Microsoft Lab Works Overtime for Open-Source Edge

By Peter Galli  |  Posted 2006-01-23

Microsoft Lab Works Overtime for Open-Source Edge

Though outward appearances may indicate that Google Inc. is now Microsoft Corp.s biggest threat, customers should not kid themselves. Microsoft still has many of its top minds working on the previous holders of that title: Linux and open source.

At its Linux and Open Source Lab in Redmond, Wash., Microsoft has a three-pronged attack to give customers and potential customers more information by testing and comparing Windows and Linux in legacy environments, the effectiveness of each platforms security patching process, and how well Microsoft is working to integrate or support open-source code in its products.

Given Microsofts desire to upgrade every possible customer to the latest version of Windows, it may seem strange to be testing Windows on old hardware. The tests, which found that Windows performed as well as Linux on legacy hardware when installed and run out of the box, were done in part to give Microsoft the data it needed to effectively "put to rest the myth that Linux can run on anything," said Bill Hilf, director of platform technology strategy at Microsoft and manager of the lab.

There is a pervasive belief that Linux can run on older PCs and that Windows cant, Hilf said. So Microsoft decided to test the premise by installing Red Hat Inc.s RHEL (Red Hat Enterprise Linux), Novell Inc.s SUSE Pro 9.2, Mandrake 10, Linspire Inc.s Linspire 4.5, Xandros Inc.s Xandros Desktop OS Version 3, Red Hats Fedora Core 3, Slackware Linux Inc.s Slackware 10.1, Knoppix 3.7, and Microsofts Windows XP and Windows Server 2003 out of the box on older hardware to see what happened.

Hilf said the capability to modify Linux and strip it down to run with a minimal set of services and software so that it can run on all sorts of hardware devices has generated the larger assumption that any type of Linux distribution can run on all sorts of hardware devices. "But the average customer is not a technical expert or a Linux developer, so they do not have the skill or, more importantly, the business need to modify the operating system this way. You could argue that this is why Red Hat and Novell SUSE exist," Hilf said.

Steven J. Vaughan-Nichols writes that Hilfs claims are "pathetic." Click here to read more.

In the tests, Microsoft found that most modern commercial Linux distributions could be installed successfully on systems that have an Intel Corp. Pentium processor with 64MB of RAM and a minimum of 2GB of hard disk space. Minimum requirements for office productivity performance on a Linux system were any Pentium II system with at least 64MB of RAM, Hilf said, adding that playback of sound and video would typically require a PII 400 or better.

"This corresponds to an average PC issued between 1998 and 1999," Hilf said. If Linux was installed on an older system, such as an average PC from 1997, the desktop performance fell below what is typically acceptable for a common user, he said.

Patch Quality, Not Quantity

In other labs projects, Microsoft is moving away from focusing on the number of security patches and updates that are released to concentrating on making it easy for customers to obtain the security fixes and system updates they need.

Microsofts Linux and Open Source Lab simulates production environments across open-source, Microsoft and other commercial software. It has built tests and analysis tools to look at how frequently those systems need to be patched and what the impact of that is. Microsofts "Patch Tuesday" update model issues patches and updates once a month unless they are deemed critical and need to be released earlier. This model is different from those of the various Linux and other commercial software vendors.

Microsoft is running scenarios on an ongoing basis using the latest versions of RHEL and SUSE Linux, as well as the Mandriva, Gentoo, Debian and Ubuntu Linux distributions. Microsoft also tests a wide variety of Unix systems and BSDs (Berkeley Software Distributions).

Next Page: The bigger picture.

The Bigger Picture

The number of updates for the many software distributions is less important to Hilf than the bigger picture, which shows that it is not just Microsoft software that has to be regularly patched and updated.

Mark Cox, security response team leader at Linux vendor Red Hat, in Raleigh, N.C., said that one of the top reasons machines are ensnared by security exploits is that they dont get the latest security updates. "To protect users, a vendor needs to make security updates as easy and painless as possible across the entire application stack," he said.

Of 17 critical vulnerabilities identified last year, Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the public—with 87 percent of the fixes being available the first day, Cox said.

"These sorts of statistics give customers a much better feeling for the risk and exposure theyll be taking when choosing a platform," Cox said. "We could reduce the number of advisories by batching issues into a single update every month or by not fixing those vulnerabilities rated as low severity, but that is actually detrimental and increases the risk to customers. Were not going to play the numbers game with our customers."

Putting Integration to the Test

Users can expect to see a lot more interoperability work between Microsoft and some of its open-source competitors over the next year, such as the agreement the company struck with JBoss Inc. in September. Users also can expect more participation by Microsoft in discovering interoperability problems earlier in its product cycle and providing fixes when issues arise.

Microsoft and JBoss said they would focus on four key areas: Active Directory, Web services, management and SQL Server.

Some partners, such as Centeris Corp. CEO Barry Crist, in Bellevue, Wash., agree that Microsoft is doing a better job of reaching out to the open-source community. "If you talk to the folks in Microsofts management tools group, they are under pressure from their customers to have cross-platform support," Crist said. "There may be other groups within Microsoft who may feel differently, but the folks we have talked to have been generally supportive."

Microsoft has been working on interoperability across all its products.

"Our goal for doing all of this is pretty simple: We want our customers to have the best experience with our software regardless of environment," Hilf said. "So we want to make sure, from an open-source software and Microsoft software perspective, that our customers are able to interoperate."

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Rocket Fuel