Posted on 09/08/2003 5:31:52 PM PDT by ShadowAce
COMMENTARY--Yep, it's Windows vs Linux time again. as usual, the facts go out the window in a points-scoring battle that completely ignores the important issues.
At the annual Tech Ed conference in mid-August, Microsoft's chief security strategist Scott Charney said "Half of all crashes in Windows are caused not by Microsoft code, but third-party code". Why would he say that?
For about a year, Microsoft has been implementing its Trustworthy Computing initiative, and has gone to great effort to improve its practices and get better security and reliability in its products. Being Microsoft, a lot of the work has gone into new products such as Windows Server 2003 rather than fixing holes in the software everyone's using, such as Windows 2000. Spend more money, get better security.
But it's slow going. Building better software is evolutionary, as is earning the industry's trust when your reputation is as bad as Microsoft's. It doesn't help when, as you're making this announcement, a worm exploiting a vulnerability in your code--not someone else's--is spreading around the world.
A ZDNet Australia Web site reader noted, "In decent operating system design it is recognised that programs may go feral and the OS must cope with this gracefully. Any OS that crashes because of bad applications is basically badly designed."
Charney's statement also ignores the problems many developers face trying to interact with Windows when they can't access the operating system source code, and sometimes can't even get proper documentation of the application programming interfaces. Third-party developers can hardly be blamed for instability if they don't know what they're working with. Charney was, at best, being disingenuous. Dodging the blame does very little to improve your reputation.
Charney's statement moved columnist Sam Varghese at the Fairfax newspapers to decry the terrible state of IT journalism today. "One should question why such statements are repeated verbatim, without even a hint of doubt, by journalists," he wails.
Varghese also writes misty-eyed pro-Linux puff pieces in his spare time in which he freely admits "I am not a techie". Yet in a column the day before, he quotes Linux evangelist Con Zymaris as saying "open source systems have a far lower risk profile" than Windows--verbatim, without even a hint of doubt. Pot, kettle? Or is it OK to report unsubstantiated propaganda if it's propaganda you agree with?
This is a highly contentious point, and not one that lends itself to being quoted without analysis by any journalist who wants to claim a shred of credibility. |
Zymaris claims keeping patches updated is far easier in Linux "due to the well thought-out and well-executed package management technologies". This is a highly contentious point, and not one that lends itself to being quoted without analysis by any journalist who wants to claim a shred of credibility.
Patch management is complicated. The Blaster worm was easily defeated if systems had been updated with a months-old patch, but a lot of systems didn't have it installed. This does not give the Linuxheads reason to be pleased with themselves.
Linux certainly beats Windows hands down in the number and frequency of patches, but this is not as good as it sounds. Every time a sysadmin needs to patch a system, particularly a business-critical server, he or she needs to be sure it isn't going to cause problems with what's already running. When new patches come out every other day, as they do with Linux, you can imagine the nightmares this could cause.
There is also a wide range of, words fail me, well thought-out patch management software available for Windows. And while Linux patches are--obviously--free, vendors like Red Hat charge fees to subscribe to their update services that help minimise dependency issues, which can be a big problem with Linux.
In an interesting approach, Sun Microsystems' Orion strategy means Sun will be sending customers quarterly patches for all its software on CD. These patches will be pre-tested for compatibility and integration issues. While this doesn't eliminate the need for emergency patches, at least it takes one big worry off admins' minds.
If it works well, expect to see Microsoft and the Linux vendors taking up the same idea--and slugging it out over which one of them thought of it first, which works better, and which has the lowest TCO.
Wanna be Penguified? Just holla!
Got root?
Thats like Ford saying half of all fatal car crashes were caused by driver error and not by the car failing.
I have never, I mean NEVER put a patch on an AIX, Solaris, or Linux system and had it break anything! My time for test to production patches is a couple of days for a low risk, and at most a day for high risk. On the windows side of things three times last year I had a patch break something else (usually an application it would be SQL server, or ...) My time from test to prod is at least a week on critical systems and around a month on low risk.
Windows update is fine for the desktop but anyone who would update Windows without extensive testing is nuts..
No, it is NOT a highly contentious point. What is contentious is "which package system is better, RPM or Debian .deb"? But ANYONE who has ever dealt with both Win2k and either RPM or .deb knows full well that Linux wins hands down on this matter.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.