Language Selection

English French German Italian Portuguese Spanish

Windows cheaper to patch than OSS

Filed under
Linux
Microsoft

A Microsoft-commissioned study -- conducted by its business partner Wipro -- outlined the main areas of so-called "cost savings" by using Windows.

A survey of 90 organisations revealed that Windows database servers cost 33 percent less to patch than their OSS counterparts. Respondents said on average, Windows clients are 14 percent cheaper to patch.

The findings were criticised by several quarters, with some critics dubbing them unrealistic and outdated.

These sorts of studies can't be used as a real-world guide to the cost of patching or maintaining applications, said Frost & Sullivan Australia security analyst James Turner. "All organisations have different needs," he added.

"ROI [return on investment] and TCO [total cost of ownership] figures should be taken as a guide -- they are the vendor's estimates," said Turner.

Paul Kangro, Novell solutions manager for Asia Pacific, highlighted several problems in the research.

Although the study was conducted last year, it referred to problems faced by administrators during 2003 -- before significant improvements were made to Linux patching tools, Kangro said. "We didn't have tools like Xen for Linux then. When I patch my Linux box I don't need to bring it up and down any number of times."

There was also no mention of costs associated with rebooting systems after a patch is applied. "If I am patching a Windows box I typically need to find a time where I can bring it offline and reboot it. That is not mentioned anywhere in this report, which I find rather interesting," said Kangro.

However, Sean Moshir, chief executive of application patch specialist PatchLink, said that Microsoft's patches are in fact cheaper to apply than open-source platforms.

The open source community has retaliated with its own research showing proprietary software is more expensive to use and maintain.

Survey participants comprised companies in the United States and Western Europe with between 2,500 and 113,000 employees.

Full Story.

More in Tux Machines

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5. Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

  • Security updates for Tuesday
  • The 2017 Linux Security Summit
    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.
  • Key Considerations for Software Updates for Embedded Linux and IoT
    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.
  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS

today's howtos

What's New In Linux Lite 3.6

Linux Lite 3.6 is a good distribution, you just have to put your hands in the engine, but the assistance offered by Linux Lite helps us to set the system as well as possible. The XFCE desktop installed by default adds ease-of-use to this distribution, and the dashboard and main menu layout help the user from another operating system quickly find its brands Read more