another Microsoft x Linux study

[cacosapo]

Although i dont like these kind of study, i would like your opinion about this study
http://www.microsoft.com/windowsserv...ievolving.mspx

In special about of its metodology.

I would like to read from you something like that:
"i agree about the study when they wrote this....."
or
"i disagree when they used that.."

Lets keep this thread without Ninja war please.

[bAgZ]

I have seen this study before and i don't think its a fair comparison.
Things like patches. They claim that Windows has less patches but
what you need to remember is the fact that when you install Linux
you normally get a whole lot of other software bundled in there over
and above the bare operating system that might need patching.
I am willing to bet that two thirds of those patches applied on Linux
have nothing to do directly with OS security since yow could probably
go without that software in a first place.

Second problem is upgrading software. It looks like they had complete
third party modules only for Windows platform and Linux Admins were
forced to integrate different pieces of software that were not exactly
compatible from different sources. Obviously it takes longer.
To me this looks like they are trying to apply Windows model on Linux OS
and that won't work. No Linux admin applies patches on a production
server. You need to have a lab setup with duplicated environment on
which you can test patches before applying them.

Then there are other problems no ones tells you which e-commerce
software was installed in the first place, or what third party upgrades
were used. And the fact that Microsoft had to pay for this study in a
first place should be enough for anyone not to take it too seriously.

[bballad]

The Study was funded by microsoft, run on MS equpment by MS people.....Not a vaild comparioson is the frist thaught that comes to mind.
At Two points thir basic assumptions are wrong in the study.
1)they assume you will apply all of the patches every month in an enterprise windows enviroment this is not true. We test the patches and then apply any that are needed and pass testing. Linux group fallow a similar testing an patching mentality, but thir patches don't come out in an artificialy set monthly cycle.
2) They assuem a yearly upgrade to the lates and gratest version of the OS..again in an enterprise enviroment if it works don't break it, we are still running some NT4 boxes as they do the job we need them to do why upgrade and risk breaking the system?

I also woner about this third party product, they where running one instance of IIS and SQL on the windows serve, but multipul instances of apache and the DB on Linux that seems like the linux crew got shafted by bad softwear choices.

here is a very good disection of the study http://blogs.zdnet.com/Murphy/?p=473...ed&subj=zdblog

[hexadecimal]

<does best at holding back words>

windows dissapoints me... it is a very powerfull operating system.. but they move ahead to fast and leave too many holes behind

i am a hardcore linux junkie... windows is only on my comp for 1 video game... uno.

2 in 3 sys admins failed with linux in that report... 2 were probably inadequet to work with linux to its full powers..

and ok, so windows is easier to install and configure *to an extent and baised on someones point of view*... but i would trust my life in the hands of a well configured linux box over a well configured windows box ANY day...

to get an unbiast result... the test needs to be done by mac... where else do you turn bt the other part of the competition.... eventhough apple and mac are nowhere near the server market as i know.

</does best at holding back words>

[rapier57]

Well, I'd like to see a solid, unbiased comparison provided by a disinterested third party and funded via a grant NOT from Bill and Melinda Gates Foundation.

I think the public would be well served by getting a good look and the pros and cons of each side, honestly. I'm in my own study of Linux, via Fedora. Fedora because our organization licenses RedHat and I have to work with it, so calm down. I've used various version of Linux since the original kernel and I find Linux interesting and challenging. I'm still not convinced that it is the OS for the masses.

As for Apple, I thought they just sold I-Pods and porn videos or something. They aren't still making computers are they?

[spazzmatrix]

It kind of makes one wounder, Is linux that big of a threat that M$ has to come out with new studies every few months.

I have been using linux for several years and would never go back to windows unless it was to play some new game.

Comparing one OS to another only works on certain levels, the whole "which is more secure" depends on who is running it.

Now if they where to have a study of "which OS holds your hand" I'm sure windows would win hands down.

[rapier57]

If Microsoft DIDN'T spend a lot of time analyzing and comparing its OS line with competing OS products, I'd think they weren't serious about staying in business. Part two of that is making sure your current customer base has the information you gathered. That is just basic good business sense.

If the open source and Linux community wants to be anything more than an irritating, itchy patch on Microsoft's flank, it needs to take some ques here. Religious zealotry just drives people off. Just think of consumers as all coming from Missouri: Show Me.

[guardian alpha]

and ok, so windows is easier to install and configure

I would have to disagree with that statement based on personal experience. There are certain aspects of Windows that are easier to install and configure, some through command-line and some through GUI. Resolution, wallpaper, and similar configuration settings are just as simple in KDE and Gnome as they are in the explorer.exe shell. If you are referring to kernel/system level configuration, I find the modularity of the linux kernel far more usable than the Windows registry. Not because I do not understand the registry but because it attempts to combine the windows kernel configuration, individual program configuration settings (granted, that is the fault of the software developer, but also for Microsoft for allowing it), internet settings, individual user settings, all within a singular area.

I assume it really comes down to the person when saying which is easier to configure. I prefer simplicity and straight-fowardness (ie: slackware with .config files) versus all-in-one area settings. It's not even really about GUI versus command-line, but the ease of use in understanding the tool through natural usage.

[catch]

They claim that Windows has less patches but what you need to remember is the fact that when you install Linux you normally get a whole lot of other software bundled in there over and above the bare operating system that might need patching.

What you need to remember is that nearly all the Windows patches are for an insecure default configuration. You can't indemnify Linux for having a loose install and then damn Windows for the same thing. Maintain a consistent standard.

I am willing to bet that two thirds of those patches applied on Linux have nothing to do directly with OS security since yow could probably go without that software in a first place.

Again, well over 90% of the Windows patches could be avoided by having designed and implemented a sane security policy. When was the last time the Windows OS required a patch for a core flaw? Maintain a consistent standard.

No Linux admin applies patches on a production server.

You're in for a surprise. Windows admins are no better.

I also woner about this third party product, they where running one instance of IIS and SQL on the windows serve, but multipul instances of apache and the DB on Linux that seems like the linux crew got shafted by bad softwear choices.

The majority of Apache installs are still on the 1.3 line and are, single-threaded accordingly... hence multiple instances.

Comparing one OS to another only works on certain levels, the whole "which is more secure" depends on who is running it.

This line of thinking indicates little more than an inability to quantify system security capabilities on your part.

All of that said, always consider the source of a study... but disliking the source does not excuse, much less justify making poor, inconsistent arguments against it.

cheers,

catch

[bballad]

hexadecimal: No the admins where good, the study was riged, they where forced to use a sapcific third party product, it was built for SUSE 9 and used a differnt version of GLIBC then what was on SUSE 8. No admin in there right mind would update GLIBC without updateing every thing...the one linux admin that got it working had to write a ton of code on the fly..if the contest where to be fair the windows admins shoud have had windows 2k boxes with aps built for IIS 6...you just can't do what the linux group was asked to do without major systems changes.

in a real world situation...if that is the product you are going to use you start at SUSE 9..also note that the linux admins where required to load a full install...that means at least three difrent DB engins where running and at least two web servers..... S oyes in that instance windows wors better