On Tue, May 01, 2001 at 10:17:31PM -0400, Russell Hires wrote:
> Hey Everyone,
>
> I had the opportunity to speak with one of the corporate IT guys (you
> know, the one that just flew in from out of town, because he's so high
> up in the corporation that he doesn't really have time be at the one
> site all the time?) about a simple request: can I have a newsreader as
> part of my MS Outlook so I can participate in the Linux discussion from
> another, completely separate part of the corporation? Naturally, the
> answer was no, but in the course of my conversation with him, he asked
> me why do I want to be involved with something that is not my primary
> function. I gave him the basic speel about Linux and Free software, and
> how it's open source.
>
> Somewhere in there he mentioned that being Open Source is actually a
> security risk. He also said something about "rigor" when it comes to
> dealing with security issues, and stability. Naturally, this is a guy
> who could be my boss some day (or not, seeing as how he trusts all
> mighty M$) so I didn't want to be too vigorous in my defense of Linux.
>
> I'd like to have an honest appraisal of Linux from you guys and gals. I
> saw that from his point of view Linux is untested, and new (even though
> it's based on Unix, which paradoxically he was okay with). So, how
> stable is Linux? How does that compare with NT? And the same thing for
> security. Is there any rigorous testing process that goes on? And what
> about cost? He mentioned that if Linux were to be deployed, there would
> have to be a new person who would have to be responsible for the Linux
> part of IT (but that's just the Big Company I work for). I know we've
> been over this turf before, but a refresher is in order. I'd be
> interested to see if anyone can take the side of M$ and defend
> NT/2000/ME/98...
>
Okay, sit down, take a deep breath or two. Grab Tux and rub his belly
for several minutes until the FUD dissipates, and a soothing wave of
serenity envelopes you.
This corporate IT guy has either been duped or bought.
Stability: Linux is far more stable than _any_ version of Windows. Look
at typical uptimes for Linux servers and compare to any Windows machine,
any version. No contest. There is no "Blue Screen of Death" in Linux. If
an app goes down, it seldom takes down the whole O/S, a very common
problem with Windows. There is plenty of documentation on the net about
this, and Microsoft knows it.
Security: Microsoft recently made a big deal of the fact that Microsoft
has in-house testing people and Linux doesn't. Therefore, Windows is
more secure. Absolutely untrue. First off, how many Linux viruses have
you ever hear of? Or Unix viruses, for that matter? Unix/Linux sometimes
get worms, but seldom. And unless you're root compromised, the only
damage that can occur on a Linux system is to your home directory. Not
true on Windows. There are so many ways to crack a Windows machine, it's
not even funny. And many of them allow what would be called "root"
access to the machine. In addition, Microsoft has seen fit to embed
scripting languages in their Office application documents and their
email clients, thereby providing another avenue for cracking. Most of
the viruses you've seen in the last few years involve those scripting
languages.
The most revered security gurus in the world will _all_ tell you that
Open Source security algorithms are far more secure just on principle,
because the source is open to anyone to read and improve. By the time
your Open Source software reaches you, some of the most savvy security
people around have whacked on it and fixed problems. And Microsoft can't
even hope to match the responsiveness of the Open Source world.
Microsoft has very limited resources when it comes to fixing their own
software. On the other hand, we have every C programmer in the world
capable of fixing the problem, because they have access to the source
code.
Rigorous testing? Linux users are generally more sophisticated than
Windows users, and millions of them are testing the software every day.
Microsoft has some internal testers, and many more millions of newbie
users who wouldn't know a security breach from a pepperoni pizza. And
you know from the traffic on this list alone that Linux users are more
security conscious than Windows users.
Cost?! Yikes! What does it cost to deploy Linux versus Windows? Just in
software costs? Now, how much money does it take to make an MCSE (which
is what you need for any serious Windows deployment)? And MCSEs are a
lot like people with MBAs. Most people with an MBA couldn't run a
business if their lives depended on it. Same is true with MCSEs. With a
lot of them, you start asking really hard questions, and they freeze up.
A lot of them lack the requisite understanding of what's going on
beyond, behind and underneath Windows. They can point and click and set
up new users, but when it comes to really understanding what's going on,
they're clueless. (No offense to any MCSEs out there. You're probably
not one of these dunderheads, but I'll bet you know some MCSEs who are
exactly like what I'm describing.) Any of the more knowledgeable folks
in this group can run rings around any MCSE.
Yes, you'd have to have a new person in charge of the Linux part of IT.
Just like you would with Windows. What's the difference? Except that
support from Microsoft is sad at best, and Linux support is very good.
There are groups like this, email lists for the various distros, books,
and even companies you can pay to support you (not Microsoft type
support).
But here's another factor. Microsoft software is _opaque_. You don't
know what's going on in there and never will. I used to work for a
Microsoft programming shop. I don't know how many times we had
inexplicable things happen with Windows or our programming software.
We'd go to the TechNet CDs, no help. We'd go on Microsoft's website. No
help. We'd call Microsoft (an _expensive_ proposition), no help. In that
situation, you learn the true meaning of the word "workaround". They've
got literally thousands of bugs they simply aren't going to fix ever.
Just not worth it to them. And if you do manage to get hold of someone
who can log a bug that Microsoft will actually fix, it will only come
out in the next Service Pack, whenever that is.
With Linux, the code's all right there. It's not opaque, it's
_transparent_. If you find a bug, you can fix it. If you're not savvy
enough, maybe someone else you know can fix it. If not, you can log a
bug with Open Source developers. Chances are, you'll see a fix long
before you'd see one from Microsoft.
There are only two areas where Microsoft is superior to Linux. First is
their marketing. Second is the amount of software available to run on
their OSes. But Linux even has that covered, with products like Win4Lin,
VMWare and WINE. In no other area are they superior at all, period.
</soapbox>
Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:21:38 EDT