This is an open letter to the people at Microsoft who
irresponsibly posted some misleading information recently upon
their web site. It is the hopes of the author that they will take
these words to task, and clean up their act. It's my own personal
I speak for no one by myself. I do, however, consider myself a
member of the so-called "Linux Community" of which you speak.
recent Fear, Uncertainty, and Doubt (FUD) propaganda:
Linux Myths , on your web site, I couldn't help but be reminded
of an old Charlie Brown cartoon.
It's one of my favorites. Charlie Brown is pitching and Lucy
calls a timeout. She approaches Charlie on the mound and Charlie
worries out loud that it looks like the opposing team has figured
out his secret hand signals. At that point, Lucy explains that it's
worse than that: They no longer even seem to care what the hand
Microsoft, it's my belief that the so-called "Linux Community"
to which you refer doesn't care much about your FUD in this case.
You should know better -- your own people have tried to explain why
traditional FUD won't work against Linux. Yet it's kind of
comical to see you referring to us throughout the document as if we
were a corporation. It's obvious that the "Linux community" is the
new opposing team.
To the Linux community, we are something else. We are simply a
group of people who typically share only two things: an interest in
Linux and Internet access. Those are the only two traits. The rest
of the characteristics span multiple countries, creeds, business
relationships, and much more. We are the people, not some
corporation. Get that through your thick skulls and embarrassing
incidents like this will likely happen at a reduced pace.
You need to understand this simple truth. It will help you face
your own truths, or maybe just the truth in
Even so, I can't help but poke into the wobbling waste-land of
pathetic "myths" that you have put forth. It's beyond my nature to
remain silent with such a mass of inaccurate, comedic material. I'm
through biting my tongue. This is such a twisted pile of murky
misconceptions that it deserves every whack it gets.
Let's start at the top, shall we?
Microsoft Myth: Linux performs better than
Microsoft Reality: Windows NT 4.0 outperforms
Linux on common customer workloads.
The Real Reality:
If that piece of commodity Intel hardware isn't enough,
the company that put its eggs in the Windows NT basket is left with
no choice but to upgrade to a real server -- one based upon Unix or
You cannot offer them any true scalability. If Linux on
commodity Intel hardware is not enough, the customer can purchase
Compaq 64-bit Alpha hardware or Sun 64-bit UltraSPARC hardware. The
customer can scale into proprietary Unix territory, because Linux
is based upon Unix and open standards to which Windows NT doesn't
adhere. You, Microsoft, conveniently forget that Compaq recently
dropped development of 64 bit NT on its Alpha hardware. That
platform would have helped your scalability position somewhat in
I speculate that Microsoft would like to make a commodity
operating system for commodity hardware and hope that it's "good
enough" to replace high end systems. By dropping heavy-duty, exotic
hardware support such as that offered by Compaq, you are in effect
saying, "not profitable enough to justify all that work." The
hardware performance numbers you point to as "proof" of Windows
NT's superiority are for special hardware and software tweaks on an
expensive server. The difference goes away when placed, as you
suggest, upon truly inexpensive commodity hardware.
As for your proprietary web server, IIS, against the open source
fair player, Apache, give reality a chance sometime. The benchmark
data that is being touted is for an unbelievable rate of transfer.
For extremely expensive Internet connections, such as what powers
most of the web, Apache running on Linux is still one of the best
platforms available. This is due to the fact that even a fairly
low-powered commodity Intel server can saturate a fairly expensive
Internet connection. You are in effect pointing to performance
figures that mean very little in the real web serving world.
More importantly you are suggesting performance superiority with
a platform that has known stability issues that a good portion of
the ISP web server community is not willing to endure. What good is
a server if it commonly crashes every week and leaves a company
with costly down-time?
The Apache and Linux combination powers most of the web -- a
claim that you cannot make about your web serving product, IIS.
And if a customer's web bandwidth cannot be handled by Apache on
Linux there are commercial web servers available for Linux that
exhibit benchmark statistics which I'm sure you would likely rather
Finally, I must point out that you confuse the issue by even
mentioning Apache along side of Linux. Apache is a product that has
been ported to many platforms, including Windows NT! In comparison,
IIS only runs on your proprietary code base. Apache has a life of
its own due to its portable nature. It will be around in open form
for years to come thanks to its open source development model.
Microsoft Myth: Linux is more secure than Windows
Microsoft Reality: Linux security model is
The Secure Reality:
Microsoft's C2 security rating is deceptive at best and
Linux provides true security by allowing experts full view of its
Linux does have a different security model than Windows NT,
without a doubt. It is more troublesome to delegate tasks from a
user manager, as Windows NT allows. There are packages available to
do similar things, but they usually don't ship by default with the
more popular distributions.
But you should be ashamed of touting any C2 security rating in
the same context as network security. Microsoft has been bragging
about this rating for years now and Ed Curry, the government
specialist that initially helped you get that rating, died trying
to get the word out about the deceptive way that it was being
Why? It's simple: That C2 rating referred to above is
with no networking whatsoever enabled. To refer to
this rating and then speak of network security in same breath
appears deliberately misleading and should be met in the
user community with a call for protest or boycott. This is outright
deception, or ignorance. Either way, it's bad enough.
Supposedly Microsoft is getting the C2 certification done with
networking in place. When and if this is acquired, Microsoft can
have this bragging right. But even then you should be ashamed that
for the past 4 years you have been including this piece of
misleading propaganda in your documentation, as if it were the end
of the story.
All during that time, your salesman and ignorant supporters
would point to it as if it were proof of Windows NTs unshakeable
security rating. I've even had salesmen try and sell me Internet
firewall products based upon Windows NT while they pointed to this
statistic as proof. You, Microsoft -- deliberate or bungling --
have allowed this kind of smoke and deception to persist. What a
great firewall! I'll bet it was extremely secure as it wouldn't be
allowed to be hooked up to any networking device in sight.
A C2 security rating is only good for certified hardware. You
make no mention of this on your web site. That C2 rating isn't a
trivial thing for a customer. They cannot just turn it on whenever
they feel like it. The suggestion should be clarified, or left out.
Anything else is deceptive at best.
Our U.S. government is currently evaluating Linux as a more
secure operating system and an alternative to Windows NT. Its
open-source nature helps in discovering security holes before
they are exploited. The patches for Linux security holes come
as they are discovered, in hours as opposed to weeks or months that
accompany Microsoft products.
As for your statements placating your users and leading them to
believe that they need not be a security experts to use Windows NT,
one can only hope that the target audience involved in this piece
of blatant and misleading propaganda realize that they are being
played like violins.
Network security for a corporation is a daunting, responsible
task. It requires dedication and understanding of the issues
involved. To blindly trust a corporation like Microsoft is
insane. Either pay a security expert to create and maintain a good
firewall, or you might as well post all of your company secrets and
sensitive data on an anonymous FTP site for instant download.
Anyone who is responsible for security in an Internet setting must
be constantly ready to upgrade their security subsystems. The
criminals attempting to steal customer data are going to be
immediately ready to exploit security holes as soon as they are
found. The likelihood of those holes being spotted and closed by
security experts before they are exploited increases with
source code that is easily obtainable.
In this Internet age, one would think that security would be one
of your primary concerns. Yet you continue to hold your source code
from public scrutiny, and the security reports continue to roll in
day after day. You continue to post patches weeks after these holes
are discovered. A system cracker is not going to wait around out of
fairness to the person who is responsible for the security of the
victim's site. He isn't going to hold off while that person awaits
the latest security fix from the only people who can help. He
certainly isn't going to read your web site propaganda and be
Timely fixes are more important than the method of remediation.
Infrequent service packs coming out every so often are not the
method that you would want to employ for locking your house if the
locks were in need of constant upgrade against criminals who where
building better and better tools to crack those locks. You would
want to check those locks every night or else be ready for a
burglar to steal everything as you waited for the fix to come
Finally, I must point to the huge list of security holes found
in Microsoft's client products and wave my finger. Microsoft,
despite numerous warnings, you have burdened a huge base of
customers with extremely insecure client software that no amount of
server security is going to patch. As secure as NT will ever get,
the problems intrinsic to Windows 98 and Windows 95 desktops are
many: easily-bypassed local login, e-mail viruses, Outlook Express
exploits, Word macro viruses, and the list goes on.
Microsoft, you have no right to be critical of the Linux
security model. You live in a glass house and are throwing big
stones at the steel walls that comprise the Linux security model.
Linux does have security holes discovered in its key subsystems
from time to time. These holes are typically academic in nature,
less network sensitive, and, most importantly, found and fixed
in a minimum of time.
Microsoft Myth: Linux is more reliable than
Microsoft Reality: Linux needs real-world proof
points rather than anecdotal stories
The Experienced Reality:
Grass-roots proof is more believable than posturing by
corporate a interest that has its own hugely-exposed rear end to
try and cover.
These "anecdotal stories" of which you speak are from your
potential customers. Many of those customers were lost when you put
out shoddy products with no regard to the cost of down-time,
security breaches (despite numerous warnings), and
privacy-compromising mechanisms (despite even written letters to
our President at the time).
People have had it with privacy-compromising, insecure, and
shoddy software. NT is no exception to the rule. It may even be
true that with Service Pack 5 things are marginally better in the
stability arena, but your own Windows 2000, your desired upgrade
for Windows NT, recently crashed right in front of dozens of
witnesses right after it was touted as being orders of magnitude
more stable than Windows 98.
Linux is an operating system that has had orders of magnitude
less marketing dollars behind it in comparison to your products.
Just attacking public credibility here does not make your product
more secure or reliable. The public isn't like a software program
where you can just re-write its memory at will. The public will
know these things by experience, not by hype.
When NT or Windows 2000 becomes rock solid, and exhibits those
traits in a uniform manner for years at a time, you will be able to
expect similar testimonials from masses of customers. Please, don't
attempt something stupid and try and generate phony support as you
have in the past. 
Just fix the damn thing, and keep it fixed for a long enough
time and people will start to give you the same kind of glowing
support. Until then, be prepared for the bed you have made. This is
your Karma, and no misleading white paper is going to fix it.
Microsoft Myth: Linux is Free
Microsoft Reality: Free operating system does
not mean low total cost of ownership
The Economic Reality:
Linux truly is free. Furthermore, just because you pay
of money for something does not mean lower total cost of ownership.
The reality is that the criticism of Linux in this context fails
to take into account the Windows 2000 system, which you
hope will be replacing Windows NT. Windows 2000 has been given
a projected cost of between $2000 and $3000 per desktop by the
Microsoft cannot afford to have a product like Linux around that
costs nothing on procurement and adheres to standards that don't
lock a customer into an endless upgrade cycle. The "Free" in "Free
Software" refers mainly to the freedom to control that
software. By having the source code in hand there are no file
format changes without necessity. There are no protocol tweaks that
break previous protocols just because someone needs some upgrade
Linux keeps the total cost of ownership low on the management
side as well, by not forcing customers to purchase expensive
network management tools, by just plain working after being put
into place, by not needing a reboot after simple system changes,
and by not having artificial license limitations on their file
serving subsystems. Examples such as this will eventually prove
that Linux has countless advantages that you, Microsoft, would hope
your customer base never understands.
The criticism itself is upon terribly shaky footing. You are
comparing TCO studies of UNIX and NT , not
Linux and NT. Most commercial-grade Unices have
higher costs of procurement and probably higher maintenance
contract costs than Windows NT. They often have higher costs on the
hardware side of the equation as well. Stating this as evidence in
this scenario is outright and deliberately misleading in intention
or it's just plain ignorance of the situation. Notwithstanding my
own personal feelings about the corporation here, I must state that
it's more likely the former, and not the latter. Considering the
source it can't be a simple mistake.
Linux runs on commodity hardware, just like Windows NT. It's
also scalable into more exotic hardware, unlike Windows NT. Linux
offers the customer something you do not: choice of hardware.
Finally, one can only laugh at the last criticism of Linux:
Replacement of Windows on the desktop. You recently told the
Department of Justice that Linux was a threat to your desktop
First, you whine that Linux is going to displace you on the
desktop. Then you explain that it can't happen in a white paper on
your web site. Who is the public going to trust for the truth?
Microsoft, or Microsoft? The unfortunate reality is that
after misleading statements like this people are simply not going
to trust Microsoft tell them the truth about anything.
Linux has no "corporate reputation" to lose in this context. The
so-called "Linux community" mentioned over and over in your
misleading document is not anything of the sort. It's more of a
democratic process than a willful corporate collective, and many
divergent opinions abound. People loyal to Linux will disagree even
with what I have had to say here. It's something called
democracy. Microsoft should give it, and truly competitive
economics, a try sometime.
What this means is that with Linux, no one company is going to
come around and lie to potential customers in hopes of sustaining a
legally-questionable and obviously outdated monopolistic revenue
stream. Linux will be Linux without hype and deceptive marketing
The "Linux community" will take to heart only its own criticism.
Enhancements will be implemented as changes to the product that are
desired by the people who want and need them. Those enhancements
will be made available on a take it or leave it basis. Even so, the
worthless piece of propaganda at which this rebuttal is aimed will
be studied for valid criticisms, and changes will appear in Linux
as desired. Thanks to your efforts, you will have one guarantee for
the next time you try this: Any criticism you had this time, if
it's valuable, will be gone. You will be left grasping for even
smaller straws than you had this time around.
I can only imagine what's going to be coming out of the
Microsoft smokestack a couple of months from now. What will be the
criticism when comparisons of ease of use and processor scalability
become moot points, or become disadvantages for Windows
NT/2000/98? What kind of half-baked nonsense will you be screaming
at corporate America?
The changes that occur to Linux will happen in a hurry, because
its new Internet development model is the fastest one by far. It
has taken you, Microsoft, over four years to produce the next
revision to Windows NT. You can bet your bottom dollar that even
the areas where Linux has room to improve today will be gone before
you can blink an eye.
Imagine a scenario on the freeway. Microsoft is a large, slow,
lumbering truck that -- even though it's a fairly recent model --
has seen better days. It's crawling along the freeway,
inefficiently belching smoke. In the cloudy distance behind it, a
Porsche 911 (Linux) emerges. Even though the Porsche is based upon
40 year old technology, it's gaining on the truck at unbelievable
speed. In this scenario, just before it whizzes by, one of your
public relations people jumps out into the road, and yells to
whoever might listen that the truck is still ahead. One
can only speculate as to what's going to hit him unexpectedly in
this hypothetical situation.
Linux already surpasses Windows NT in many areas, and it
obviously frightens someone in your company, else this misleading
fodder for Pointy Haired Bosses and other lesser informed
individuals would never have been publicized. You have conveniently
left out some of the most damning criticisms of your products,
among which are:
unforgivably low software quality
extremely slow and outdated development model
wildly complex and under-documented code base
lack of ability to adhere to widely-accepted standards
lack of well-documented and open application programming
high procurement costs
fragmentation with respect to your own software in future
large and ever-increasing memory footprint
availability only on Intel or Intel-clone hardware
Microsoft, you introduced technical inaccuracies when you referred
to the "fact" that Linux can only handle 128 megabytes of
swap. You mistakenly refer to it as a "swap file". Linux does not
use "swap files" by default. It's a design advantage. Even so, I
guess I must be hallucinating this readout from my current system,
a fairly stock RedHat 6.0 box with a 2.2.10 Linux kernel:
SwapTotal: 530104 kB SwapFree: 525028 kB
And thats my home computer, too. A bit excessive,
I know, but it's a real situation, one I've experienced,
and not something found on a hopelessly inaccurate Microsoft web
I will give you credit where credit is due. Linux may not
displace NT much on the desktop anytime soon. Linux makes a great
desktop, but a lot of people have no real perceived reason to
switch to Linux -- yet. Those reasons are coming as you well know.
You were right when you told the Department of Justice about Linux
being a threat to your desktop monopoly. You were simply wrong
about the timing. It's a great server operating system right now,
but its desktop days are coming, and any fool can see it.
The Microsoft desktop tax on a typical PC today comprises a
significant percentage of the price of the hardware, which hasn't
always been the case. The PC landscape is extremely competitive at
the moment and will remain so due to the ongoing anti-trust trial.
So there will be problems for Microsoft with Linux, a free
alternative to Windows, displacing something, no matter how good,
that costs a couple hundred dollars on a $500 PC. What will be the
difference on a $300 PC? What will be the difference as the price
drops even lower? What will be the difference when the ease-of-use
factor is improved, and the buying public senses that they are
going to get more quality for less money?
Microsoft, you know this as well, and you must come up with an
answer sometime soon. The problem is that you cannot afford to cut
your prices. Your desktop monopoly is under attack from Linux. Your
Office suite monopoly us under attack from Star Office. Both
products are entering markets with zero procurement costs and at a
time when you have become addicted to monopoly profits. This cannot
bode well and yet we may not see any change to your revenue stream,
thanks to your suspicious accounting methods and your
obviously-illegal past monopolistic practices. That's the financial
truth of the matter.
Now for the Internet truth of the matter: Linux will not care
about Microsoft's anti-Linux hype. It will continue to develop,
even with this Fear, Uncertainty, and Doubt being spread about it.
This is because Linux's development does not depend upon revenues,
stock price, market share, or, most importantly, hype.
I wonder what kind of person would even think that an operating
system should depend upon hype to survive? More to the point, I
wonder where these people work, and how much longer they can
continue these kind of assumptions. I wonder if these people
realize that, thanks to the Internet, the public can get more
informed news since the Internet is harder to control than
traditional media (which is more dependent upon your advertising
In case you find my words offensive, you should read your own
internal memos on the subject, in the region where Vinod states
that traditional FUD tactics will not work with Linux. 
Like the opposing team in my Charlie Brown example above, Linux
developers could care less about your company's addiction to huge
monopolistic revenue streams. The disappearance of those revenue
streams will likely happen, but it's not their focus. They will
develop Linux, most assuredly, in either case.
Linux does not need to "deliver on the hype." It's doing just
fine today delivering on the reality. Its "30 year old technology"
is extremely well-developed and tested for mission critical
operations. It's things like this old technology
that help people sleep well at night.
Do you think that an administrator feels the same way about your
Windows 2000 product, with its tens of millions of lines of "new"
code? Think of all those millions of lines of code which nobody
gets to examine. Only those people whom you allow will get this
rare privilege which would likely induce nausea in a Free Software
Does it make administrators feel good knowing that there might
be back-doors, privacy compromising mechanisms, or security holes
in that code -- holes that will never see the light of day until
somebody uses them for exploitation?
Microsoft, you cannot deliver upon Linux's reality, let alone
its so-called "hype."
You cannot, and will not, stop the Linux revolution. Linux
does need improvement in the GUI ease-of-use category,
without a doubt. But it's getting there at speeds that will cause a
PR person's head to spin, if it hasn't been spin-proofed already
just to allow reading of your own press releases.
Linux's underpinnings have been given the most thought, and done
the right way. This is the order that is best. It is the order you
yourselves should have undertaken. Better good underpinnings with
some cosmetics that need work than beautiful window dressing on
something with a questionable foundation, like Windows NT and
But all of this posturing -- including mine -- is pointless.
Linux will be what Linux is, with, or without the stammering PR
belching of an outdated dinosaur like Microsoft.
And Microsoft, that isn't hype. That's the cold, hard reality of
the situation. You can bank on it.
The original piece of propagandistic trash on Microsoft's web
site.  Netcraft web
server survey shows Apache in the lead, and growing. 
Computer security specialist Ed Curry sounds the alarm about
Microsoft's misleading C2 security rating. 
Microsoft is caught staging a phony "astroturf" (as opposed to
"grass-roots") letter writing campaign. 
Microsoft is caught paying for ads in major news publications that
were supposed to be independently placed.  A
Microsoft employee is caught posting anti-OS/2 content to an OS/2
 More phony e-mail from Microsoft in August of 1999.
 The Gartner Group forecasts that Windows 2000 will be an
extremely expensive upgrade. 
Microsoft whines to the DOJ about how Linux is a threat to their
business.  The
halloween memos show that Microsoft should know better than to play
stupid games like this one. 
A Microsoft employee explains that FUD tactics won't work against