Ballmer: Windows Safer than Linux

By Peter Galli  |  Posted 2004-10-27

Ballmer: Windows Safer than Linux

Microsoft CEO Steve Ballmer on Wednesday plunged headfirst into the controversial waters of comparing the benefits and advantages of the Windows platform with Unix and Linux in an executive e-mail he sent to customers, partners and subscribers.

Ballmers e-mail is the latest in an ongoing series of communications from Microsoft Corp.s top executives addressing issues important to their customers and to the technology industry.

It is also the latest salvo by the Redmond, Wash., firm to address the growing competitive threat of open-source software and the Linux operating system.

In its latest 10-K filing to the SEC (U.S. Securities and Exchange Commission) in September, Microsoft said it was facing growing pressure from open-source software across every segment of its business—a competitive threat that could have significant consequences for its financial future.

Read more here about Microsofts SEC filing.

In this latest e-mail, Ballmer said customers across the globe are asking the same questions of Microsoft staff members, namely whether an open-source platform really provides a long-term cost advantage compared with Windows, and which platform offers the more secure computing environment.

Customers expressed their growing concern about IP (intellectual property) indemnification and how best to minimize risk, while also wanting to know the best migration alternative for moving from an expensive Unix platform, he said.

But Microsoft faces competition on that front from IBM and Hewlett-Packard Co., both of which have solutions designed to help customers and ISVs move away from Unix—mostly from Sun Microsystems Inc.s SPARC/Solaris—and onto Linux.

In his e-mail, Ballmer directed customers to the companys controversial Get the Facts Web site and used the sites examples of case studies and research— many of which were sponsored and paid for by Microsoft— to validate the premise of his e-mail. Essentially, he said, "The Windows platform today offers an unmatched level of value, applications availability, simplicity, security and productivity."

Next Page: Are customers "getting the facts"?

Getting the Facts

?"> Microsofts "Get the Facts" campaign, which it launched in January, aims to give customers information about the advantages of using its Windows operating system versus Linux, its open-source competitor.

Click here to read more about Microsofts Get the Facts campaign.

Ballmer admitted that its "not surprising" that one cant open a computing magazine today without running into an article about Linux and open source, adding, "Who doesnt like the idea of a free operating system that just about anyone can tinker with?" But he said things are not always as they seem.

He cited an independent, noncommissioned global study by The Yankee Group, titled "Linux, Unix and Windows TCO [Total Cost of Operation] Comparison," which surveyed 1,000 IT administrators and executives.

"All of the major Linux vendors and distributors [including Hewlett-Packard, IBM, Novell (SuSE and Ximian) and Red Hat] have begun charging hefty premiums for must-have items such as technical service and support, product warranties and licensing indemnification," the study said.

"In large enterprises, a significant Linux deployment or total switch from Windows to Linux would be three to four times more expensive—and take three times as long to deploy—as an upgrade from one version of Windows to a newer release," Ballmer cited the Yankee Group study. "And nine out of 10 enterprise customers said that such a change wouldnt provide any tangible business gains," he said.

The Yankee Group also noted that, for larger organizations with complex computer networks, its important to look beyond Linuxs initial low investment cost and consider all of the TCO and ROI (return on investment) factors.

Click here for a column on how Microsofts and Intels records make trust a tough sell.

Referring to another study, which Ballmer said was a nonsponsored report by Forrester titled "The Costs and Risks of Open Source," he said the study found that "the allure of free software is accelerating the deployment of open-source platforms, but open source is not free and may actually increase financial and business risks."

But other research firms seem to view things differently. At the recent Gartner Symposium/ITxpo, Gartner vice president and distinguished analyst George Weiss said theres no question at all about Linux becoming mature.

Weiss even displayed a chart showing that Linux today—not in 2010—is already better than Windows servers in enterprise-critical areas such as horizontal scaling (aka clustering), security and entry cost.

And by 2006, Weiss predicted that Linux "will meet the performance requirements of 80 percent to 90 percent of single OLTP [online transaction processing] application requirements." And its competition for this gold standard of data-center computing wont be Windows; its Unix.

As for open source in general, Gartner analyst Mark Driver had this to say: "Youd be stupid not to use open source as part of your application management strategy."

Turning to the issue of security, Ballmer said that some three years ago, the company had made software security a top priority. "Since then, weve invested heavily in a multipronged effort to improve software quality and development processes, and to reduce risks for customers through education and guidance, industry collaboration and enforcement.

"I think its fair to say that no other software platform has invested as much in security R&D, process improvements and customer education as we have at Microsoft," he said.

Next Page: "Quality, tech advances and testing."

Quality and Testing

But in spite of this, Linux is often touted as a more secure platform. This is due in part to the "many eyeballs" maxim of open-source software, which claims a correlation between the number of developers looking at code and the number of bugs found and resolved, Ballmer said.

"While this has some validity, it is not necessarily the best way to develop secure software," he said. "We believe in the effectiveness of a structured software engineering process that includes a deep focus on quality, technology advances and vigorous testing to make software more secure."

Citing another research report from Forrester, titled "Is Linux More Secure than Windows?," Ballmer said this highlighted "that the four major Linux distributions have a higher incidence and severity of vulnerabilities, and are slower than Microsoft to provide security updates."

"According to Forrester, Microsoft had the lowest elapsed time between disclosure of a vulnerability and the release of a fix," he said. "They found that Microsoft addressed all of the 128 publicly disclosed security flaws in Windows over the 12-month period studied, and that its security updates predated major outbreaks by an average of 305 days."

Ballmer recently also talked about security at the recent Gartner Symposium/ITxpo, but frustrated Windows users there said actions speak louder than words when it comes to Ballmers promise that Microsoft will fix the security vulnerabilities in his companys computing platform.

Read more here about user reaction to Ballmers promises of improved security.

"Trust is not a word that I would use" in relation to Microsofts promises on security, said Paula Dallabetta, director of product marking at CreekPath Systems Inc., a storage management software producer based in Longmont, Colo.

She said she has no reason to trust Microsoft because it "hasnt delivered anything to date" that improves the security situation.

On the indemnification front, Ballmer said a top issue for customers is patent indemnification. The company had now lifted the cap at the amount the customer had paid for the software, for its volume licensing customers: those most likely to be the target of an IP lawsuit.

Next Page: Comparing indemnification plans.

Indemnification Plans

"No vendor today stands behind Linux with full IP indemnification. In fact, it is rare for open-source software to provide customers with any indemnification at all," Ballmer said.

"We think Microsofts indemnification already is one of the best offered by the leading players in the industry for volume licensing customers, and were looking at ways to expand it to an even broader set of our customers. Its definitely something businesses want to think about as theyre building or expanding their IT infrastructure," he said.

But Ballmers comments do not reflect the fact that Red Hat Inc., HP and Novell Inc. all have announced plans to protect their enterprise Linux customers. Red Hats Open Source Assurance Plan is designed to protect customers Linux investments and ensure that they are legally able to continue to run Red Hat Enterprise Linux without any interruption.

Novell, of Provo, Utah, set up a Linux Indemnification Program for its SuSE Enterprise Linux customers, under certain conditions, to protect against IP challenges to Linux and help reduce the barriers to Linux adoption in the enterprise.

HP in September announced that it will indemnify its customers against any legal liability from the use of Linux.

Ballmer also used his e-mail to address the issue of migrating ERP (enterprise resource planning) systems from costly, proprietary Unix environments to Windows or other platforms. He cited another "independent, qualitative survey," this one from The META Group, of organizations that had recently completed a migration of their SAP or PeopleSoft ERP systems from a Unix environment to the Microsoft Windows Server platform.

Ballmer said the survey found a reduction of more than 20 percent in the number of servers required when compared with Unix. "Windows is now a mainstream option for the vast majority of ERP projects," The META Group said.

Ballmer concluded his e-mail by saying theres "no question that customers are benefiting today from a healthy, competitive IT industry. Competition requires companies to really focus in on what customers want and need. At the same time, customers have a clearer opportunity than ever before to evaluate choices."

As organizations increasingly rely on IT to perform mission-critical functions, and with complexity presenting a growing challenge, choosing the right computing platform for the long term can make the difference between profit and loss, and between success and failure, he said.

"And its pretty clear that the facts show that Windows provides a lower total cost of ownership than Linux. The number of security vulnerabilities is lower on Windows, and Windows responsiveness on security is better than Linux; and Microsoft provides uncapped IP indemnification of their products, while no such comprehensive offering is available for Linux or open source," he said.

Check out eWEEK.coms Windows Center at for Microsoft and Windows news, views and analysis.

Be sure to add our Windows news feed to your RSS newsreader or My Yahoo page

Rocket Fuel