February 16, 2002

Commentary: How to wean your company from Microsoft products?

Author: JT Smith

- By Kim Pedersen-

A scary, real-life situation: I work as a system developer at a manufacturing company. We create in-house code to aid our staff with daily tasks, and to improve our competitiveness in the market. We are three separate factories, all doing manufacturing, and we use technology in order to stay ahead. We mainly export our goods, and have a large marketshare, especially in the UK.

I'm a strong believer in GNU/Linux and the Free Software movement. I have been running GNU/Linux since 1996, at which time I installed Slackware as my first distribution, and Slackware remains on my system to this day.

At work we exclusively use Microsoft Windows, with a majority of our computers being Windows NT 4 workstations. This is something that bothers me deeply.

It's not about me not liking Microsoft as a company, although I don't, but this is not the reason I dislike Microsoft products. The reason I dislike Microsoft's products is mainly because they don't work. I know this is a pretty vague statement to make, but it's the God's honest truth.

To name a few of our problems, just to give you an impression on what we are battling against, almost every day we encounter programs that won't shut down when we ask them to, or at least won't shut down gracefully. We have PCs that won't do a certain task, but instead decide to either hang, to not start, or to crash. When trying to kill these rogue processes, they often aren't killed completely, which results in a fresh reboot of the workstation.

We also run into constant problems with viruses being spread, with workstations being infected heavily and laid completely useless. We have printers that won't work correctly because of the printer server's buggy software. Remote sessions on
our servers die all of a sudden, leaving us with the annoying task of going down to the server in person and restarting the remote session manager. We see processor time on servers not being utilized correctly, or at least to our satisfaction. We have processes that
will devastate all other services running on that machine, leaving yet another user functionality completely deserted, and the list goes on.

We pay a pretty fair sum to keep our servers licensed, and keep them correctly
installed, by using consultants. Often these consultants' fees
reach incredible levels because the consultants themselves don't know the problem, much less the fix for it.

In the end, the users lose, no question about it.

Another reason I dislike this entire setup of our computers is the fact that I can't
create small scripts or programs that can carry out the functionality I want for a certain problem. The scripting languages on the Windows platform exist, but are so poor that they remain useless for anything other than a learning experience in dragging and dropping. I hate that we have to pay hundreds of thousands each year to have other guys create software for us. We would be able to do a lot ourselves if we had the freedom to do so, but we don't. Using Microsoft products constrains us from creating nice and usable things for our users. And it causes us stress, because we know we could do a better job if we were allowed to.

Once more, the users lose.

Not long ago, I attended a meeting concerning security of a Web solution we are creating. This Web solution will be able to provide our end customers with information about our products and the company in general. To our retailers, we will supply the ability to order or products, along with diagrams, pictures and other information to help retailers speed up the ordering cycle. The Web solution is also being created to help our salespeople give out information faster and more reliably, without needing to look it up manually, but instead pointing the end customers to this site.

This Web solution has been based upon Microsoft IIS 4, along with a networking system on it that allows us to talk to our "business" system. This is the main reason for choosing IIS.

We invited a couple of guys from our software supplier to come tell us about this solution, and how they recommended we should deal with security issues.
A sales person and a younger technical person showed up in their usual business suits.
They were very nice people, especially the younger technician, who is a network security expert, so he knew a lot about the Free Software movement, and what it has produced over the years.

After they had gone through all the introductory material about this solution, we started talking about security concerns with webservers. The salesperson clearly demonstrated that Web servers running Apache were far less likely to be infected and far better coded. He showed a recent Gartner Group article about this very issue, where Gartner recommended not using IIS at all until it has been completely reprogrammed. The sales team was not completely under the Microsoft umbrella yet, and they stated that no matter what server, you still needed to take care of it, which I agree with, no point in leaving obvious security holes open. They basically said you shouldn't just use an IIS webserver solution "out of the box." The sad part comes when we all realize this, but still move ahead with IIS. The sales people had just quoted a research group saying our software is so faulty it shouldn't be used. Our vendors agreed it's a completely buggy solution, and no one said a word. I was stunned.

It should be said that this meeting was an introductory meeting, where you normally go through the individual components of the upcoming system, and everything is basically being put on the table. This might explain some of the silence, instead of complaining about the solution, but not the total lack of questions.

I couldn't be silent any more. The technician told us that one of the largest manufacturing companies in the country used IBM's WebSphere products, which is based upon Apache, but he didn't mention Apache at that point. When I spoke up, I asked him, "Why should we use a solution based upon buggy software, when other companies, though larger than us, have realized that they need to get the best of the best in the category?" I thought that might ring a bell with them, since as vendors of computing equipment and software, they were basically saying, "Here is our solution, it's quite expensive, its really buggy, and others have refused to use it on the grounds that it doesn't work."

Are we really at the point where we choose systems and problem-solving techniques because we have been bullied by a software giant, yelling at us that there are no other ways of doing things except theirs?

Why is it that some people automatically assume that software has to be expensive and non-free, in order to deliver what they want? Why is it that countless testimonials about how well GNU/Linux works are being ignored completely?

The situation got even worse later in the meeting when my co-worker, my boss and I, along with these two vendor sales guys, were sitting down, talking about viruses and threats in general. Apparently this large vendor uses Microsoft Exchange servers for its daily work. A couple of months ago, their complete infrastructure of Exchange servers in Europe went down, of course because of a virus. All our consultants since have been reminded of this, and with some irritation, they agree that Exchange is bad. Why do they run it?

So after a while, the young guy admitted that his department actually had a GNU/Linux server set up, so they would always be able to receive and send email when their Exchange server didn't work. He said this without a blink of an eye, like this was perfectly normal to have an extra server, when the primary one goes down because of buggy and badly designed software. Again, I was stunned.

I left the meeting with a bad feeling in my stomach, and a desire to yell, "What's wrong with you people?!" I say "you people" because it includes us, a company using products we know are buggy, overpriced, and replaceable by something free/gratis, and reliable. Why aren't we using it? What does it take to convince my boss that something is wrong with this mentality, and that we don't need to follow other companies' bad examples?

This is a plea to all those out there who are in a similar position: recognizing a problem, knowing the fix for it, and wanting to spend time to fix it, but not allowed to because of this general attitude. Does anyone have any ideas on what to do in order to get the message up the corporate ladder?

"Commentary" articles are contributed by Linux.com and NewsForge.com readers. The opinions they contain are strictly those held by their authors, and may not be the same as those held by OSDN management. We welcome "Commentary" contributions from anyone who deals with Linux and Open Source at any level, whether as a corporate officer; as a programmer or sysadmin; or as a home/office "desktop" user. If you would like to write one, please email editors@newsforge.com with "Commentary" in the subject line.

Click Here!