Forgot your password?
typodupeerror
Microsoft The Almighty Buck

The Hidden Cost of Using Microsoft Software 691

Posted by kdawson
from the badware-tax dept.
Glyn Moody writes "Detractors of free software like to point out it's not really 'free,' and claim that its Total Cost of Ownership is often comparable with closed-source solutions if you take everything into account. And yet, despite their enthusiasm for including all the costs, they never include a very real extra that users of Microsoft's products frequently have to pay: the cost of cleaning up malware infections. For example, the UK city of Manchester has just paid out nearly $2.5 million to clean up the Conficker worm, most of which was 'a £1.2m [$2million] bill in the IT department, including £600,000 [$1 million] getting "consultancy support" to fix the problems, which including drafting in experts from Microsoft.' To make the comparisons fair, isn't it about time these often massive costs were included in TCO calculations?"
This discussion has been archived. No new comments can be posted.

The Hidden Cost of Using Microsoft Software

Comments Filter:
  • Hear hear! (Score:5, Informative)

    by Anonymous Coward on Tuesday June 30, 2009 @03:37PM (#28533495)
    For example: The State of Vermont's Agency of Human Services just went through a similar exercise and I'm sure it cost them a fortune. The state is suffering financially as it is and yet, we haven't heard a WORD (there really isn't any investigative news in VT) about the outcome or how much it is costing
  • by geeper (883542) on Tuesday June 30, 2009 @03:40PM (#28533531)
    "Oh my god, not this AGAIN!!"
  • Only Proprietary? (Score:3, Interesting)

    by Nemyst (1383049) on Tuesday June 30, 2009 @03:41PM (#28533533) Homepage
    I don't want to sound like a detractor of free software (I actually favor FLOSS as much as I can), but it's not like Linux doesn't have any malware written for it. Sure, it's to a lesser degree, but it's still there and I'm not sure the costs of removing them are systematically calculated into the TCO either.
    • Re: (Score:3, Insightful)

      by the_womble (580291)

      Linux has a lot less malware. The effect on TCO of counting it would be negligible. That is not true of Windows. Therefore, ignoring it favour Windows.

      If we are going to pick and choose what to ignore, lets ignore retraining costs and one-off transition costs. I wonder who will have the lower TCO then?

    • Re: (Score:3, Interesting)

      by charlieman (972526)

      Real world companies use NPV (Net Present Value) instead of TCO. The only reason they make comparisons in TCO terms is because free software wins in NPV.

  • Makes me wonder how much the latest crop of "storms" like Conficker have contributed to the economy?
    • Re:Economy.. (Score:4, Insightful)

      by Dynedain (141758) <{slashdot2} {at} {anthonymclin.com}> on Tuesday June 30, 2009 @04:03PM (#28533877) Homepage

      The problem is that for every penny they contributed in direct labor costs to clean up, there's probably at least as much wasted in employee downtime while services are unavailable.

      If it wasn't for the fact that it was preventing staff from getting their work done, I doubt anyone would have spent $2 million to clean up Conficker.

      I didn't RTFA, but it sounds like their total cost includes both the direct cleanup cost, and some of the indirect cost of paying people to be unproductive during the cleanup.

      • Re:Economy.. (Score:4, Interesting)

        by gbjbaanb (229885) on Tuesday June 30, 2009 @04:12PM (#28533985)

        not just that but it affects the services provided. For example, I know of a police force that was infected by conficker. It got everywhere. The consensus is that the company providing the mobile data interfaces was the original source of infection (but you cannot prove where conficker came from, its pervasive), and for a long while the officers on the beat had to use their handsets as mobile phones - no data, so no event updates and no communication with the CAD system.

        I don't know the cost there, but they had con-sultants in from Microsoft to help clear the mess up and they weren't cheap. The infection lasted for 2 weeks, and they had reduced service for several weeks after that.

        That's just for Conficker. Remember storm, sql slammer, I love you?

  • Instead of spending $2 million to *fix* virus issues, why not hire smarter people to *prevent* virus issues? I'm sure doing so would be much cheaper.
    • by ArhcAngel (247594) on Tuesday June 30, 2009 @03:49PM (#28533671)

      That would come out of a different Cost Center which requires pre-approval. The emergency CC is funded for..you know..emergencies and gets funded On The Fly when it is affecting the bottom line. You know what they say "It's easier to ask forgiveness than permission"

    • by Bourbonium (454366) on Tuesday June 30, 2009 @03:54PM (#28533727)

      This is a good point that I hoped someone would make. What is not explained in the article is that "Windows" isn't exactly the cause of the problem, but "Windows XP." If systems were maintained and upgraded per Microsoft's recommendations, Conficker would not have been anywhere near as big a problem. Say what you will about Windows Vista, if Manchester had upgraded their systems to Vista on the client side (or at the very least, not allowed users to run XP under Admin credentials), Conficker would never have been able to install itself.

      I'm a big promoter of Open Source, but I work in a Microsoft shop where we still have all our desktops standardized on WindowsXP, but we never allow standard users to run as Admin, and we never had any problem with Conficker.

      Migrating to Open Source would help a lot, but Manchester just needs better IT support (or more likely, better IT management) all the way around.

      • Re: (Score:3, Insightful)

        by MightyMartian (840721)

        I'm kind of curious here. Are these guys actually running workstations outside of AD domains? I mean, group policies have been around since the olden days on Windows server platforms, and a well constructed group policy that simply denies the capacity to install software can probably eliminate many of the worms, spyware and the like. Not all of it, of course, which is why anti-virus is still necessary, but if you have a large network and you don't have it locked down, then you're either cheaping out and

    • by Z00L00K (682162)

      Why not hire nastier people taking care of people behind botnets?

    • Re: (Score:3, Insightful)

      by Voyager529 (1363959)
      There's no saying that your solution isn't employed. The problem is that in this game of cat-and mouse, the mice have two advantages: manpower and social engineering.

      First, As soon as one leak is plugged, virus writers can look for the next. Commercially speaking, the virus writers get paid when they find holes to exploit. Anyone can take time to do this. The individuals working to prevent viruses keep their jobs by plugging holes, but Symantec/McAffee/Trend Micro/ESET/Kaspersky/Your Vendor Here only has s

  • Can't (Score:5, Insightful)

    by jav1231 (539129) on Tuesday June 30, 2009 @03:43PM (#28533559)
    MS can't include these into calculations for obvious reasons. They must proceed as if such vulnerabilities don't exist in order to market their product. What's funny is they don't want you to either. They want to hold themselves up as either "just as good as" the next guy or make excuses for their lack of security.

    In the long run this is a cost that need not be spent. There are alternative OS's and it's high time governments, of all entities, started using open alternatives. It's not just costing them in terms of being beholding to corporations like MS but in real dollars as well.
  • Other hidden costs. (Score:5, Interesting)

    by Z00L00K (682162) on Tuesday June 30, 2009 @03:44PM (#28533573) Homepage

    The change of the user interface in Office 2007 is one huge hidden cost. It was done to make things "easier" with the result that old users instead have to re-learn the user interface completely and have a really hard time to do even the things that were simple before.

    And some things that was easy in the old Office version is now really cumbersome. The style handling in Word is one example that can make the blood pressure rise.

  • fw;dr (Score:5, Funny)

    by iamhigh (1252742) on Tuesday June 30, 2009 @03:44PM (#28533583)
    Flame War; Didn't Read

    But seriously, 2 MILLION to clean up some viruses? I need to move to Manchester and become a consultant!
  • by SatanicPuppy (611928) * <Satanicpuppy@g m a i l .com> on Tuesday June 30, 2009 @03:46PM (#28533603) Journal

    What the hell were they doing paying $2.5 million to clean up a worm? Seriously? Hell, you could have paid the guys who wrote it 2 million to exclude your IP range in the fricking code, and saved 500k!

    Governments have got to get their crap together on this stuff. When that worm hit corporate here, in luddite central, the number of effected machines was under 30...For the entire corporation! And that's with all properties connected by a corporate WAN.

    That they had that level of infection is inexcusable. Shows that they're just wasting money right and left and getting nothing but a crap product.

  • Prediction (Score:3, Insightful)

    by 93 Escort Wagon (326346) on Tuesday June 30, 2009 @03:47PM (#28533617)

    This story thread will have an extremely large number of posts which are highly moderated, but contain very little original or useful information.

  • by caywen (942955) on Tuesday June 30, 2009 @03:51PM (#28533697)

    Maybe the world still runs on Microsoft because the TCO difference just isn't high enough to justify the cost of switching. The cost of migration has to be figured into the TCO of the alternative, despite how unfair it sounds to do so.

  • I have an idea (Score:5, Insightful)

    by joeytmann (664434) on Tuesday June 30, 2009 @03:56PM (#28533749)
    How about patching your systems in a timely manner so you don't have to suffer through these reactionary costs? The patch for the exploit conficker used was released in Nov 08. When did conficker start spreading around, Jan 09? Just saying.....
    • Re: (Score:3, Insightful)

      by Anubis IV (1279820)
      Of course, some companies, not saying names here, have a reputation for releasing patches that introduce more bugs than they fix, even if they haven't done much to earn that reputation in recent years. IT veterans are like elephants though: they never forget. Plus, when you have mission critical systems that need to be online 24/7, scheduling downtime to install a software patch sometimes needs to happen weeks or months in advance (I'm not suggesting this is good practice, just that it does happen), and two
  • by goltzc (1284524) on Tuesday June 30, 2009 @04:04PM (#28533883)
    My company was hit pretty hard by the conficker virus. It took a lot of users offline for days. The cleanup effort included bringing in a small army of consultants to help fix the issue. After everything was cleaned up and ready to go, IT's response to the outbreak was to kick our Virus Scanner into some crazy ultra cautious mode. The end result of that is 50% of my cpu is being used up by my virus scanner constantly and opening an app or compiling something in eclipse takes substantially longer than it used to. The fact that virus scanning software decreases worker productivity by tying up substantial system resources should be part of the TCO as well.
  • Oh yeah (Score:3, Funny)

    by C_Kode (102755) on Tuesday June 30, 2009 @04:07PM (#28533927) Journal

    Oh yeah? What about all the time I spend clicking that little update button that keeps popping up on my Ubuntu Desktop? Huh? What about that! That takes away from my .... um, web surfing time! :P

  • by fermion (181285) on Tuesday June 30, 2009 @04:18PM (#28534099) Homepage Journal
    Way back when, MS got itself into businesses by being cheaper than Unix. Seriously. I worked on a vertical application solution and the MS solution was cheaper than 1/3. For a small business, this was significant. We had no problem paying the money, as we were going to make money, but there seemed little reason to be little reason to spend the money just to get the (declining) industry standard solution. Add to this that, at that time, MS OS was a reletively simple structure and basically any minimal competent person could set it up, the MS solution would end up being an order of magnitude cheaper.

    Fast forward. MS only produces complicated behemoths. To this day MS Windows has not completely understood it is a network OS(perhaps 7 will do it). It is no longer the case that a part time person can keep 20 machines running. And when something does happen, it can be very difficult to fix. A single event can require a complete reinstall of the OS. I've made mistakes of going to a wrong web site and had this happen on a completely up to date machine. I have allowed untrusted parties to run my MS machines and have had significant damage caused within the hour. MS machines are the dependable work horses they once were. It now requires a significant infrastructure to keep MS machines a production. The best case scenario is to treat each machine as a RAID, keeping data off the machine, and using a standard HD disk images. Doesn't this sound like the pre-MS days of the so-called inefficient mainframe. MS is worried about this and has began a defensive campaign against IBM.

    I would argue that MS machines are now, overall, as expensive and inefficient as the Unix machines were when ATT tried to save themselves with the introduction of this machine [corestack.com]. This does not mean that MS does not have value, at least to legacy customers, but it may not be the best choice for startups, as Unix was the not the best choice in the late 1980's.

    I can point to an exact time, around 2000, when MS became too expensive to use. It was a time whem MS would accuse paying customers of theft. Force customer to undergo intrusive and expensive audits. Require support staff to be redirected from supporting the customers need to make a profit, to the MS need to make a profit.

    In light of this, I think we are going to see non-MS solution, just like we say non-ATT and non-IBM solutions. The biggest impediment to this is the easy supply of reliable naked PCs with full support to the SOHO owner. I think some companies, like Gateway, made a mistake in continuing to hook their saddle to the MS bandwagon instead of providing *nix solution for common business problems. In many cases, smart firms buy solutions, not an OS.

  • by Loki_1929 (550940) on Tuesday June 30, 2009 @05:18PM (#28534943) Journal

    This is not a hidden cost of Windows, but a hidden cost of having ignorant admins and/or management. If you're spending $2.5 Million cleaning up a virus infection, you've done something terribly wrong along the way. Most machines in most places of business maintain the same software day-in and day-out. Those machines should either be booting via write-protected remote images or using something like SteadyState to keep everything running perfectly. The servers should have correctly created permissions and security which make viral infections nearly impossible. The rest of the machines should be locked down with policies, limited privilege accounts, and software providing protection from infections. They should also be regularly imaged (as in nightly to a SAN/NAS/etc).

    That's just the common sense little stuff. There's plenty more that could be done as well, but just the above will all but guarantee you never see a multi-million dollar cleanup bill regardless of your choice of OS.

  • by gestalt_n_pepper (991155) on Tuesday June 30, 2009 @06:39PM (#28535815)
    Microsoft's tech "support" costs are truly one of the largest hidden costs of ownership. Assuming you can get a human on the phone at Microsoft, you're frequently directed to the wrong person, the wrong automated telephone system with inappropriate choices, the wrong department, the wrong planet... Spent 3 hours this weekend trying to get my temporary Vista Enterprise software (temporary 30 day solution) downgraded to Home Premium, which I legitimately own without having to reinstall everything. I was trying to be honest. After 3 hours, I just gave up, got online and hacked the registry to turn off notifications. 3 hours, 4 tech "support" personnel in India, 5 different, useless phone systems and .....nothing. Microsoft's eventual demise will be their own fault, plain and simple. Windows used to make my life easier. Those days are long gone.
  • What hidden cost? (Score:5, Insightful)

    by CherniyVolk (513591) on Tuesday June 30, 2009 @06:59PM (#28536079)

    I suppose people think that complexity is some how better or more indicative of truth... because why are we trying to battle on these obscure money-lenders' rationale of governing costs of software? It's simple, linux is downloaded for free, and to get Windows alone is what.. 199.95? Oh, and how much for Photoshop? Oh, maybe add Maya, and then perhaps some VM software? Because, we all know that Windows by itself, out of the box, is rather limited. Add in a full blown development environment... oh, yes and Microsoft Office I presume yes?

    TCO is bullshit. Windows has a price tag greater than 0. No matter how complex or convoluted you get, no matter how many lawyers with fantasy rationale obfuscating the obvious, no matter what is said or how it's said... any price on Windows is always going to be more expensive than free.

    Cost of operation? How much wasted time do you think has been put into trying to figure out mundane tasks in Office 2007? Might as well be a completely new product, Open Office which clearly is a different product is more familiar to a previous Office user than 2007 is. TCO accounts for "training" as their defense? They are shooting them in the foot. I mean, you always have "training" with new software. Sometimes you have it with just bug-fixes or upgrades. Some of us, it might only be "familiarizing", but others who are so dead set in a routine to complete a task will struggle for sure.

    What is it, about TCO, is relevant, useful.... real? Keep that to yourself, I've read all the garbage. Bottom line is there's really nothing governing this bullshit "TCO" philosophy, any more in favor of Microsoft than any other software or product for that matter. The real fact is the real numbers. 199.95 for retail Windows. And then tally up all the numbers that would make your "Windows" installation, and all the third party software, "legal". There's your real cost, there's the obvious cost.

    How much do you think it would cost to have a legit Windows box? 5,000 USD total in software costs?

    No, better yet. How much would a Windows box cost, purchasing all of the commercial software available that would enable the Windows user to do what the typical Linux installation can do? I mean, I have photo editing software, 3D renderers galore... office suites, every server imaginable, VM software, conversion tools... jesus my box is Linux... nuff said. My Windows box would break the bank paying for and installing only a fraction of the capabilities in commercial software.

    Now, site wide licenses, think organization size... thousands of desktops... niche market functionality... dear god. TCO is the least of your worries it seems.

  • by rainer_d (115765) on Tuesday June 30, 2009 @07:23PM (#28536353) Homepage

    Benchmarks comparing PCs with Windows and other OSs should be forced to run with AV-software installed - because that's the normal use-case.

    Everything else silly.

  • by Vexorian (959249) on Tuesday June 30, 2009 @07:42PM (#28536561)
    I got disappointed here. Sure malware costs and whatever, but dows' supporters will always pull the excuse that it is because of market share. Which is pointless. It could have some small even when considering the dominance of windows in the malware marketshare is much large than the raw market share r, i.e: Desktop Macs sure as hell don't have 3% of the malware. Yet even assuming windows' malware friendliness was solely caused by marketshare if it was truth then it means that the huge marketshare for windows is inconvenient and a great solution would be to migrate the industry into one that can have seriously many OS vendors and options and each has from 0 to 35% marketshare.

    I got disappointed because when reading the title I thought this post was going to be about the REAL BIG cost of using Microsoft software. Security is one thing but they have been improving (you got to accept it). The real issue is the LOCK-IN, and THAT is a giantic hidden cost of MS software, I wish some serious publication could analyze and denounce it cause seriously, malware costs are not a big deal and pro-MS groups will always just use their giantic, excessive marketshare as an excuse for it.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...