world at least :)

Re:apt vs windows update (1)

HaydnH (877214) | more than 9 years ago | (#12588258)

...Or there's Up2Date for Redhat/Fedora...

Re:apt vs windows update (1)

DrXym (126579) | more than 9 years ago | (#12588320)

Businesses running critical infrastructure or with large numbers of desktops do not blindly use apt-get / up2date / yum to install patches.


While I agree that it's handy to be able to do just that at home, it is necessary in the enterprise to be able to see a list of patches, the advisories for those patches, the dependencies between patches and be able to deploy (and rollback) them to all, some or specific boxes that are managed by a single patch server.

Re:apt vs windows update (0)

xmodem_and_rommon (884879) | more than 9 years ago | (#12588384)

apt lets you do that as well. There's no reason you can't run an internal apt repository for private use by your company, and only put patches there that you have checked.

Re:apt vs windows update (1)

saintp (595331) | more than 9 years ago | (#12588365)

That's pretty easy, but I have all of the SuSE boxen I administer set to auto-update nightly, so I never type a thing. Either way -- one line at the CLI or a few clicks when you set up the box -- it's pretty cheap. Of course, you can set Windows to auto-update, too, but it has to reboot every time, and only installs so-called "critical" updates. Nonetheless, if updating any recent Linux distro is cheaper than any recent version of Windows, or vice-versa, it amounts to a rounding error in the grand scheme of things.

Re:apt vs windows update (2, Insightful)

GIL_Dude (850471) | more than 9 years ago | (#12588389)

Never having used Debian, and being a bit of a noob on Linux (although I used to admin HP-UX a long time back), I don't seem to have it as easy as you do for updates.

I'm using Suse 9.2, and while the auto-updates in YaSt seem to work very well and only occasionaly ask for a reboot, they don't update things like Firefox with any patches I can see at all. I wanted to go from the included beta release to the 1.01 awhile back and had the damndest time installing it to somewhere where I could find it and run it. (I admit, it gets easier as I get used to it). However, I think just clicking on the EXE in Windows and having the newer firefox install run is a hell of a lot easier; it's less steps even for people who are experts.

For the things that Windows Update does patch (Windows, Exchange, SQL, Office, etc. shortly as they are almost ready to release from Beta the Microsoft Update) it does pretty well - but lots of reboots.

As I mentioned on my Suse - YaSt does well, and rarely has me reboot (I think twice so far).

But, the thing is - patching stuff like GIMP, Firefox, etc. doesn't seem to be as automatic and easy under Linux as it does under Windows. Hell, I was running PaperPort on my Wife's Windows machine the other night and it automatically updated itself to 10SP1. Until more of the FOSS ones can do that, I think patching of applications outside of the OS is easier on Windows than on Linux.

Also doesn't cover costs of waiting (0)

Anonymous Coward | more than 9 years ago | (#12587939)

Since most of the administrators seem to hold off on windows patch releases until they've been very well tested (sometimes for months) the report should include the damages to unpatched systems while making sure microsoft's patches work.

Me? I apt-get upgrade debian stable every night and sleep easily knowing that in the morning I'll have a well tested and working system. Plus, all my patches from a single location!

Cheaper, maybe... (2, Insightful)

mph_az (880372) | more than 9 years ago | (#12587961)

...but only if you don't count the hours of lost or reduced productivity waiting for MS to get around to releasing their patches.

Google says.. (1)

Froe (880425) | more than 9 years ago | (#12587970)

Microsoft Windows is... an easy installation that you can leave the rest like in the 100th monkey phenomenon. it won't happen overnight.

GoogleTalk id 47 [relet.net]

Cost of Rebooting??? LOL (2, Insightful)

Foolomon (855512) | more than 9 years ago | (#12587974)

Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied.

I didn't RTFA but any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already. It is not difficult to stagger the application of patches to server machines in a farm, which all but eliminates the cost of a reboot.

Anything from Novell that is spoken against Microsoft is suspect anyway. I'm not a big Microsoft fan, but the animosity between the two companies is well documented.

Re:Cost of Rebooting??? LOL (1)

Soybean47 (885009) | more than 9 years ago | (#12588003)

I believe he may be including lost productivity while employees are rebooting.

Re:Cost of Rebooting??? LOL (1)

rbanffy (584143) | more than 9 years ago | (#12588014)

It dates back to the time when Novell was evil and Microsoft was good.

Re:Cost of Rebooting??? Don't LOL me! (4, Insightful)

Tsu Dho Nimh (663417) | more than 9 years ago | (#12588070)

"any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already. It is not difficult to stagger the application of patches to server machines in a farm, which all but eliminates the cost of a reboot."

How about desk-bound employees and their patches? Don't we count?

I use a lot of non-MSFT apps, and if one of them fails to work with the patched Windows system, I'm goung to lose a lot of time. I've already had one "security patch" to something do wierd things to my system, making it impossible for me to see the hard drive password prompt. Multiple that by every laptop in the company and you have a lot of support calls.

Another "security patch" seems to have hosed the network finder so that it can't automatically pick up a new IP address from the LAN. I have to manually change the settings and ..... guess what? REBOOT to force it to pick up the new IP address. Every time I have to log on from home, that's TWO reboots and two manual interventions to what should be automatically happening.

Re:Cost of Rebooting??? LOL (4, Interesting)

UnknowingFool (672806) | more than 9 years ago | (#12588180)

but any company that is going to lose more than a few pennies from a reboot is going to have redundant servers in place already

I think Kangro was referring to more than lost business but also lost productivity.

In the case of desktops, it's going to be lost productivity. Sure you can schedule them to update and reboot in the middle of the night, but what if the user was working on something? The admins have to spend some time planning and scheduling mass updates or leave it to the user. It's trivial to reboot; it's harder to schedule for many machines so that productivity is minimally affected.

Also your argument only applies to mission critical or production machines. It does not include any development and/or testing machines that may not have a backup. Many organizations do not have the money to have a backup for every non-essential machine.

Our company is installing a new enterprise application. Every time we are rebooting the test servers, our consultants and employees are not working on the app. With new system setups, rebooting a lot is not uncommon.

Reasons for Rebooting (1)

Dink Paisy (823325) | more than 9 years ago | (#12588221)

There is actually a theoretical reason why a reboot is a good idea in some cases (not just in kernel replacements, either). Not rebooting can leave long running programs using old versions of libraries, which is a bad thing if the the long running process is a server and the new version is a security fix. In some cases involving dynamic loading and linking of libraries, it can even result in unpredictable behavior, such as data loss or a crash (although it would the application crashing, not the OS).

The problem is pretty theoretical, but when I mentioned it to a friend who has administered Linux systems for clients, his response was, "Oh, so that's why that happens." He said that when upgrading libraries he would restart all his important long running processes because he had experienced problems in the past. So apparently this actually does affect people.

I actually prefer the Windows approach of forcing a reboot in order to preserve correctness. I'm not saying Microsoft gets it perfect; the number of reboots forced on a Windows system is way more than it should be. Microsoft has improved over time, but I hope (as a Windows user) that they improve a lot more. I also hope that someone finds a way to eliminate this problem on both platforms.

Re:Reasons for Rebooting (1)

zerbot (882848) | more than 9 years ago | (#12588398)

Yeah, but you don't have to "reboot" in order to restart all the daemons on Linux (or any Un*x that I'm familiar with). The kernel doesn't use the dynamic libraries, so the only reason to reboot the kernel is if you're installing a new kernel. Even then a lot of kernel modules can be removed and reinserted without a reboot.

XP has fixed this, but it used to drive me nuts that Win98 would make you reboot the computer just to change any of the network settings.

Re:Cost of Rebooting??? LOL (1)

ashSlash (96551) | more than 9 years ago | (#12588251)

Face it, having to reboot when you patch your system is a load of arse!

It almost sounds like you are defending the practice.

Re:Cost of Rebooting??? LOL (1)

Jackdaw Rookery (696327) | more than 9 years ago | (#12588269)

Sorry but you have no clue what you are talking about.

Redundant servers for everything isn't possible - but that's mostly moot anyway.

It is difficult to stagger reboots when you're talking about thousands of servers all over the country managed from one location.

OK, the reboot is easy, after all switching crap off is simple :)

Making sure everything comes back up and is doing the job it is supposed to be doing is harder, fixing broken server boxes all over the country is harder still.

By the time you get all this right you'll find Microsoft has released more critical patches. Happy happy joy joy.

Flawed (4, Insightful)

republican gourd (879711) | more than 9 years ago | (#12587975)

Any company where the majority of the cost is in the patching process itself, rather than the testing of the patch, the secondary servers in the test lab that they can make sure it doesn't blow services up on, the payment of skilled people to identify the problems and fix them *when* they happen and various other people costs is of course going to be more expensive than "I set up windows updates once, so now it updates me magically whether I like it or not", even without the reboot thing.

There is also some really iffy logic in breaking down one single piece of the ownership cycle and claiming that it is cheaper and ignoring the rest. I tell you, paying for college for my persistently vegetative child is uber-cheap, I can't say enough for persistent vegetation...

Re:Flawed (1)

slack_justyb (862874) | more than 9 years ago | (#12588056)

Well put. So many companies and a couple of FOSS people always seem to look at just one or two segments of ownership and say, "Oh well we're cheaper that so and so here."
Generally speaking, if you reduce the cost fo something in one part, it usually raises the cost in another part. You just have to find the model that best fits your company.

Microsoft is working on this (2, Interesting)

brontus3927 (865730) | more than 9 years ago | (#12587978)

Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied.

IIRC, this is one of the things Microsoft is working on for Longhorn, being able to patch and install drivers "on the fly" without a reboot.

With XP SP2, if you enable the automatic downloading of updates, it will restart the computer automatically after teh updates are installed, unless you continuously click cancel when it comes up every 5 minutes. If your not at the computer, but have web downloads going on and it does this, it can be a real pain.

Re:Microsoft is working on this (1)

Timesprout (579035) | more than 9 years ago | (#12588286)

That xp notification is really annoying. You end up reboot just to stop the damn messages appearing.

The only drawback with whats coming with Longhorn is that it will bring us another step closer to subscription based MS software.

Reboots (4, Insightful)

Nytewynd (829901) | more than 9 years ago | (#12587984)

The cost of rebooting on some machines is astronomical. I know we had some management software on a data line connected to the stock exchange. From the hours of 8-5 any downtime would cost over $10k/second, not to mention any lawsuits that could have been processed if someone lost money and couldn't sell their stocks when they wanted. On the other hand, most machines are not nearly that critical, and reboots can be done at off hours. I would say that Windows systems are less costly to patch for another reason. Almost anyone with technical ability can patch windows. You can hire windows admins on the cheap. To get Unix admins will cost more if you want someone that knows what they are doing. I wonder if they take the cost of knowledgable staff into the equation. Otherwise, the cost of patching for either can be huge or trivial depending on the patch and the situation. Also, Windows is a lot better now with the reboots. You don't have to reboot nearly as much as in the past.

Re:Reboots (3, Insightful)

zr-rifle (677585) | more than 9 years ago | (#12588025)

Well, to avoid the rebooting problems you need redundacy - load balancing, etc - which obviously costs money. That means higher TCO than on *NIX, which fares better and is generally safer with less "armor".

Re:Reboots (1, Funny)

Anonymous Coward | more than 9 years ago | (#12588154)

So you're going to run your stock exchange on one non-redundant server? Unless it' a mainframe, I can't imagine anyone doing that.

Re:Reboots (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12588236)

You imply that patching unix boxes does not have any service downtime. Particularlly with Java shit, it can take a while to bring a service back up, and that means you need the redundancy.

Re:Reboots (2, Informative)

Nytewynd (829901) | more than 9 years ago | (#12588259)

That's true. But you can argue that any system critical enough already has load balancing and redundancy. All of the Unix machines I work with have mirrors and load balancing. I don't know many people that patch their production machines while they are live anyway. Even though it is possible, it is still highly dangerous.

Both sets of hardware are about the same, so the cost is a wash.

Re:Reboots (1)

Philosinfinity (726949) | more than 9 years ago | (#12588165)

In the environment where rebooting comes at a high price, I fail to see why a test server wouldn't be built with the proposed updates, tested, and then slipped into the server farm. From there, you can decomission the outdated system with little or no downtime. Obviously this is not feasible in small business environments, but how many small businesses lose $10k/sec of downtime?

Cheaper patching? (1)

zr-rifle (677585) | more than 9 years ago | (#12587991)

I'd really like to know what the study means by "cheaper to patch". Does it mean that, since time is money, the cheap is available sooner and installs faster? Are the guys doing the job available for less money? As the article points out, rebooting a mission critical server, especially on windows, after applying a patch, is a royal PITA, something that hardly happens on a *NIX machine.

did someone manage to get a copy of the PDF from Microsoft before it went down?

Microsoft and Crack (0, Troll)

canuck57 (662392) | more than 9 years ago | (#12587992)

Patching open source is easy and does not need to be done as often. And the patches for Linux are often more stable. We all know that...

So is this more foder for CIOs to reject open source because they have Microsoft stock in their portfolios?

Good to see the Microsoft FUD machine is still working.

Re:Microsoft and Crack (4, Interesting)

danheskett (178529) | more than 9 years ago | (#12588104)

Patching open source is easy and does not need to be done as often
This isn't always true!

1. If you are actually using the fact that some package is open source and run a modified source tree you need someone to maintain that tree for you. You may have to fuss with patches, especially if large or if they affect areas you have customized.

2. Depending on your package patches come willy nilly, with no co-ordination. MS releases patches the second Tuesday of every month. This actually allows some type of planning.

3. Depending on your package patches may come in series: three patches in three days, for example. I have never figured this out, but its almost like the attitude is, "well, while we are here". Additionally, you have products that are in "heavy development" with pretty serious point releases weekly or monthly. This really sucks if you are working against product. Do you wait and just upgrade once a year or every two years, or do you keep on the treadmill? MS has one good thing going for it, in that for example I installed some Win2k Servers in mid 1999 that are still on the same OS install almost 6 years later. I installed some RedHat servers at the same time, and well needless to say, I've upgraded from RedHat 5.x a number of times since :)

4. Patches for Linux, like Windows, still need to be tested in a production environment. Especially if you are running from a largely source built system. I admin a heavily customized web server that was built almost entirely from source, and I can very rarely do a simple "make && make install", let alone install a binary RPM. As long as there is that uncertainity, it has to be tested if you are running real IT shop.

MS is really starting to get its act together on some things, and patching is one of them. The balance with patching is the overhead versus the urgency. The OSS crowd generally see's every patch as urgent, and it reflects in the release schedule. MS generally sees few patches as urgent, and it also shows.

Ubuntu has a little red button (0)

Anonymous Coward | more than 9 years ago | (#12587997)

Ubuntu has a red button every now and then I click it and I am patched.

To patch my windows I simply gaff-tape plexiglass on top of the glass.

Honestly... (2, Interesting)

Philosinfinity (726949) | more than 9 years ago | (#12588002)

I may be a bit green to the corporate methods of updating a production OS, but I would think that the process would have to be the same. You have to set up a test environmnet, ensure that the updates produce the necessary results. Then you have to test to make suer that no other software/productivity is affected. Then you have to compare baselines. Regardless of the beginning OS, these steps are necessary.

I can see two potential differences between Windows and Linux on this front, though, and they both seem to favor Linux. First, you don't have to buy a second license to run the test server. I would assume you can get away with this in Windows by not activating the product, but I could see some test phases taking over 30 days. Second, since you basically know excatly what you are updating in Linux, and what other packages are dependant on what you are updating, your testing phase can be more focused. This isn't to say that it would take less time, but rather that you know what is prima facie in the testing order.

So corporate sysadmin geeks out here... where is the advantage in this area to using either os?

Can't agree (4, Informative)

dark grep (766587) | more than 9 years ago | (#12588012)

I just can't agree with that report. From 1999 to 2002 I did work for a datacentre with 150 Linux servers and 26 NT and then Windows 2000 server servers. Keeping figures on those I can say that the total downtime due to upgrades and patching for both groups in total was almost the same.

So What (1)

starmang (661689) | more than 9 years ago | (#12588030)

Microsoft are obviously going to create a report in their favour. If it wasn't promoting windows then they would not create the report. Rebooting the machine isn't even taken into consideration. Why did this even make /.? *grumble*

.yeah, right... (2, Informative)

Anonymous Coward | more than 9 years ago | (#12588045)

until recently, I was in charge for the Windows servers patching for a ~1000 units server farm, and all I can say is Microsoft sucks big time when it comes to fix high availability systems. I even developped in-house a patch management system because of the chronical unreliability of SMS for patch distribution. Comparing to a Linux based system using the simple APT, Microsoft is nowhere, useless, dangerous.

SUS, SMS, WUS, ... all are great when you speak about gui, all sucks when you speak about efficiency. Not to mention the poor quality of M$ patches themselves: just have a look at the troubles a MS05-019 can provoke.

Yeah, a good linux distribution wipes the floor whith the M$ patching goof.

Other horrible things Linux does...... (4, Funny)

i_want_you_to_throw_ (559379) | more than 9 years ago | (#12588053)

Here's what else the Microsoft report found....

Linux will recalibrate your refrigerator's coolness setting so all your ice cream melts and milk curdles. It will demagnetize the strips on all your credit cards, reprogram your ATM access code, screw up the tracking on your VCR and use subspace field harmonics to scratch any CDs you try to play. It will give your ex-boy/girlfriend your new phone number. It will mix antifreeze into your fish tank. It will drink all your beer and leave its dirty socks on the coffee table when there's company coming over. It will hide your car keys when you are late for work and interfere with your car radio so that you hear only static while stuck in traffic. Linux will make you fall in love with a hardened pedophile. It will give you nightmares about circus midgets. It will replace your shampoo with Nair and your Nair with Rogaine, all while your current boy/girlfriend is dating behind your back and billing their hotel rendezvous to your Visa card. It will seduce your grandmother. It does not matter if she is dead, such is the power of Linux, it reaches out beyond the grave to sully those things we hold most dear. Linux will give you Dutch Elm disease. It will leave the toilet seat up and leave the hairdryer plugged in dangerously close to a full bathtub. It will remove the forbidden tags from your mattresses and pillows, and refill your skim milk with whole. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve. These are just a few signs. Be afraid. Be very, very afraid. Windows is so much safer.

The weak spot in the credibility is always..."Microsoft commissioned report".
(Apologies to Laika)

Include Reboot Costs (4, Interesting)

Jackdaw Rookery (696327) | more than 9 years ago | (#12588063)

"Kangro also points out the report doesn't mention costs associated with rebooting systems after a patch is applied."

This is a really underated cost that not many people include or even consider. The environment I work in has a few thousand servers and 130K desktops; all running a mix of 2K, 2003, XP - and other Windows flavors. (Like that's my choice).

The reboots after patching are a major pain, everything needs to be checked and always, and I mean ALWAYS, some servers will fail to come back up.

It's costly stuff...

Re:Include Reboot Costs (1)

squidguy (846256) | more than 9 years ago | (#12588187)

And it seems every time my Fedora box gets a kernel patch, I'm prompted for a reboot too... Face it folks, OS perfection does not exist.

emerge -uDN world (2, Insightful)

Bazzalisk (869812) | more than 9 years ago | (#12588087)

does windows have en equivalent? I think not.

A point we often miss (5, Insightful)

rbanffy (584143) | more than 9 years ago | (#12588088)

We, Unixers, usually miss the point that, while we don't have to reboot the whole computer at each and every important patch, we have to bring services down and then back up when they are significantly patched. For a database server it's not the system uptime that counts - it's the database uptime. If it goes down, I could as well have rebooted the whole server - the phone will ring just the same.

While this is a whole lot better than Windows, they are getting closer.

And... Well... The fact it was paid by Microsoft says nothing about the report. I sure would like to see the other reports paid by Microsoft that say FOSS is cheaper, more reliable, more ethical and that are tucked away somewhere in a folder marked "secret"

Re:A point we often miss (2, Insightful)

joto (134244) | more than 9 years ago | (#12588234)

For a database server it's not the system uptime that counts - it's the database uptime. If it goes down, I could as well have rebooted the whole server - the phone will ring just the same.

Except that rebooting a computer takes around 2 minutes (maybe more if it's a heavy server. Restarting the DBMS (which is already cached in RAM, remember) should take less than a second. If you get phone calls then, just pretend you went to the loo for a minute and wait for it to calm down :-)

Re:A point we often miss (4, Insightful)

Peeteriz (821290) | more than 9 years ago | (#12588272)

Well, the point is that on Unix machines you don't have to bring down your database system to install a security fix for a webbrowser.

An interesting observation about this (1)

Peter Cooper (660482) | more than 9 years ago | (#12588094)

This is another of those reports full of fluff with little meat. I can't stand these documents that say nothing, think they're "stating the obvious" and just go around in circles repeating the same old company line over and over in the name of neutrality. I would argue that this document is one of those sorts of documents which goes around in circles repeating the same company line again and again.

So, all in all, another report with lofty hopes but a poor delivery. It sickens me that people get paid to producing these atrocities, all of which just loop around banging out the same company line each and every time, over and over. It's like listening to a broken record, with the constant reiteration of Microsoft's company line on never ending loop upon loop.

Well, I'd never have expected it myself.. (1)

caluml (551744) | more than 9 years ago | (#12588107)

So an exec from a company that owns a Linux distro doesn't agree with a Microsoft commissioned report that finds Windows is cheaper to patch?

Mein Gott im Himmel! This really is astounding! Call the BBC - it'll be front page news in no time!

How is applying a patch and recompiling expensive? (0)

Anonymous Coward | more than 9 years ago | (#12588109)

We maintain our own patches against most of the stuff we're running anyway... oh they mean security patches? Yeah, really hard to have our custom build scripts apply a source patch.

What a bunch of CTO bound clueless toss.

Local repositories (1)

peterprior (319967) | more than 9 years ago | (#12588115)

Hmm.. In my experience, most of the time taken to patch systems is downloading the patches, not actually applying them.

With things like Debian, etc you can have local mirrors of security repositories to speed up the application of patches on lots of machines.

Is the same thing available for Windows Update? If not, I wonder what additional bandwidth costs as well as download times would be incurred from having down download the same patches every time from a Microsoft server via Windows Update.

bandwidth (1)

rnx (99293) | more than 9 years ago | (#12588126)

well i dont know a thing about windows update but with the linux update systems i know you usually download the whole package for every little change and that definitely uses more bandwidth than it ought to. guess it's a tradeoff between complexity (setup scripts in rpms etc.) and bandwidth cost.

And this is news because.... ? (1)

Laurentiu (830504) | more than 9 years ago | (#12588131)

A) Everyone believes it.
B) The report was so crappy that everyone gave up Microsoft and switched to Linux
C) Nothing else exciting is happening in the world right now (yeah, not even a WoW server crash)

In other news, Linus Torvalds says that Linux is good. Richard Stallman reported that OSS is the way to go, and the new pope insists that the only hope for salvation is the acceptance of J.H.C. in your life.

And I just wasted 5 minutes of my life typing this worthless comment to a -1 Flamebait story.

Get the facts? (4, Interesting)

MoogMan (442253) | more than 9 years ago | (#12588143)

Well, lets look at the facts:

@ Both Linux and Windows can be easily configured to auto-update patches.
@ Windows patches are smaller (binary diffs as opposed to full updated packages).
@ However, there are more critical updates to Windows.
@ Windows has SUS [microsoft.com] , whereas Linux doesn't seem (excuse me if I'm wrong) to have any kind of distributed patch management for large businesses.

If bandwidth costs (it does), it could well be that Windows easily has less data to transfer for large organisations.

If we're talking about uptime then yes, Linux will be more "cheaper" (better uptime, minimal loss of business) in this respect.

Re:Get the facts? (0)

Anonymous Coward | more than 9 years ago | (#12588344)

Point @ is incorrect.

SuSE uses diff patches to reduce the download. Since that is part of YaST (I assume) and YaST is GPL'd, that means the diffs can be used in other patch systems that are GPL compatible.

Or they could rewrite the alogrithm because the idea is not patented.

Windows is buggier (1, Funny)

Orion Blastar's Psyc (885504) | more than 9 years ago | (#12588144)

and needs more patches. But Microsoft releases them so slow, and each patch causes more bugs.

MS nonsense reports (1)

ookaze (227977) | more than 9 years ago | (#12588146)

I'm sick of this MS nonsense reports. It is not even accessible (or slashdotted ?) for me to check it.
But knowing that a Linux distro allows you to update any program you have, and hey, even third parties can add their repository for the package manager, I don't understand how Windows patching can be cheaper, really.
Do they imply that getting patches by hand and applying them is cheaper than what a package manager with automatic notification does ?
Did they compare patching Windows with patching an entire Linux distro ? I just don't understand this nonsense.

Key people disagree? (0)

asciiRider (154712) | more than 9 years ago | (#12588155)

Yah - I'll say - a key number of people disagree. Every sysadmin on the planet -

Don't see how... (2, Interesting)

Chanc_Gorkon (94133) | more than 9 years ago | (#12588156)

I don't see how Windows can be cheaper from a compute cycle standpoint. You lose compute cycles during patches on all systems, it's just with Linux, you lose WAY less. You don't have to reboot. All you have to do is bounce services and your up and going. Microsoft just tells you to reboot because of the nutso way they run things. Even on Windows, you can do things to make reboots unnecessary.

Microsoft is getting desperate (2, Insightful)

QuietLagoon (813062) | more than 9 years ago | (#12588167)

When Microsoft continues to fund these highly biased reports and surveys, the Open Source community should be happy. It means that Microsoft considers Open Source to be a real competitor. In effect, Microsoft is doing more to validate Open Source and increase the visibility of Open Source than anyone could hope for.

Re:Microsoft is getting desperate (1)

ashSlash (96551) | more than 9 years ago | (#12588342)

Absolutely!

Free advertising.

Eye (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12588178)

In other news:
Eye easier to poke out with fork than finger, scientists agree.

Xen or Zen (2, Informative)

Trongy (64652) | more than 9 years ago | (#12588217)

Do you think that Novell's Kangro might have been talking about Novell Zenworks for linux?
http://www.novell.com/products/zenworks/ [novell.com]

Cheaper, but who the hell cares. (0)

Anonymous Coward | more than 9 years ago | (#12588281)

These sorts of surveys about cost, uptime, flexibility serve only to manipulate the PHBs by keeping the discussion off the fact that Microsoft is a reptilian company; dangerous to do business with of any sort.

The way they endevor to crush their competitors, the way they rob and then crush their "allies", the way they openly steal ideas and then tell the courts and the business world 'let us innovate'; it's breath taking. They're liars and phonies who've built an empire upon an incredibly smart bit of opportunistic business savvy a long time ago. So I give them credit for that, and I save the Windows admin-ing for the last of my day so I can go home and take a shower.

Microsoft Summary (1)

HaydnH (877214) | more than 9 years ago | (#12588323)

From the MS summary of the article [microsoft.com]

- The annual costs of patching the security vulnerabilities of individual Windows-based and similar OSS-based systems are roughly comparable.

- On a per-patching event basis, Windows-based systems require less effort than similar OSS systems.



So it costs less per patch to use MS, but about the same per year as OSS... So MS are saying they have way more patches?? Now thats a surprise!!

Haydn.

another cost that is lost in the translation (2, Informative)

Kookus (653170) | more than 9 years ago | (#12588331)

When I patch a windows server, it concerns me when it asks to be rebooted.
For example, when the latest service pack came up for Windows 2003 Server, It took a lot of balls on my part to hit that restart now button. I've had it in the past where it would break something and I'd end up having to do a complete reinstall, costing my company thousands of dollars of just lost productivity.
Sure, I'm suppose to have an identical machine to test these things out on with an identical setup, but realistically how many companies have the money to buy two of everything?
On my linux machines, I only fear things like a dependancy breaking and losing 1 program, for example KDE, but that isn't necessary for a server to work (well it shouldn't be installed on a server ;)) but lets say some other program bailed on me, it's not like everything is so tightly coupled together that I got to do a compelte rebuild. The programs that are required for business operations I always have installed manually, so I never really lose more than a few seconds to just change the symlink back to the old version. In this case, people probably wouldn't even know anything happened.

oh my (1)

bobsalt (575905) | more than 9 years ago | (#12588367)

ya, checking "yum" in the setup --> system services was reeeaallll hard. I should switch back to windows on my servers.....
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>