Row over report praising Windows patching

A Microsoft-commissioned study has concluded that Windows databases are cheaper to patch than open source alternatives, but some are understandably sceptical

Microsoft has sparked heated debate by claiming that Windows software is cheaper to patch than open-source alternatives.

A Microsoft-commissioned study — conducted by its business partner Wipro — outlined the main areas of so-called "cost savings" by using Windows.

A survey of 90 organisations revealed that Windows database servers cost 33 percent less to patch than their open source counterparts. Respondents said on average, Windows clients are 14 percent cheaper to patch.

The findings were criticised by several quarters, with some critics dubbing them unrealistic and outdated.

These sorts of studies can't be used as a real-world guide to the cost of patching or maintaining applications, said Frost & Sullivan Australia security analyst James Turner. "All organisations have different needs," he added.

"ROI [return on investment] and TCO [total cost of ownership] figures should be taken as a guide — they are the vendor's estimates," said Turner.

Paul Kangro, Novell solutions manager for Asia Pacific, highlighted several problems in the research.

Although the study was conducted last year, it referred to problems faced by administrators during 2003 — before significant improvements were made to Linux patching tools, Kangro said. "We didn't have tools like Xen for Linux then. When I patch my Linux box I don't need to bring it up and down any number of times."

There was also no mention of costs associated with rebooting systems after a patch is applied. "If I am patching a Windows box I typically need to find a time where I can bring it offline and reboot it. That is not mentioned anywhere in this report, which I find rather interesting," said Kangro.

However, Sean Moshir, chief executive of application patch specialist PatchLink, said that Microsoft's patches are in fact cheaper to apply than open-source platforms.

"PatchLink's finding is that on a per-patch incident basis, the Microsoft patches are cheaper to apply. Testing Microsoft patches for quality assurance and documenting their positive and negative behaviours are also cheaper than open source software [per incident]. This is mainly due to the fact the open source software can have a much larger variety of configurations and setup," said Moshir.

Novell's Kangro conceded that "some technical issues in the past meant Linux was 'procedurally' more difficult to cope with" but said: "If I have somebody that is equally skilled on both platforms, I don't believe it is complex.

"Generally the issue is one of familiarity — people may be able to potentially patch Windows boxes faster because they have had a lot of practice".

The research, entitled The Total Cost of Security Patch Management: A Comparison of Microsoft Windows and Open Source Software, is available free of charge from Microsoft's 'Get The Facts' Web site — which aims to persuade customers that proprietary software is superior to open source alternatives. programs.

The Get the Facts campaign — in existence for a number of years — has come under heavy fire from open source advocates over its use of methodologies that generate TCO and ROI statistics which favour Windows.

The open source community has retaliated with its own research showing proprietary software is more expensive to use and maintain.

Wipro is a Certified Gold Support Partner for Microsoft and has forged a strong relationship with the software heavyweight since 1999 across areas such as systems integration and .Net migration.

Survey participants comprised companies in the United States and Western Europe with between 2,500 and 113,000 employees.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.