Linux vendors hit back at Ballmer's e-mail

In a 2,600-word e-mail sent to Microsoft customers and partners on Wednesday, Microsoft's Steve Ballmer drove home the key themes of Microsoft's "Get The Facts" campaign. Bill Gates' second in command claimed that Windows was a better choice than Linux in terms of security, total cost of ownership (TCO) and protection against legal action over patent violations.

In a 2,600-word e-mail sent to Microsoft customers and partners on Wednesday, Microsoft's Steve Ballmer drove home the key themes of Microsoft's "Get The Facts" campaign. Bill Gates' second in command claimed that Windows was a better choice than Linux in terms of security, total cost of ownership (TCO) and protection against legal action over patent violations.

"And it's pretty clear that the facts show that Windows provides a lower total cost of ownership [than Linux]; the number of security vulnerabilities is lower on Windows; and Windows responsiveness on security is better than Linux; and Microsoft provides uncapped IP indemnification of their products, while no such comprehensive offering is available for Linux or open source," Ballmer wrote.

In the aftermath of Ballmer's mail, ZDNet UK sought out a reaction from the various Linux vendors to Microsoft's allegations that the open-source OS is expensive and untrustworthy.

Novell vice-president of strategic marketing John Hogan's first response to the various points in the Ballmer e-mail is that Microsoft has cherry-picked sections of the reports to back up its "facts". Novell bought SuSE Linux in January 2004.

"Not surprisingly, the points made by Mr Ballmer leverage only those statements in its commissioned studies that reflect most positively on Microsoft," says Hogan. "A broader look paints a much more objective picture, one more favourable to Linux."

French Linux vendor Mandrakesoft levels the same criticism at Microsoft. "Microsoft has a well-know tendency to somewhat stretch the definition of 'fact'," says a spokesman from Mandrakesoft. "The 'facts' referred to in the above [Ballmer's] quote originally appeared in Microsoft-funded studies, the independence of which is, at best, doubtful."

Ballmer attempted to head off claims of bias in his e-mail, claiming that the research cited is independent. "In each case, the research methodology, findings and conclusions were the sole domain of the analyst firms. This was essential: we wanted truly independent, factual information."

Novell's Hogan says that Microsoft has often specified the exact system configuration in benchmark tests. For example, in two Veritest studies which compare Windows 2003 Server with Linux, Hogan asserts that Veritest fine-tuned the Windows set-up but did not do the same for Linux.

"The test used Windows protocols only, while Linux had to emulate the Windows protocols using Samba," says Hogan. "As far as we can see, the testers did not even make the smallest optimisation for this Linux/Samba setting, while Microsoft helped Veritest fine tune on Windows."

Hogan also claims that Microsoft turned off the Windows 8.3 file-naming convention and made tweaks to the TCP stack on the client machines and to the buffer-cache pool on the server. "Obviously, Microsoft invested considerable time and effort in finding the best possible configuration," he says.

Total cost of ownership
In the e-mail, Ballmer attempts to reinforce Microsoft's claim to lower TCO with findings from a Yankee Group from April 2004, entitled "Linux, Unix and Windows TCO Comparison". He claims the study concludes that upgrading Windows was cheaper than switching to Linux for large enterprises.

But according to Novell, the Yankee Group study also found that the relative TCO of Microsoft and Linux varies according to situation and that the TCO of Linux is considerably lower in, for example, small firms, organisations with customised vertical applications and in "greenfield" sites

An alternative report on TCO carried out by Research and Markets found that Linux had a 30 percent lower TCO than Windows, according to Mandrakesoft.

In the section of the e-mail on TCO, Ballmer also raised issues of the cost and availability of trained Linux resources to support Linux deployments, citing a Forrester Report, from early 2004, entitled The Costs and Risks of Open Source.

The Microsoft chief executive claimed Forrester found that training for IT employees was 15 percent more expensive for Linux than for Windows due to a lack of internal knowledge and a lack of availability of training materials.

But according to Novell's Hogan, the Forrester report also states that the added training costs for Linux are transitory and will reduce as companies gain more experience with the OS.

The Ballmer memo also quotes data from a Forrester study entitled Is Linux More Secure than Windows?. It states that according to the analysts' study the four major Linux distributions have a higher incidence and severity of vulnerabilities, and are slower than Microsoft to provide security updates.

Representatives from Red Hat, Novell and Mandrakesoft claim the Forrester report was flawed.

Page II: Novell and Mandrakesoft have accused Microsoft's chief executive of being selective with the facts in his latest e-mail attacking Linux.

Earlier this summer, Mark Cox from Red Hat's security response team told ZDNet UK that his firm had worked closely with Forrester, and that these findings were flawed because the analyst group had just taken a simple average of the data.

"An average is not representative. Red Hat fixes issues which other operating systems wouldn't fix, such as temporary file vulnerabilities," said Cox, adding that the report also failed to take into account the severity of the issues.

"A vulnerability which could allow a remote attack on Windows was considered in the same light as a file vulnerability on Linux which makes the system slow down," said Cox.

Novell's Hogan agrees with Cox that the report fails to take into account severity. "Mr Ballmer failed to mention that the study found Microsoft had the highest number of critical flaws," he says.

Hogan also says that the study measured the time to fix a flaw from the time it is made public, which is different for Microsoft and open source. "In open source, this is immediate, so a fix can be generated quickly. Microsoft delays making the existence of a flaw known as long as possible, unless your company has signed a special non-disclosure agreement with them," he says.

In the e-mail, Ballmer wrote that "it is rare for open-source software to provide customers with any indemnification at all."

The response from Red Hat and Novell SuSE executives is that both companies provide indemnification against intellectual property.

Red Hat provides a warranty to Red Hat Enterprise Linux customers which guarantees to replace software if there is an intellectual property issue so they can continue using the product without interruption. It also has a fund which assists companies with any legal expenses associated with litigation related to the development of software under an open-source licence.

Novell provides indemnification to customers of versions 8 and 9 of SuSE Linux Enterprise Server. It states that it will pay damages up to $1.5m for an allegedly infringing product. On top of this it will pay legal defence fees.

Unix migration
On the subject of migrating enterprise resource planning systems from Unix to Windows or other platforms, Ballmer highlighted a survey purporting gains in performance by moving to Windows and suggests that Windows outperforms Linux in Unix migration scenarios.

But Novell claims that an alternative analysis by Flexdata comparing Windows 2003 with SuSE Enterprise Server 9 (SLES9) found that it performed better on the same hardware.

Despite the distinct lack of common ground, there are some points that Microsoft and Novell agree on. At the end of Ballmer's e-mail, he directs customers toward the "Get the Facts" section on the Microsoft Web site. Novell's Hogan agrees that people should read these reports to get a more complete picture.

"Read the complete reports on Microsoft's site, not just Microsoft's chosen sound bites," he says.

Gael Duval, the founder of Mandrakesoft, is less forgiving and sums up Microsoft's e-mail as an attempt to spread confusion.

"We think that Microsoft is trying a new strategy to fight against Linux by spreading much FUD (fear, uncertainty and doubt) about Linux' strongest points."

ZDNet UK's Ingrid Marson reported from London. For more coverage on ZDNet UK Insight, click here.