At Gartner Symposium/ITxpo, Microsoft CEO Steve Ballmer tried to disabuse the thousands of IT executives attending the conference of two notions: Windows software is hopelessly insecure and Linux offers a better TCO (total cost of ownership) than Windows.
I don't think he disabused too many people of their scepticism about Windows security with his rhetoric, but he at least put the issue in perspective. "At this stage we have learned a lot more about security than anybody else in world, and we need to focus in on a few things," Ballmer said. At the top of his list: engineering fewer vulnerabilities into software and educating users on how to stay more secure. He also equivocated on Bill Gates' statement that security would not be a top three priority for Microsoft two years from now. "We expect to make a boatload of progress in the next two years. Whether the statement is true or not remains to be seen. It expresses Bill's fundamental optimism about the good work he thinks we are doing in this area -- if we don't get there, we will keep it [security] as a top priority until it doesn't need to be there anymore," Ballmer said.
Gartner analyst John Pescatore predicted that by 2005 software will start to ship that is built from the ground up with security in mind. Removing 50 percent of vulnerabilities in software prior to deployment will result in a 75 percent cost reduction for configuration management and incident response, Pescatore said. Several companies are developing tools for tracking down and eliminating vulnerabilities, such as buffer overflows, during the development process.
Ballmer also claimed that Windows has fewer vulnerabilities than Linux and that Microsoft produces security fixes faster than the Linux community. Despite his claims about Microsoft's superior record of security remediation versus Linux, Ballmer admitted that customers need more reassurance. "What people really want to know is, do you meet the bar -- are you providing what we need on the security front. The answer for most customers is that they want us to do more," Ballmer said. He did acknowledge that as Linux become more popular, hackers will find it a more attractive target.
Of course, there are counter arguments, such as that Microsoft's software monoculture poses a security risk. It's not a contest to see who has the most vulnerabilities or who fixes holes faster, however; it's which platform suffers the most attacks and costs enterprises more, and Microsoft clearly leads on that front.
According to Gartner, by 2008 Linux desktops -- which the research firm boldly says could attain as much as 30 percent market share -- will have about the same number of viruses as Windows desktops. However, Windows will be disadvantaged because many Windows applications will be tightly bound with operating system code, creating a kind of double whammy situation. Gartner recommends desktop Linux today for limited function applications, such as terminal-based data entry work.
Ballmer dismissed the notion that Linux on the desktop has any momentum. "There is no appreciable amount of Linux [desktop] anywhere in the world," he said, pointing to the study for the city of Paris that determined an open source desktop would have an unacceptable ROI impact. "People can sit here and read the drama stories from other parts of the world and assume they are true or not. People said the city of Paris said it was going to adopt Linux and the studies came back. It would be dramatically more expensive than Windows, and there is no ROI case for the next seven or eight years to even consider a movement from Window to Linux in the city of Paris. In Brazil, it's the same thing," Ballmer said.
He has also dismissed open source Microsoft Office competitor StarOffice, describing it as being as "good as what we were shipping seven years ago," citing lack of total compatibility with Microsoft Office and a robust email client. He also brought up the lack of indemnification against patent and intellectual property infringement for many open source distributions as a deterrent to adoption of Linux.
The city of Munich, Germany has reached a different conclusion, despite recent concerns about infringement claims. Ballmer viewed the Munich deal as critical enough that he personally tried to persuade the mayor of Munich to stay with Windows. "Yes, we lost the city of Munich," Ballmer said. "But, the fact that the same story gets told 65,000 times, and there is still only one customer… still diddling around to some degree to decide when they are going to do the migration... come on, where's the evidence? In China, our products have higher market share than in this country, but of course most of it is not paid for."
It was also unclear as to whether Ballmer was including Sun's Java Desktop System (JDS) in his scorekeeping. Although most people think of traditional Linux distributors like Red Hat and Novell when discussing desktop Linux, at least one version of JDS is a Linux desktop (it's bundled with Novell's SUSE Linux). Sun also just announced a Solaris x86-based version of JDS, but it only runs on Sun's AMD-based workstations. JDS is getting some traction. Although Sun CEO Scott McNealy admitted that it wasn't going to be much of a money maker for his company, JDS was viewed as having scored a victory when the Chinese-backed China Software Standard Company agreed to license 500,000 copies of the desktop suite.
Since then, JDS has scored several other victories and this week, Sun is expected to announce another major deal.
While Ballmer’s assertion about StarOffice lacking a robust email client is true, JDS makes up for that shortcoming by including a Microsoft Exchange-compatible email client (Novell's Ximian Evolution) and is fully indemnified by Sun. Whereas StarOffice, which is also included, is, as Ballmer asserted, not fully interoperable with Microsoft Office, there has been some speculation that those incompatibilities may be resolved as a result of a recent watershed technology cross-licensing agreement between the Sun and Microsoft.
Even so, Microsoft is relatively safe from desktop erosion in the business arena for now, and the company is looking at different ways to package Windows and Office to compete with Linux and StarOffice and OpenOffice.org. The company isn't going to stand still while the open source community eats its lunch and continues to improve its products. But, it's inevitable that the open source community will create a more competitive environment in the next few years that will ultimately benefit users and create more healthy competition.
Linux on the server is a bit more mature than on the desktop, but according to Gartner's research Linux is having more impact on Unix than on Windows server installations. Gartner estimates that Windows will close the vulnerability gap with Linux by 2008, in part due to broader proliferation of Linux that will make it more of a target for malicious hackers. With more parity on the security front, the battleground will shift more to price/performance and total cost of ownership (TCO). By 2006 Linux should meet the performance requirements of 80- to 90 percent of single on-line transaction processing applications. According to Gartner analyst George Weiss, Microsoft and the Linux camp will have to compete more on automating server management and lowering TCO.
Although we can continue to handicap the fight, that exercise misses the point. Microsoft has proven that is knows how to fight and has often been accused of having unfair advantages. Now the open source community needs to show its mettle and deliver the goods. Whatever the case, a more competitive environment is good for innovation and for lowering TCO.