There’s a lot of glee in Linuxville right now, and Microsoft’s name is mud in some circles. But the Linux community’s reports of its death are premature.
While Microsoft took heavy hits last week with the revelation of another major security hole and source code on the loose, the idea that so much bad press on Microsoft security will make enterprise IT departments get serious about moving to Linux doesn’t fly with Enderle Group analyst Rob Enderle. He called the gloating by some Linux enthusiasts about the source code being exposed to exploitation “the pot calling the kettle black. If this exposes Microsoft, Linux is so much more exposed.”
Although Microsoft has had to admit to hole after hole in its products, this particular source code disaster doesn’t reflect on the security of the code, he said. If a partner was the source of the leak, faulty security procedures are to blame, not faulty code.
In that case, Enderle said, “Ripping out Windows and installing Linux doesn’t change anything because the same people are there. Maybe you need to rip and replace the people, too.”
Meanwhile, the errant source code doesn’t increase the company’s exposure to cracking, according to Enderle.
“They are the most attacked platform out there. They also have most robust security services surrounding them. An entire security industry has been spawned to surround and protect the product,” he said.
On the other hand, Linux’s security patches come rather randomly, Enderle said. “You can receive Linux patches from a number of places, whereas the Microsoft patches can be sourced back to Microsoft.”
If the breach doesn’t encourage a lot of enterprises to switch, it may nevertheless hurt Microsoft by giving customers another reason not to upgrade, said Jupiter Research analyst Joe Wilcox. (Jupiter Research and this publication share the same parent publication.)
“The leak occurred just after companies grappled with the ‘Mydoom’ virus. The company acknowledged that during its last quarter, it had trouble closing sales as customers grappled with the ‘Sobig’ and ‘Blaster’ viruses.”
Already, Wilcox said, companies are stretching out upgrade cycles and not moving as quickly to new product versions. “So the question here is, how many customers will respond to the one-two-punch of ‘Mydoom’ and source code leak by delaying Windows 2000, XP or 2003 Server upgrades?”
Wilcox said that all the drama could encourage some businesses to look at Windows alternatives, while companies that are already experimenting with Linux may take a harder look at it.
“But even if companies start to look for something else,” he said, “that doesn’t mean they’ll immediately move or make the move at all.”
Enderle agreed that Microsoft’s stalled Software Assurance sales and tepid response to Windows 2003 are more of a problem for the company than the code leak. Software Assurance is designed to assure businesses access to critical upgrades, but if the upgrades don’t seem that critical, he said customers might think, “I can sit on this thing for a couple more years.”
The leak fiasco is fascinating, but it shouldn’t serve to distract the company and its customers from more serious issues. Said Enderle, “Microsoft’s got some issues. But the code is a tempest in a teapot.”