Microsoft's winning anti-Linux strategy

Microsoft's winning anti-Linux strategy

Summary: Everyone knows that Microsoft has a new anti-Linux strategy. Everyone knows it's based on promises of security.

SHARE:
TOPICS: Microsoft
22

Everyone knows that Microsoft has a new anti-Linux strategy.

Everyone knows it's based on promises of security.

What everyone doesn't know is how well it's working. And it's working better than open source advocates want to admit.

Munir Kotadia of ZDNet Australia recently used interviews to diss Microsoft's latest effort in this area, a Wipro-produced survey of 90 organizations indicating Windows is cheaper to patch than Linux.

The snarky response is "Windows takes more patching." But I submit that at the heart of Microsoft's response to Linux is a strategy to turn its weakness into strength.

There is a new profession being built into every enterprise, network security management. These people are now being consulted on buying decisions. They want enterprise-grade tools, both for finding vulnerabilities and patch management.

By giving them tools such as Software Update Service and (over time) visualization, Microsoft is aiming to win the loyalty of these new professionals and, through their recommendations, stop the spread of Linux in its tracks.

Open source has an opportunity to deliver scaled scanning, patch management, and visualization tools that serve whole enterprises, which are still heterogenous environments. But building such tools will take a big effort, either a big budget or a lot of time. And until those tools are available security professionals will become ever-more entrenched, and ever-more loyal to Microsoft.

It's not in fixing problems that Microsoft hopes to win. It's in building tools that help people manage problems where Microsoft hopes to win.

By concentrating its big budget on that one place, right now, Microsoft is winning.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • you could be right...

    but if so, it seems to me that it represents a retreat.

    More funded studies, quickly debunked in the public press, and with each one the increased awareness that the one party is speaking purely in its own interest - and even if the other is too, they're just ordinary people like us.

    The real problem for them is that their business model is obsolete. 85% margins on products in a competitive market (which open-source finally is giving us) is unsustainable.

    I certainly don't consider that justification for complacency, but neither is it cause for alarm, even if it's bigger than you think it is.
    bthomasmo9
  • Big difference in patch management

    Opensource patch management is specific in its target and if you have 12 mission critical apps and they need patches then you will be able to target them specifically. And if for some reason you chose not to patch an app because of incompatibilities with your mission critical app in the OS microsoft will not care to design a patch that works specifically for you. Why? Becuase they don't have to they are microsoft! Open source patches can be unique and targeted and also can be done inhouse or from a vendor with individual respect for the apps that you care about. If you need to patch your kernel in linux you can do it without destroying your entire system base if an application is possibly harmed in contrast managing a MS upgrade is all or nothing. Opensource is flexable where closed source isn't possibly flexable.

    Patch management in linux is fragmented by nature and this is actually a good thing contrary to what MS might have you think. Linux and most opensource *ix based apps are modular and this is once again a source of strength. Its kind of like a rope. If you have hundreds of individual strands holding your system together if one of them breaks its not that terrible but in MS land your entire system is integrated and when one part is messed up the whole thing is messed up. Just think what happens when Internet explorer is screwed up. No file access, no internet, no ftp, no cdwriting. Yeah I know there are ways around this but see how this integration can lead to major problems.

    Opensource is all about many solutions to many problems and if one solution doesn't perform there are always options.

    As far as patch manegment in opensource not being as easy to manage well that just provides Novell and Redhat, and others who want a go at it a new oppurtunity market to thrive in. Go get um boys!

    Evolution killed the dinosaurs and they were pretty big one time to. ;-)
    whieber
    • OUTSTANDING!!!

      SImply outstanding, simple & very fair description of the patching process, but i think thre's something missing; linux patches ( AFAIK ) are mostly for security problems, on the other hand, M$ patches are for (proper?) functionality as well as (in?) security.

      p.s. Excuseme for my bad englisch.

      Aufwiedersehen.
      ARyKaXaN
  • Some other ideas concerning patching linux

    After the article I thought I might just see whats availabe for Linux Patch management tools.
    Here is what I found in two minutes.

    http://www.shavlik.com/hfn_linux.aspx
    http://www.opsware.com/products/serverautomation/patchmgmt/
    http://www.novell.com/products/zenworks/
    redhats up2date
    and even a free one!
    http://www.nrh-up2date.org/

    Here is another reason why Linux will beat MS at the game. Now you can have more professional companies competing to produce patches for the same issues. Heck this might even be how McAfee and Norton stay in business after viruses are no loger an issue.

    Thoughts to think about.
    whieber
    • One more PM product to manage linux

      One more .. I have used PatchQuest (http://www.patchquest.com). Seems to be doing a pretty good job in patching Debian and identifying RedHat boxes.
      jhewitt
  • And WHY do we need Patches?

    This article overlooks the fact that sloppy MS code is THE REASON why their software needs patches in the first place. Heck, even their patches need patches.

    Saying that Microsoft has an advantage in "Patch Management" conviently overlooks the fact that Microsoft has serious problems in the first place.
    MrAnderson_z
    • Mozilla? Apple? CA?

      All modern software that is designed to perform more than one simple task needs patches. One can speculate on the reasons Windows requires so many, but I'll contend that it must perform many complex tasks on a wide variety of hardware. Not to discredit the notion that the code could have been written better, and a greater emphasis could have been placed on security. In the interest of fairness, let's be sure to take all applicable products to task...
      Real World
    • Selective memory

      Linux and other open source products need patching, too, which totally guts your point. And the disparity in Windows patches to Linux patches isn't so great as to allow one to label Linux "patch-free".

      I'd rather focus on the arguement being presented that the easier patch method generates loyalty to Microsoft. Sorry, but I don't see it as being valid. Any difficulty in the Linux patching strategy is probably much easier to overcome than Microsoft's lead in patch-worthy vulnerabilities. By selective adding ease-of-use features to Linux, it should be able to make itself very competitive with whatever Microsoft can muster.
      ejhonda
      • Patches ARE the point

        I have patched PATCHES with Microsoft. Patching patches is common with them. THAT leads me to believe that Microsoft not only does a poor job with the software but the same poor proceedures with their patches. No end in sight either...
        MrAnderson_z
  • By example

    It makes sense that MS needs an anti-Linux strategy. MS is also late on patch management so it's about time. In fact MS needs to become true to it's claims for once in order for people to trust it's products. Get the facts and whatever could back fire when the growing use and migration superseeds the negative press. Someone has already given examples of patch management on this topic so I'll skip over that (nice links too). What is the definition of "enterprise-grade tool's"? I guess will soon find out MS's definition. I think MS would be better off focusing on making a better products than wasting time and effort trying misslead people about Linux and open source. That's the honesty in open source development. No one ever claims an application can do more than it really can. Open source asks for help from others to improve it. It's always right up front about bugs. The effort will stay the same, BIG as it is.

    Thanks
    MIke
    xstep
  • chinese code

    If you think that we have trouble now, with microsoft, wait till the chinese come up with an os based on chinese characters!! imagine trying to read rems in another language. count your blessings friends.
    pesky_z
  • I wonder

    Whenever I see a study sponsered by a company that shows that their product is much more wondeful than their competitors product my BOGUS light starts glowing. If I paid for a study that showed no difference or a negative difference, I would pay for the study and then bury it. Studies are like statistice, they can show whatever is wanted by changing how the questions are phrased and what answers are available as well as who is asked. COME ON how stupid do they think we are?
    Since no enterprise system admin will allow Microsoft to download and install patches on their hardware, the only thing that might be easier is the fact that they have a single place to look for the patches. Microsoft patches frequently deal with multiple problems which increases the chances of the patch breaking some other piece of software. This may explain why surveys show that many companies are poorly patched, mission critical applications became broken after the patch. The patch is not implimented since it is better to be somewhat insecure than closed down. In open source, a browser patch affects nothing but the browser and your ability to surf the web.
    don3605
  • Microsoft & Bagdad

    I think Microsoft's been taking a que from Hussein's propaganda man - what's his name again? Anyway, here's my thoughts:
    http://people.lulu.com/blogs/view_post.php?post_id=9714
    evangelinux
  • Microsoft WAS winning.

    And then... competition.

    Superior competition.

    FREEdom competition.

    Microsoft has no long-term chance. Period. Sorry ZDNet, you need to find more FUD-vertising.
    Xunil_Sierutuf
  • I'm not particularly surprised

    Interesting. Many BSD, UNIX, and Linux commercial vendors have had, for years, mechanisms in place for rapidly sharing news about security flaws and quickly fixing them. While not every system has easy to use tools, there are tools that fit into whatever scheme the overall system and packaging has in place. For the administrator, they are generally easy to get your arms around and straightforward to handle.

    Free software efforts, such as the Slackware, OpenBSD, and Debian projects, have long paid considerable attention to security issues and go out the door with good initial attention paid, but each also has simnple tools and procedures in place to fix any previously undiscovered flaws (which do occasionally happen, even in the finest works).

    Microsoft once paid virtually NO attention to this space at all, it's not NEW to most Linux or UNIX users. Finally Microsoft is paying SOME attention, but they have a LOT of catching up to do. They've done an admirable job of FINALLY paying attention, but it took the competition of Linux software and the howls of customers to make it even happen, and there is still a great deal of work to be done. Why should Microsoft be praised for this, except to say, good, it's about time?
    masinick9
  • Dana Blankenhorn hasn't tried 'apt'

    My Guess is that the Author, Dana Blankenhorn,
    HAS NOT tried a Debian style software package management system based on debian's "apt"
    (advanced package tool).


    Hey Dana Blankenhorn, give "synaptic" a try
    and get back with us.

    I think that you might just change your mind.

    http://www.nongnu.org/synaptic/action.html

    thanks for listening
    cyber_rigger9
  • Apt

    Dana probably is referring to patching different applications for their flaws. Apt-get/Synaptic are not patchers, they are used for updating/installing packages. (Like Hell, I am going to call updating/installing as a patch) And the presence of a number of different repositories for the innumerous distros, only complicates the DEPENDANCY-HELL.

    Lets face it - MS needs patches and a good patch-management tool/easy patching is need by MS. Linux here needs to focus on the fact that patches needed by linux are minimal. That being said a study that details the number of patches need by Microsoft (Count Anti-virus updates, security patches) as against the patches need by Linux, done in a objective manner would help Linux users understand how frivilous this whole argument about Microsoft being easier to patch is ;)

    Just a suggestion!
    polax9
    • ftp://security.debian.org/

      Set a line something like this in your /etc/apt.sources.list file:

      deb ftp://ftp.us.debian.org/debian/ sarge main non-free contrib


      This will keep your system up-to-date with the latest security PATCHES.

      You are mistaken by saying that "Apt-get/Synaptic are not patchers".

      Apt IS a combination of PATCHING/updating/installing/uninstalling/reinstalling

      Apt currently handles over 16,000 APPLICATIONS

      Here you can count them yourself:
      http://packages.debian.org/testing/allpackages


      Apt does THE BEST, bar none, job of getting the correct dependencies. Dependency checking is integrated into the system.

      With apt (synaptic or dselect) I have updated/PACTCHED over 800 applictions at a time.
      I didn't even have to reboot.


      You should try it sometime.
      cyber_rigger9
      • ftp://security.debian.org/

        Here is a typical /etc/apt/sources.list entry (for security)


        for debian woody:

        deb http://security.debian.org/ woody/updates main


        for debian sarge:

        deb http://security.debian.org/ sarge/updates main
        cyber_rigger9
  • Hey, why not. If it works for GM.....

    This is just another example of designed failure, the practice that General Motors has apparently embraced since the late '70's. Why fix the cause when you can correct the result? It's cheaper that way. Why should anyone want to do something the RIGHT way the first time?
    jgmsys9