In the course of having a discussion about security related system administration issues, someone said that there are a number of 'Anti Microsoft" policies, etc. that exist. Specifically:
1: In many professions, there in an insurance premium when using Microsoft/Google products
2: If you're after government contracts, there is often a clause that you have to use open source software exclusively, or can only use closed source software from an approved list, and Microsoft products are not on that list any more
3: If you produce machines that have to be approved according to the newest NATO data security standards or other governmental data security standards of the latest generation, you also have to exclusively use open source technology for the data handling, you can't even use some Microsoft filesystems any more, even if you use open source software.
4: Comapnies that provide payroll services or medical data management services or the likes, can save tens of thousands per annum in insurance and certification costs by simply banning Microsoft or Google products
5: That makes training people for the much more user friendly and productive open source software alternatives really attractive, because the savings in the first year despite the cost of giving everyone training, are absolutely worth it, and with the strongly reduced risk of causing prejudice and getting sued by customers, it's a no-brainer for many companies.
As a system administrator and company director, I'm concerned about these issues. However, in my 20+ years of professional experience, I haven't heard of these things being true. And due to the impact, I think I would have.
Does anyone have any info/links/cite-able facts on the above? Is there merit to these assertions or is this individual misinformed?
There are certainly military and goverment infrastructure that require open source software. Although it is not really anti-MS as much as anti data ming for security reasons. But the cases were the organization has so strict restrictions are very few..I would actually be completely behind such restrictions for critical domains but i highly doubt that this is done often except maybe in China or Russia....
Most of the times it is easier to make an either independent network (like for example the medical infrastructure in the Netherlands does that and allows the use of Win 10) or do a security audit of Win 10 and block anything that would compromise your activities through security software and firewalls.
From what I've pieced together over the years is that source has to be provided to the military, not that it is necessarily open source, as in distributed under the terms of something like GPL or BSD style licenses.
But these are not the norm. Most of the times organizations just have independent networks, very good firewalls or what you said: forcing the developer to provide the source code for auditing.
I was hoping for something about the US, but I didn't state that explicitly. And I would expect foreign countries to be more cautious about US made software - out of nationalistic and strategic interests.
Sure. But I doubt that these European countries have thrown Microsoft completely out, or that Microsoft products are now banned from future acquisitions as a matter of policy (the 2nd part of this individual's point).
3 out of 5 complaints assert that the reason for using products other than Microsoft is for cost savings reasons. Hardly anti-Microsoft.
That being said, in what like 17 years of working in corporate IT, bouncing around to and from many jobs because that's what contractors do, I can honestly tell you I've never been sat down at a Linux box. It's Microsoft everywhere. These complaints simply don't hold up under their own weight.
Here's a network security standards document from the EU, albeit from 2014. In the 106 pages, you will find no references to open source. You will find references to open standards, which is not the same thing. Open standards are a good thing. For example, x509 is an open standard. You want to use that. You do use that. The computers that are responsible for keeping you safe should use that. https://www.enisa.europa.eu/publications/articles/standards-for-cyber-security
But ultimately I think we're taking the wrong approach to this. I don't really want to go out and prove that these standards don't exist. I don't want to go out and find whatever documents this person may have read that have delivered them to these conclusions, whether they are correct, incorrect, or somewhere in between. If there are complaints about specific policies, they can tell us which policies those are, and from there we can read up and verify whether or not they are indeed anti-Microsoft.
Whole document is about US government use of OSS but nothing specifically called out as being anti-microshaft.
From what I can tell its more of a cost savings/meeting budgetary needs. I think were seeing a change because theres finally documentation on SOP for using OSS in highsec/government use.
Thanks everyone for the replies. However, do we have any info on
1: Microsoft insurance premiums? 2: (has been fairly well debunked. thanks,) 3: Anything from NATO policy wise regarding Microsoft? 4: Any medical/payroll or similar services saving money by using FOSS or banning MS products/services? 5: That FOSS is much more user friendly and saves companies money/increases productivity, while eliminating legal liabilities?
I know the us airforce uses windoze. Its a silly argument really. Everyone will use Microsoft products, they are easy and used from a young age. And easy is what most people require.
Maybe push schools to use Linux first and get these kids off M$ tits.
also, this is arguably the most "Anti MS" mandate from the us Gov:
That's why microsoft is open-sourcing everything they can that won't meaningfully affect their market share recently. they want to hit that minimum quota to land that sweet slush fund money.
I think the primary savings is in licensing, not legal overhead. You have to pay people to maintain your stuff on the enterprise level anyway, so paying and training people on something that won't be subject to sudden changes and licensing/support fees you can't make full use of makes more sense.
I don't think the US government would abandon entirely Microsoft for fear of data leakage or telemetry. Those machines are safe within government buildings (doors and security guards are still the main defence) and probably have very strict rules for what gets plugged/inserted into them (usb,cd...) In fact I wouldn't be surprised if they mostly still used Windows XP. Modernizing the entire system would just take too much money. They just need to keep the intermediary (between those machines and the internet) up to safety standards and fresh.
So, proxy servers are probably the main defense in "cyberspace" just like security guards are in the buildings. Whether they use Microsoft Server or Linux or BSD for those servers is an information that, if they don't have to disclose (and they don't), they will keep to themselves.
Either way, if they were using Microsoft before, they're stuck with it cause it's just too expensive to switch. Anyway, that reminds me of this old article. There's also another one mentioning legacy systems in the DoD or Pentagon, I can't remember. I think Reuters covered that.
I've never heard of any accusations that companies need to pay higher insurance premiums for Windows, other than the increased staff overhead, vs linux. I've never heard of anything that you listed in your OP actually.
I feel like some ultra hipster somewhere spouted that out. Not calling linux users in general a hipster, since I am a user as well, just those that fringe off into the crazies of the linux universe.