A few days ago I found this blog entry. I could not respond there because there was some sort of an unspecified error so I post my response here. But, for everyone to know what I'm talking about let me quote the original blog first:
I also hate Linux. Maybe it’s not Linux in particular, maybe I hate all computer systems when it really comes down to it. But this is my list of reasons why:
Unix Skills are Special Skills
Sounds like a marketing brochure for the competition, doesn’t it? Fact of the matter is that right now, I spend entirely too much of my time doing personnel management. If I can put out a requisition to hire somebody and have them working for me in 3 weeks, then it makes my job that much easier.
This has always been a double-edged sword. Linux expects that you know what you are doing, even if it’s a dumb thing to do--it's non-judgemental. Non-Unix systems expect that you will do dumb things and refuses to do them. I still don’t know which one of these is better.
All-Or-Nothing Admin Privileges
You’re either root or you’re not. Sudo and selinux aside, this is the basic model that we’ve always had, installed by default. Anything else is like middleware--yeah, you can connect the dots, but how much time and effort is it going to take?
There are tons of applications out there in the Linux world. Some are very, very good and very, very viable. The Linux kernel, apache, and a couple databases come to mind. That’s easy to point to. But then there is this seedy underworld of code. This is software is pure junk. If I’m not initiated into Freshmeat-foo (ranking, version, vitality, and popularity), then I can’t tell the difference between these two poles of the spectrum. This means that I cannot assess what my level of risk is (both security and project-wise) when I choose a particular piece of software—was it developed professionally with QA standards and security code review or by a 14-year-old in his parents’ basement?
Speed of Development
As an operations guy, I like slow and steady, as long as vulnerabilities get patched. With the speed of development that most viable open-source projects have, it is hard to keep up with all the different places that you can get vulnerability notices from. Usually you get these filtered through the distribution, but then again, you have the same ad-hoc processes. Like “Black Tuesday” or not, it does make sense in a twisted sort of operational mindset.
Who Is Responsible for Linux Security?
As a business, I put a security contact at each level of the “solution stack”. I have a counterpart to the CSO, the business owners, the governance framework, the architecture group, the network engineers, the server engineers, and the application engineers. What is the corresponding structure in the Linux world? Most major distributions have a security team, but when it comes to the applications themselves, it’s hit and miss.
First of all let me say that I bought my first computer 7 years ago.
Ever since I've tried Windows 98, Slackware, FreeBSD, Windows XP, Kubuntu and Windows Vista.
Windows 98 was a joke. For example once it happened that it crashed and after reboot the whole C: drive was gone, only one hidden file was left on the partition, I don't remember it's filename but it's not that important.
Back in those days I used Slackware, and the things people are complaining right now were true back then. You had to handle all the dependencies and you had to tweak config files. But it was a fun hobby for me and I had the time to do it.
I also tried FreeBSD but it didn't give me anything superior so I abandoned the project and I sticked with Slackware.
When Windows XPSP1 was released I tried it. Basically it's a more stable Windows 98 containing NTFS and a lot of unusable gadgets, flashy icons and some ugly themes. Eh, well... it's not so bad, still, it's no Slackware.
After I finished my studies and started working I did not have the time to play around with my linux box so I had to find an alternative, and that alternative was Kubuntu. Kubuntu provides everything, I can only recommend Kubuntu 8.04LTS for everyone it's very stable and user-friendly. You can't tweak it as you can do it with Slackware but either way I don't have the time to do it so.
A little later I bought my first laptop, it came with a preinstalled Windows Vista, and here we go again: another joke from Microsoft. I'll explain later why is that so.
Now let me comment on the original 5 points of the blog:
Unix skills are Special skills.
This is true if you are a linux administrator, but you don't need to be. I've installed a kubuntu for my father's and stepmother's first computer, they never had a computer before, my dad works very little with a windows machine at work and that's it. But they don't complain, they like kubuntu and they use it on an every day basis. They also have the preinstalled windows, my father used to start it to play bridge online but ever since I installed the same windows application on the linux box using wine they have stopped using windows completely.
All or nothing Admin Privileges.
This is the way it must be! Do you think it's better that in windows xp you are adminitrator all the time? Well, it's good for the viruses. Or do you think Vista's way is better? Where a confirmation pops up all the time asking permisssions? I'm sure after the third popup no one will ever read what it says, they will just click OK to go on. This only gives you the illusion of security; at least when you type sudo for your linux you know what you are doing.
Windows is a lot more worse in this area. If you are not an administrator you cannot install anything. At least uder linux there is a possibility to install software in your home directory. It is not easy but if someone really needs it he/she can look it up how to do it, under Windows your hands are tied.
What Michael is saying is true, but this issue has a great advantage: people write linux stuff from passion not because they have to do it at work. And what's the problem if a 14 years old kid wrote something? Younger people are generally better with computers than older ones. On the other hand the programmers at Microsoft do the programming for their salary and we all know what happens if someone is not in the mood for programming but he/she is forced to do so. But if you are still worried just trust the ubuntu community, every software is tested before released to you.
Speed of development.
Again, you just have to trust your distribution's team, just the way you trust Microsoft. Do you think that Microsoft is more professional because of "patch tuesday"? Well, ubuntu releases new versions every six months and fixes security vulnerabilities as soon as they are discovered. See http://www.ubuntu.com/usn There you go. This is a whole lot more professional if you ask me.
Who is responsible for linux security?
Well the community of course. It may not look as official but is way more efficient. You think Microsoft cares about you? It cares only about your money. It makes money even from it's incompetence with the mandatory updates. It's just good marketing. They just try to sell more powerful computers with more expensive copies of windows. Do you think it's worth buying Vista? Well, I tried it and basically it's just a windows xp (and said before that that's just a windows 98) with a reorganized control panel and even more flashy-sparkly visual additions. And of course the confirmation popups. So why would it need a more powerful computer? Ubuntu has a flavour called XUBUNTU (using xfce as desktop environment) which can run easily on a 10 years old computer. It's true that xfce is not the state-of-the-art desktop environment but do you think Vista is ? Yes, Vista can fade windows and has some animations but try Compiz Fusion before you make up your mind. It runs on any platform with an X server and it blows your mind. Or if you are too lazy to try it yourself watch some videos on youtube.
But let's get back to the security issues. This wikipedia page: http://en.wikipedia.org/wiki/Windows_Update#Statistics says that the update service has 500 million clients, 350 million unique scans per day and an average of 60000 page requests per second. I don't know if these data are correct but if it is, then it is really disappointing. Let's do the math: 350 million scans means an average of 4051 requests per second.the remaining 55949 I guess is the actual download of patches, so if we calculate this for the 350 million of the people visiting the update service this means that everyone is downloading 13.8 patches par day. Wow, that is way too much. And even if I'm off with a factor of 10 then 1.38 paches par day is still way too much. And you call the linux code sloppy? For example according to the USN I mentioned above the linux kernel had 5 security notifications in the last 3 and a half months. How is that for comparision?
You can read the following in the Vista Business EULA:
LIMITATION ON AND EXCLUSION OF DAMAGES. You can recover from Microsoft and its suppliers only direct damages up to the amount you paid for the software. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages. [...] It also applies even if
-repair, replacement or a refund for the software does not fully compensate you for any losses; or
-Microsoft knew or should have known about the possibility of the damages.
And you can read this in GPLv2:
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM [...] SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES [...] EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
I'm not a lawyer but if I'm reading this correctly this means that should Microsoft ever screw up and for example destroy a database containing your life's work they will refund you the price of your copy of windows. Yes, that's really reassuring. And wait, it get's better: should a virus infect your windows (which is often the case) and destroy your database you get nothing, because it is a consequestial damage. After all these someone please answer me this question: WHY IN GOD'S NAME WOULD ANYONE PAY FOR WINDOWS? Both license agreements say the same thing: should the program screw up anything you get back the price of the program (which in case of the open source program is 0) and the rest is up to you.
These comparisions could go on forever, I would just like to show one more:
1) Windows EULA:
You may not: - work around any technical limitations in the software;
You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above...
So, while GPL encourages you to make the Program even better with windows you are at the mercy of Microsoft to make the changes you require thus you depend on Microsoft forever. So, can you laugh at the "Microsoft World Domination 99" joke anymore? And still, people keep idolizing windows and hating linux because 10 years ago they saw a green/black linux terminal and they were too lazy ever since to lift their fingers from the mouse. I wouldn't be surprized if tomorrow Microsoft would start a religion and I'm sure people would follow it.
Finally one last statement: we are talking about OS-es in here but it should be clear in everyone's head: technically Windows is not an operating system. One of the most obvious reasons is the possibility of game trainers. In a civilized OS processes should not be able to access each other's memory areas.