Windows vs. Linux: Think Patch Quality, Not Quantity

By Peter Galli  |  Posted 2006-01-11 Print this article Print

News Analysis: Tests at Microsoft's Linux lab show that counting the raw number of security updates required by the various operating system flavors is not as meaningful as examining the efficiency of the update process.

Editors Note: This story is Part 2 in a series of three stories about Microsofts Linux and open-source lab. Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release. Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems.
Bill Hilf, who is director of Platform Technology Strategy at Microsoft and heads its Linux and open-source lab, told eWEEK in a recent interview that "the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage."
Mark Cox, security response team leader at Linux vendor Red Hat, agrees, saying that one of the top reasons machines are ensnared by security exploits is that they dont obtain the latest security updates. "So it follows that to protect users a vendor needs to make security updates as easy and painless as possible, across the entire application stack." That is why Microsofts Linux lab simulates production environments—across open-source software, Microsoft software and other commercial software. It has built tests and analysis tools to look at how frequently those systems need to be patched and what the impact of that is. Click here to read more about Microsofts interoperability testing lab. Microsoft has an update model known as "Patch Tuesday" where patches and updates are issued once a month unless they are critical and need to be released earlier. This model is different from those of the various Linux and other commercial software vendors. As such, the lab has taken various commercial Linux distributions, running a variety of workloads, and simulating the Patch Tuesday model. At the same time, the lab runs the same workloads and system configurations on a separate set of servers that are patched via the normal model from the commercial distribution vendors. "Looking at various models is the most important area of patch update work were doing in the lab right now. In total, this type of data gives us a deeper understanding of not just how different vendors do patch updates, but also what the impact is to real workloads in a real data center," Hilf said. Read here about Microsoft Linux lab test results that show how well Windows client software runs on legacy hardware in comparison to its Linux competitors. Hilf also stressed that this is not a one-time thing for Microsoft, which is running similar scenarios on an ongoing basis using the latest versions of Red Hat Enterprise Linux and Novell SUSE Linux, as well as the Mandriva, Gentoo, Debian and Ubuntu Linux versions. It also tests a wide variety of Unix systems and BSDs (Berkeley Software Distributions). Next Page: Testing patch distributions.

Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel