Novell Defends SUSE Against MS-Sponsored Study

By Peter Galli  |  Posted 2005-11-17

Novell Defends SUSE Against MS-Sponsored Study

Novell Inc. on Thursday lashed out at the Microsoft Corp.-sponsored study released this week that compared the real-world reliability of two platforms—Microsofts Windows Server System and Novells SUSE Linux Enterprise Server—under evolving business requirements over an extended period of time.

The report was conducted by Herbert Thompson of Security Innovation Inc. (a Microsoft certified partner) and entitled "Reliability: Analyzing Solution Business Needs Change."

The full report can be viewed here in PDF format.

In a company Weblog posting, Novell Senior Manager of Public Relations Kevan Barney said the report "aims to confuse the market about the value of Linux and downplay the various reliability, security and TCO issues Windows users are facing."

"Independent studies regularly credit Linux in general, and SUSE Linux in particular, [with being] secure, reliable, supported platforms that customers can leverage today to gain greater flexibility, performance and value in the IT infrastructure," Barney said in the blog posting.

Interestingly, Thompson also made clear that neither the study nor its findings are final or conclusive, but are rather a starting point for further work.

"The sample, although too small to provide conclusive statistical comparisons, illustrates the methodology and begins to shed light on some key model differences between the platforms," Thompson said.

"A welcomed next step would be a more expansive study based on this foundational methodology with a larger sample size, additional business requirement scenarios and that looks at a wide array of platforms," he said.

To read Senior Editor Steven J. Vaughan-Nichols take on the Windows vs. Linux study, click here.

With regard to several points made in the study, Barney said Linux customers who used Novell-certified solutions did not have the interoperability problems suggested by Thompson.

"Novell is continually adding to its list of more than 700 ISVs with more than 1,800 products certified and ready. It is just a matter of time until the issue of Linux interoperability with third-party proprietary applications disappears," he said.

But Windows will continue to face major security problems, with customers suffering the financial consequences, as long as Windows is not re-architected and made more modular, Barney said.

The number of patches created to fix security vulnerabilities and other bugs also could not reliably be compared between operating systems that are as different as Microsoft Windows and SUSE Linux Enterprise Server, he said.

"In contrast to Windows, Linux distributions come with a vast number of packages for services, middleware and software, not just with the operating system and its management framework," Barney said.

Next Page: Flexibility could be a benefit or drawback for Linux.

Flexibility Could Be a

Benefit or Drawback for Linux">

In the report, Security Innovation said one of the most heavily touted benefits of Linux was its high modularity and the granularity of control that administrators have over a system.

"In the experiment, we found that such flexibility also leads to ambiguity for administrators in terms of paths to follow when resolving conflicts. … On the Linux side, each administrator pursued vastly different paths to resolve dependency conflicts that arose when new components were installed. The result was solutions that grew in complexity and heterogeneity rapidly over time," Thompson said in the report.

Multiple pathways could be both an asset and a weakness, allowing on the one hand highly skilled administrators to solve problems using greatly varied approaches, but, on the other, leading to the "personalization" of systems which could make issues like administrator substitution problematic, the report said.

"The Linux solutions also quickly went out of support from the both the distribution vendor and third-party solution vendors as individual components (such as MySQL) were upgraded to meet third-party solution needs," Thompson said.

In contrast, Microsoft has pursued a philosophy it calls "integrated innovation" where much of the core system functionality is incorporated with the operating system itself.

During the experiment, all Windows administrators followed a fairly homogeneous route to both install patches and apply component upgrades for the simulated changing business requirements, Thompson said in the report.

Novells Barney countered that Microsofts "integrated innovation" philosophy is "widely regarded as the primary reason Windows is an inherently insecure operating system allowing intruders to attack Windows through applications such as Internet Explorer, IIS, etc."

This integration with strong dependencies makes it possible for an intruder or worm to bring down an entire system. Integrated innovation was also generally cited as the primary reason for Microsofts schedule slips for Windows Vista and Windows Longhorn Server, he said.

To read more about Windows Vistas history of delays, click here.

"The lack of modularity meant all developers have to be concerned with all dependencies in each part of the system. Those are just a few initial observations. SUSE Linux has achieved the highest level of security of any Linux distribution, and Novells additional Linux application security and identity management offerings give customers a powerful, comprehensive security framework for Linux and mixed environments," Barney said.

Next Page: Microsoft plans to work with Novell in future.

Microsoft Plans to Work

with Novell in Future">

But Ryan Gavin, Microsofts Director of Platform Strategy, defended the need for the study, even if it was just a starting point.

"There is a big need for a larger understanding of how we think and talk about reliability and to have a consistent dialogue about what things matter when you are talking about a reliable system," he said.

"One of the reasons we worked with Security Innovations is because they are more academic and research-oriented and we wanted a repeatable methodology that could be applied again and again," he said.

Gavin added that Thompson would also be reaching out to Novell in the future, given that the companys version of Linux was used in the study.

He also said he would be asking Novell "for their validation, having them help review the model and provide input into how this could have been done differently or better. Ill also make the same offer to Red Hat and Im willing to fly their engineers to his lab to have them go through this and tell us ways we can do this better."

Novells Barney said he was not sure if Thompson had contacted anyone in the company as yet, adding that the firm would have to think hard before jumping into the research business.

"Thats what independent analysts do best, not software vendors," he said.

This is not the first time Microsoft has asked members of the open-source community to work with it on independent research projects. Redmond officials suggested earlier this year that the OSDL (Open Source Development Labs) work with Microsoft on a research project, an idea that was rejected outright by OSDL CEO Stuart Cohen.

Editors Note: This story was updated to expand on a comment by Kevan Barney.

Check out eWEEK.coms for the latest open-source news, reviews and analysis.

Rocket Fuel