Ballmer cites 'facts' in Microsoft's battle against Linux

Summary:But Linux vendors dispute Microsoft's claim that Windows is a better bet than open source for issues like security and total cost of ownership

"We think that Microsoft is trying a new strategy to fight against Linux by spreading much FUD [Fear Uncertainty and Doubt] about Linux strongest points," Duval told ZDNet UK.

"In particular, the TCO argument can easily be modelled to fit their communication, but many studies -- in general the ones that aren't financed by Microsoft -- show that Linux' TCO is much lower than Windows', in particular because administering Linux is really a peaceful activity that doesn't require as many sysadmins as does Windows," Duval continued, adding that big organisations such as governments are getting increasingly tempted by Linux.

The executive email can be read in full here.

Get The Facts was launched this year as Microsoft's response to the growing interest that companies are showing in open-source software. It is partly based on research conducted by analyst firms, which Microsoft cites as evidence of its independence and accuracy. But the accuracy of Get The Facts has been challenged by some in the IT industry.

One key part of the campaign is the claim that Windows is more secure than open-source alternatives because Microsoft fixes vulnerabilities quicker than Linux vendors. This is based on a report carried out by analyst group Forrester, Is Linux more secure than Windows?. It stated that Microsoft had the lowest elapsed time between the disclosure of a vulnerability and the release of a fix.

"They found that Microsoft addressed all of the 128 publicly disclosed security flaws in Windows over the 12-month period studied, and that its security updates predated major outbreaks by an average of 305 days," wrote Ballmer.

But Linux vendors have repeatedly attacked the validity of this report.

Back in April, Debian, Red Hat, SuSE and Mandrakesoft all insisted that the study had little "real world value" because it does not help customers assess the "practical issues of how quickly serious issues get fixed".

Earlier this summer, Mark Cox of Red Hat security response team told ZDNet UK that his firm had worked closely with Forrester, and that these findings were flawed because the analyst group had just taken a simple average of the data.

"An average is not representative. Red Hat fixes issues which other operating systems wouldn't fix, such as temporary file vulnerabilities," said Cox, adding that the report also failed to take into account the severity of the issues.

"A vulnerability which could allow a remote attack on Windows was considered in the same light as a file vulnerability on Linux which makes the system slow down," said Cox.

A report published last week on IT news site The Register also appeared to shoot holes in Microsoft's claims over security. It claimed that Microsoft's argument is based largely on faulty reasoning and overly narrow statistical analysis, focusing on metrics that showed Microsoft in a good light.

Duval also has concerns about Microsoft's claims on security.

"Microsoft keeps on repeating always the same arguments, while an incredible number of sysadmins consider Windows security as a nightmare. For instance, when there is a security alert under Mandrakelinux, we can react in less than 24 hours and provide an updated package that fixes the issue. Is it the same for Microsoft?"

Topics: Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.