Cheaper to patch--Windows or open source?

A Microsoft-funded study finds that companies saved money by using Windows database servers over open-source models.

Munir Kotadia Special to CNET News
3 min read
Microsoft has sparked heated debate by claiming that Windows software is cheaper to patch than open-source alternatives.

A Microsoft-commissioned study--conducted by its business partner Wipro--outlined the main areas of so-called "cost savings" by using Windows.

The survey of 90 organizations found that Windows database servers cost 33 percent less to patch than their open-source counterparts. Respondents said on average, Windows clients are 14 percent cheaper to patch.

The findings were criticized in several quarters, with some critics dubbing them unrealistic and outdated.

These sorts of studies can't be used as a real-world guide to the cost of patching or maintaining applications, said Frost & Sullivan Australia security analyst James Turner. "All organizations have different needs," he added.

"ROI (return on investment) and TCO (total cost of ownership) figures should be taken as a guide--they are the vendor's estimates," Turner said.

Paul Kangro, Novell solutions manager for Asia-Pacific, highlighted several problems in the research.

Although the study was conducted last year, it referred to problems faced by administrators during 2003--before significant improvements were made to Linux patching tools, Kangro said. "We didn't have tools like Xen for Linux then. When I patch my Linux box I don't need to bring it up and down any number of times."

There was also no mention of costs associated with rebooting systems after a patch is applied. "If I am patching a Windows box I typically need to find a time where I can bring it offline and reboot it. That is not mentioned anywhere in this report, which I find rather interesting," Kangro said.

However, Sean Moshir, chief executive of application patch specialist PatchLink, said that Microsoft's patches are in fact cheaper to apply than open source.

"PatchLink's finding is that on a per-patch incident basis, the Microsoft patches are cheaper to apply. Testing Microsoft patches for quality assurance and documenting their positive and negative behaviors are also cheaper than open-source software (per incident). This is mainly due to the fact the open-source software can have a much larger variety of configurations and setup," Moshir said.

Novell's Kangro conceded that "some technical issues in the past meant Linux was 'procedurally' more difficult to cope with" but said: "If I have somebody that is equally skilled on both platforms, I don't believe it is complex."

"Generally the issue is one of familiarity--people may be able to potentially patch Windows boxes faster because they have had a lot of practice," he said.

The research, titled "The Total Cost of Security Patch Management: A Comparison of Microsoft Windows and Open Source Software," is available free at Microsoft's "Get The Facts" Web site, which aims to persuade customers that proprietary software is superior to open-source alternatives.

The Get the Facts campaign, in existence for a number of years, has come under heavy fire from open-source advocates over its use of methodologies that generate TCO and ROI statistics that favor Windows.

The open-source community has retaliated with its own research showing proprietary software is more expensive to use and maintain.

Wipro is a Certified Gold Support Partner for Microsoft and has forged a strong relationship with the software heavyweight since 1999 across areas such as systems integration and .Net migration.

Survey participants were companies in the United States and Western Europe with between 2,500 and 113,000 employees.

Munir Kotadia of ZDNet Australia reported from Sydney.