Linux Today: Linux News On Internet Time.





More on LinuxToday


Rant Mode Equals One: Linux Reality Versus Microsoft Myth

Oct 09, 1999, 14:57 (87 Talkback[s])
(Other stories by Paul Ferris)

WEBINAR: On-Demand

No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >

By Paul Ferris, Staff Writer

This is an open letter to the people at Microsoft who irresponsibly posted some misleading information recently upon their web site. It is the hopes of the author that they will take these words to task, and clean up their act. It's my own personal advice.

I speak for no one by myself. I do, however, consider myself a member of the so-called "Linux Community" of which you speak.

Reading Microsoft's recent Fear, Uncertainty, and Doubt (FUD) propaganda: Linux Myths [1], on your web site, I couldn't help but be reminded of an old Charlie Brown cartoon.

It's one of my favorites. Charlie Brown is pitching and Lucy calls a timeout. She approaches Charlie on the mound and Charlie worries out loud that it looks like the opposing team has figured out his secret hand signals. At that point, Lucy explains that it's worse than that: They no longer even seem to care what the hand signals are.

Microsoft, it's my belief that the so-called "Linux Community" to which you refer doesn't care much about your FUD in this case. You should know better -- your own people have tried to explain why traditional FUD won't work against Linux.[8] Yet it's kind of comical to see you referring to us throughout the document as if we were a corporation. It's obvious that the "Linux community" is the new opposing team.

To the Linux community, we are something else. We are simply a group of people who typically share only two things: an interest in Linux and Internet access. Those are the only two traits. The rest of the characteristics span multiple countries, creeds, business relationships, and much more. We are the people, not some corporation. Get that through your thick skulls and embarrassing incidents like this will likely happen at a reduced pace.

You need to understand this simple truth. It will help you face your own truths, or maybe just the truth in general.

Even so, I can't help but poke into the wobbling waste-land of pathetic "myths" that you have put forth. It's beyond my nature to remain silent with such a mass of inaccurate, comedic material. I'm through biting my tongue. This is such a twisted pile of murky misconceptions that it deserves every whack it gets.

Let's start at the top, shall we?

Microsoft Myth: Linux performs better than Windows NT

Microsoft Reality: Windows NT 4.0 outperforms Linux on common customer workloads.

The Real Reality:

If that piece of commodity Intel hardware isn't enough, the company that put its eggs in the Windows NT basket is left with no choice but to upgrade to a real server -- one based upon Unix or Linux.

You cannot offer them any true scalability. If Linux on commodity Intel hardware is not enough, the customer can purchase Compaq 64-bit Alpha hardware or Sun 64-bit UltraSPARC hardware. The customer can scale into proprietary Unix territory, because Linux is based upon Unix and open standards to which Windows NT doesn't adhere. You, Microsoft, conveniently forget that Compaq recently dropped development of 64 bit NT on its Alpha hardware. That platform would have helped your scalability position somewhat in this case.

I speculate that Microsoft would like to make a commodity operating system for commodity hardware and hope that it's "good enough" to replace high end systems. By dropping heavy-duty, exotic hardware support such as that offered by Compaq, you are in effect saying, "not profitable enough to justify all that work." The hardware performance numbers you point to as "proof" of Windows NT's superiority are for special hardware and software tweaks on an expensive server. The difference goes away when placed, as you suggest, upon truly inexpensive commodity hardware.

As for your proprietary web server, IIS, against the open source fair player, Apache, give reality a chance sometime. The benchmark data that is being touted is for an unbelievable rate of transfer. For extremely expensive Internet connections, such as what powers most of the web, Apache running on Linux is still one of the best platforms available. This is due to the fact that even a fairly low-powered commodity Intel server can saturate a fairly expensive Internet connection. You are in effect pointing to performance figures that mean very little in the real web serving world.

More importantly you are suggesting performance superiority with a platform that has known stability issues that a good portion of the ISP web server community is not willing to endure. What good is a server if it commonly crashes every week and leaves a company with costly down-time?

The Apache and Linux combination powers most of the web -- a claim[2] that you cannot make about your web serving product, IIS. And if a customer's web bandwidth cannot be handled by Apache on Linux there are commercial web servers available for Linux that exhibit benchmark statistics which I'm sure you would likely rather not discuss.

Finally, I must point out that you confuse the issue by even mentioning Apache along side of Linux. Apache is a product that has been ported to many platforms, including Windows NT! In comparison, IIS only runs on your proprietary code base. Apache has a life of its own due to its portable nature. It will be around in open form for years to come thanks to its open source development model.

Microsoft Myth: Linux is more secure than Windows NT

Microsoft Reality: Linux security model is weak

The Secure Reality:

Microsoft's C2 security rating is deceptive at best and Linux provides true security by allowing experts full view of its source code.

Linux does have a different security model than Windows NT, without a doubt. It is more troublesome to delegate tasks from a user manager, as Windows NT allows. There are packages available to do similar things, but they usually don't ship by default with the more popular distributions.

But you should be ashamed of touting any C2 security rating in the same context as network security. Microsoft has been bragging about this rating for years now and Ed Curry, the government specialist that initially helped you get that rating, died trying to get the word out about the deceptive way that it was being used.[3]

Why? It's simple: That C2 rating referred to above is with no networking whatsoever enabled. To refer to this rating and then speak of network security in same breath appears deliberately misleading and should be met in the user community with a call for protest or boycott. This is outright deception, or ignorance. Either way, it's bad enough. Supposedly Microsoft is getting the C2 certification done with networking in place. When and if this is acquired, Microsoft can have this bragging right. But even then you should be ashamed that for the past 4 years you have been including this piece of misleading propaganda in your documentation, as if it were the end of the story.

All during that time, your salesman and ignorant supporters would point to it as if it were proof of Windows NTs unshakeable security rating. I've even had salesmen try and sell me Internet firewall products based upon Windows NT while they pointed to this statistic as proof. You, Microsoft -- deliberate or bungling -- have allowed this kind of smoke and deception to persist. What a great firewall! I'll bet it was extremely secure as it wouldn't be allowed to be hooked up to any networking device in sight.

A C2 security rating is only good for certified hardware. You make no mention of this on your web site. That C2 rating isn't a trivial thing for a customer. They cannot just turn it on whenever they feel like it. The suggestion should be clarified, or left out. Anything else is deceptive at best.

Our U.S. government is currently evaluating Linux as a more secure operating system and an alternative to Windows NT. Its open-source nature helps in discovering security holes before they are exploited. The patches for Linux security holes come as they are discovered, in hours as opposed to weeks or months that accompany Microsoft products.

As for your statements placating your users and leading them to believe that they need not be a security experts to use Windows NT, one can only hope that the target audience involved in this piece of blatant and misleading propaganda realize that they are being played like violins.

Network security for a corporation is a daunting, responsible task. It requires dedication and understanding of the issues involved. To  blindly trust a corporation like Microsoft is insane. Either pay a security expert to create and maintain a good firewall, or you might as well post all of your company secrets and sensitive data on an anonymous FTP site for instant download. Anyone who is responsible for security in an Internet setting must be constantly ready to upgrade their security subsystems. The criminals attempting to steal customer data are going to be immediately ready to exploit security holes as soon as they are found. The likelihood of those holes being spotted and closed by security experts before they are exploited increases with source code that is easily obtainable.

In this Internet age, one would think that security would be one of your primary concerns. Yet you continue to hold your source code from public scrutiny, and the security reports continue to roll in day after day. You continue to post patches weeks after these holes are discovered. A system cracker is not going to wait around out of fairness to the person who is responsible for the security of the victim's site. He isn't going to hold off while that person awaits the latest security fix from the only people who can help. He certainly isn't going to read your web site propaganda and be scared away.

Timely fixes are more important than the method of remediation. Infrequent service packs coming out every so often are not the method that you would want to employ for locking your house if the locks were in need of constant upgrade against criminals who where building better and better tools to crack those locks. You would want to check those locks every night or else be ready for a burglar to steal everything as you waited for the fix to come in.

Finally, I must point to the huge list of security holes found in Microsoft's client products and wave my finger. Microsoft, despite numerous warnings, you have burdened a huge base of customers with extremely insecure client software that no amount of server security is going to patch. As secure as NT will ever get, the problems intrinsic to Windows 98 and Windows 95 desktops are many: easily-bypassed local login, e-mail viruses, Outlook Express exploits, Word macro viruses, and the list goes on.

Microsoft, you have no right to be critical of the Linux security model. You live in a glass house and are throwing big stones at the steel walls that comprise the Linux security model. Linux does have security holes discovered in its key subsystems from time to time. These holes are typically academic in nature, less network sensitive, and, most importantly, found and fixed in a minimum of time.

Microsoft Myth: Linux is more reliable than Windows NT

Microsoft Reality: Linux needs real-world proof points rather than anecdotal stories

The Experienced Reality:

Grass-roots proof is more believable than posturing by corporate a interest that has its own hugely-exposed rear end to try and cover.

These "anecdotal stories" of which you speak are from your potential customers. Many of those customers were lost when you put out shoddy products with no regard to the cost of down-time, security breaches (despite numerous warnings), and privacy-compromising mechanisms (despite even written letters to our President at the time).

People have had it with privacy-compromising, insecure, and shoddy software. NT is no exception to the rule. It may even be true that with Service Pack 5 things are marginally better in the stability arena, but your own Windows 2000, your desired upgrade for Windows NT, recently crashed right in front of dozens of witnesses right after it was touted as being orders of magnitude more stable than Windows 98.

Linux is an operating system that has had orders of magnitude less marketing dollars behind it in comparison to your products. Just attacking public credibility here does not make your product more secure or reliable. The public isn't like a software program where you can just re-write its memory at will. The public will know these things by experience, not by hype.

When NT or Windows 2000 becomes rock solid, and exhibits those traits in a uniform manner for years at a time, you will be able to expect similar testimonials from masses of customers. Please, don't attempt something stupid and try and generate phony support as you have in the past. [4]

Just fix the damn thing, and keep it fixed for a long enough time and people will start to give you the same kind of glowing support. Until then, be prepared for the bed you have made. This is your Karma, and no misleading white paper is going to fix it.

Microsoft Myth: Linux is Free

Microsoft Reality: Free operating system does not mean low total cost of ownership

The Economic Reality:

Linux truly is free. Furthermore, just because you pay of money for something does not mean lower total cost of ownership.

The reality is that the criticism of Linux in this context fails to take into account the Windows 2000 system, which you hope will be replacing Windows NT. Windows 2000 has been given a projected cost of between $2000 and $3000 per desktop by the Gartner Group.[5]

Microsoft cannot afford to have a product like Linux around that costs nothing on procurement and adheres to standards that don't lock a customer into an endless upgrade cycle. The "Free" in "Free Software" refers mainly to the freedom to control that software. By having the source code in hand there are no file format changes without necessity. There are no protocol tweaks that break previous protocols just because someone needs some upgrade cash.

Linux keeps the total cost of ownership low on the management side as well, by not forcing customers to purchase expensive network management tools, by just plain working after being put into place, by not needing a reboot after simple system changes, and by not having artificial license limitations on their file serving subsystems. Examples such as this will eventually prove that Linux has countless advantages that you, Microsoft, would hope your customer base never understands.

The criticism itself is upon terribly shaky footing. You are comparing TCO studies of UNIX and NT , not Linux and NT. Most commercial-grade Unices have higher costs of procurement and probably higher maintenance contract costs than Windows NT. They often have higher costs on the hardware side of the equation as well. Stating this as evidence in this scenario is outright and deliberately misleading in intention or it's just plain ignorance of the situation. Notwithstanding my own personal feelings about the corporation here, I must state that it's more likely the former, and not the latter. Considering the source it can't be a simple mistake.

Linux runs on commodity hardware, just like Windows NT. It's also scalable into more exotic hardware, unlike Windows NT. Linux offers the customer something you do not: choice of hardware.

Finally, one can only laugh at the last criticism of Linux: Replacement of Windows on the desktop. You recently told the Department of Justice that Linux was a threat to your desktop monopoly! [6]

First, you whine that Linux is going to displace you on the desktop. Then you explain that it can't happen in a white paper on your web site. Who is the public going to trust for the truth? Microsoft, or Microsoft? The unfortunate reality is that after misleading statements like this people are simply not going to trust Microsoft tell them the truth about anything.

Linux has no "corporate reputation" to lose in this context. The so-called "Linux community" mentioned over and over in your misleading document is not anything of the sort. It's more of a democratic process than a willful corporate collective, and many divergent opinions abound. People loyal to Linux will disagree even with what I have had to say here. It's something called democracy. Microsoft should give it, and truly competitive economics, a try sometime.

What this means is that with Linux, no one company is going to come around and lie to potential customers in hopes of sustaining a legally-questionable and obviously outdated monopolistic revenue stream. Linux will be Linux without hype and deceptive marketing tactics.

The "Linux community" will take to heart only its own criticism. Enhancements will be implemented as changes to the product that are desired by the people who want and need them. Those enhancements will be made available on a take it or leave it basis. Even so, the worthless piece of propaganda at which this rebuttal is aimed will be studied for valid criticisms, and changes will appear in Linux as desired. Thanks to your efforts, you will have one guarantee for the next time you try this: Any criticism you had this time, if it's valuable, will be gone. You will be left grasping for even smaller straws than you had this time around.

I can only imagine what's going to be coming out of the Microsoft smokestack a couple of months from now. What will be the criticism when comparisons of ease of use and processor scalability become moot points, or become disadvantages for Windows NT/2000/98? What kind of half-baked nonsense will you be screaming at corporate America?

The changes that occur to Linux will happen in a hurry, because its new Internet development model is the fastest one by far. It has taken you, Microsoft, over four years to produce the next revision to Windows NT. You can bet your bottom dollar that even the areas where Linux has room to improve today will be gone before you can blink an eye.

Imagine a scenario on the freeway. Microsoft is a large, slow, lumbering truck that -- even though it's a fairly recent model -- has seen better days. It's crawling along the freeway, inefficiently belching smoke. In the cloudy distance behind it, a Porsche 911 (Linux) emerges. Even though the Porsche is based upon 40 year old technology, it's gaining on the truck at unbelievable speed. In this scenario, just before it whizzes by, one of your public relations people jumps out into the road, and yells to whoever might listen that the truck is still ahead. One can only speculate as to what's going to hit him unexpectedly in this hypothetical situation.

Linux already surpasses Windows NT in many areas, and it obviously frightens someone in your company, else this misleading fodder for Pointy Haired Bosses and other lesser informed individuals would never have been publicized. You have conveniently left out some of the most damning criticisms of your products, among which are:

  • unforgivably low software quality
  • extremely slow and outdated development model
  • wildly complex and under-documented code base
  • lack of ability to adhere to widely-accepted standards
  • lack of well-documented and open application programming interfaces
  • high procurement costs
  • fragmentation with respect to your own software in future versions
  • large and ever-increasing memory footprint
  • availability only on Intel or Intel-clone hardware
Microsoft, you introduced technical inaccuracies when you referred to the "fact" that Linux can only handle 128 megabytes of swap. You mistakenly refer to it as a "swap file". Linux does not use "swap files" by default. It's a design advantage. Even so, I guess I must be hallucinating this readout from my current system, a fairly stock RedHat 6.0 box with a 2.2.10 Linux kernel:
SwapTotal: 530104 kB SwapFree: 525028 kB
And thats my home computer, too. A bit excessive, I know, but it's a real situation, one I've experienced, and not something found on a hopelessly inaccurate Microsoft web page.

I will give you credit where credit is due. Linux may not displace NT much on the desktop anytime soon. Linux makes a great desktop, but a lot of people have no real perceived reason to switch to Linux -- yet. Those reasons are coming as you well know. You were right when you told the Department of Justice about Linux being a threat to your desktop monopoly. You were simply wrong about the timing. It's a great server operating system right now, but its desktop days are coming, and any fool can see it.

The Microsoft desktop tax on a typical PC today comprises a significant percentage of the price of the hardware, which hasn't always been the case. The PC landscape is extremely competitive at the moment and will remain so due to the ongoing anti-trust trial. So there will be problems for Microsoft with Linux, a free alternative to Windows, displacing something, no matter how good, that costs a couple hundred dollars on a $500 PC. What will be the difference on a $300 PC? What will be the difference as the price drops even lower? What will be the difference when the ease-of-use factor is improved, and the buying public senses that they are going to get more quality for less money?

Microsoft, you know this as well, and you must come up with an answer sometime soon. The problem is that you cannot afford to cut your prices. Your desktop monopoly is under attack from Linux. Your Office suite monopoly us under attack from Star Office. Both products are entering markets with zero procurement costs and at a time when you have become addicted to monopoly profits. This cannot bode well and yet we may not see any change to your revenue stream, thanks to your suspicious accounting methods and your obviously-illegal past monopolistic practices. That's the financial truth of the matter.

Now for the Internet truth of the matter: Linux will not care about Microsoft's anti-Linux hype. It will continue to develop, even with this Fear, Uncertainty, and Doubt being spread about it. This is because Linux's development does not depend upon revenues, stock price, market share, or, most importantly, hype.

I wonder what kind of person would even think that an operating system should depend upon hype to survive? More to the point, I wonder where these people work, and how much longer they can continue these kind of assumptions. I wonder if these people realize that, thanks to the Internet, the public can get more informed news since the Internet is harder to control than traditional media (which is more dependent upon your advertising dollars).

In case you find my words offensive, you should read your own internal memos on the subject, in the region where Vinod states that traditional FUD tactics will not work with Linux. [7]

Like the opposing team in my Charlie Brown example above, Linux developers could care less about your company's addiction to huge monopolistic revenue streams. The disappearance of those revenue streams will likely happen, but it's not their focus. They will develop Linux, most assuredly, in either case.

Linux does not need to "deliver on the hype." It's doing just fine today delivering on the reality. Its "30 year old technology" is extremely well-developed and tested for mission critical operations. It's things like this old technology that help people sleep well at night.

Do you think that an administrator feels the same way about your Windows 2000 product, with its tens of millions of lines of "new" code? Think of all those millions of lines of code which nobody gets to examine. Only those people whom you allow will get this rare privilege which would likely induce nausea in a Free Software programmer.

Does it make administrators feel good knowing that there might be back-doors, privacy compromising mechanisms, or security holes in that code -- holes that will never see the light of day until somebody uses them for exploitation?

Microsoft, you cannot deliver upon Linux's reality, let alone its so-called "hype."

You cannot, and will not, stop the Linux revolution. Linux does need improvement in the GUI ease-of-use category, without a doubt. But it's getting there at speeds that will cause a PR person's head to spin, if it hasn't been spin-proofed already just to allow reading of your own press releases.

Linux's underpinnings have been given the most thought, and done the right way. This is the order that is best. It is the order you yourselves should have undertaken. Better good underpinnings with some cosmetics that need work than beautiful window dressing on something with a questionable foundation, like Windows NT and Windows 98.

But all of this posturing -- including mine -- is pointless. Linux will be what Linux is, with, or without the stammering PR belching of an outdated dinosaur like Microsoft.

And Microsoft, that isn't hype. That's the cold, hard reality of the situation. You can bank on it.


Related links:

[1] The original piece of propagandistic trash on Microsoft's web site.
[2] Netcraft web server survey shows Apache in the lead, and growing.
[3] Computer security specialist Ed Curry sounds the alarm about Microsoft's misleading C2 security rating.
[4] Microsoft is caught staging a phony "astroturf" (as opposed to "grass-roots") letter writing campaign.
[4] Microsoft is caught paying for ads in major news publications that were supposed to be independently placed.
[4] A Microsoft employee is caught posting anti-OS/2 content to an OS/2 message board.
[4] More phony e-mail from Microsoft in August of 1999.
[5] The Gartner Group forecasts that Windows 2000 will be an extremely expensive upgrade.
[6] Microsoft whines to the DOJ about how Linux is a threat to their business.
[7] The halloween memos show that Microsoft should know better than to play stupid games like this one.
[8] A Microsoft employee explains that FUD tactics won't work against Linux.