Why Open Source is Not Always the Best Bet

Monday, July 02, 2012

DHANANJAY ROKDE

F2792196079f2c16cd02be6e9ff5b3da

If your organization is hit by the recent wave of ‘using open source to reduce costs’, here are a few pointers you should look at before taking the leap.

Although open source software appears fantastic at the outset, they often come with a ‘price to pay’. This price is often indirect and it takes a lot of time for the organization to realize this.

Disclaimer: This article is just an attempt to educate our readers that “open source shouldn’t be blindly used as an alternative for paid /commercial software”; it should in no way be perceived as mudslinging towards any open source software or community.

Alright, you’ve have managed to get yourself free software and an OS, Now what?

It is very typical for organizations to start using products like OpenOffice to take baby-steps into the open source arena. Ubuntu and its variants (Like Kubuntu & the Ubuntu Server edition) are popular choices of OS platforms. Other software such as Mozilla Firefox / Thunderbird, Gimp, VLC Media Player etc. provide good replacements for the classic end user needs.

HELP!!! I need support.

A colossal proportion of the IT world is used to and addicted to propitiatory office suites. This not only includes end users, but also system administrators and IT managers themselves. Users know basic operations on the systems; administrators know how to troubleshoot; and managers know whom to contact in case of a problem.

So when someone from Finance starts screaming that salaries won’t be credited on time as an automated macro to be run spreadsheets has failed, since OpenOffice is unable to execute it – What does an IT manager do?

OpenOffice has fantastic basic functionality, but it cannot even come close to what proprietary office suites offer. Also the knowledgebase of such open software is often incomplete. You have to rely on forums and bulletin boards to help you break away from the problem & resume actual productive work.

Although I must admit that these forums are very helpful, however one must keep in mind that this is a NOT certified and competent support. The forum owner is NOT liable in case they provide incorrect assistance and actually increase your damage.

Most of the open source software relies on plug-ins or extensions to primary software package for added functionality and features. These extensions are NOT written by the author(s) of the primary package. Also there are no warranties that those extensions will work or the primary package will continue to support them after an upgrade or a major version change.

Be prepared for MUCH higher installation costs

Yes! More than often open source leads to much higher installation costs. It is no wonder that more than 95% of the end user laptops and desktops come with a preinstalled copy of proprietary operating systems. This operating system comes with effective recovery alternatives. You can easily avail the option of reinstalling the entire operating system with losing any of your valuable data.

The same story holds true for slightly larger enterprise systems like web & database servers. Here are a few reasons why proprietary web and database servers work out cheaper in the long run:

  • · Easily available man power to administer and manage the infrastructure
  • Low cost of expertise
  • Instant technical support provided by the principal company
  • The company takes full ownership of the technical solutions provided by them.
  • Quick solutions to complex environments (eg: one click clustering & virtualization)
  • Companies that provide such proprietary software have people who are actually on their payroll and dedicated to cause of technical support.

On the other hand, staff required to manage and administer open source solutions are hard to find and expensive. Also these solutions don’t necessarily provide off-the-shelf advanced functionality like load-balancing, clustering etc… You need a lot of customization to attain such functionality and there would still be no support for the same.

These customizations come at an extra-ordinary cost and still; there is no one who can certify or sign-off on these custom architectures to be guaranteed or reliable. Hence, in spite of this large investment you will still have a “crude hack” & NOT a solution. It is therefore your call to rely on that crude hack or not.

“?” A big question mark on reliability

Although many technology conglomerates directly and indirectly support the cause of open source; they have extremely limited financial commitment in these initiatives. Good examples of such angelic investments include, Oracle buying a stake in MySQL and IBM investing in the Apache foundation & Eclipse.

IBM’s venture to invest heavily into making their own open source database Cloudscape, (which is now absorbed into the Apache suite as Derby) has not been a success. In spite of being adopted by the Apache foundation the IT industry has still not shown much acceptance to it.

These investments are only to set aside feelings of anti-monopoly and are clearly motivated by sentiments, than business. If these open source applications were really so efficient and cost-effective then the IT world would have seen a major revolution. The fact that such a revolt is actually NOT happening, proves the case for proprietary software.

I am waiting for updates; what do I do? Whom do I contact?

Always bear in mind, this simple principle – “If you are not paying for the product itself; no one is indebted to send you updates”. So if you are running open source systems, please set clear expectations with your business in terms updating and patching to meet newer requirements.

Proprietary software companies on the other are contractually and legally bound to send you critical patches and updates as soon as flaws are detected. They will have their teams sweat it out as soon as a bug or missing functionality is detected.

Also stiff competition and the race for increasing market share, compels the proprietary software companies to ensure that their products stand the test of time. Before you know it proprietary software has been at the lead of showing compatibility towards almost all emerging trends like Web 2.0, Cloud capability, real time synchronization, seamless recovery etc …

But wait; someone told me that open source is more secure.

Open source software always capitalizes on the security failures of their proprietary alternatives. However, since these proprietary companies are constantly fighting their “anti – sentiment”; the real flaws of open source never actually reach the users.

With the freedom to access the source code at will, people who know what they are looking for (security vulnerabilities) can find the right stuff and way to exploit it. Open source does not have the liberty of incorporating several security mechanisms like code obfuscation & data masking. The confidentiality involved in making such proprietary software eventually pays off.

Since the entire code and all related modules are ‘open’; it takes a tremendous amount of time and effort for open source communities to unite and issue an advisory & suggest workarounds; let alone fixing the vulnerability. On the contrary proprietary software companies have teams ready to respond to such “Zero-Day” vulnerabilities at the drop of a hat. Advisories are issued as soon as a new vulnerability is reported.

Administrators and managers of such proprietary infrastructure have the privilege of receiving first-hand information of such security incidents and are prepared to react. With open source your best bet is to lurk around some forums waiting for someone actually knowledgeable to post something that might help you.

Another simple explanation for security flaws in open source software is the absence of dedicated professionals and teams to address security problems independently. These professionals only address security risks and functionality. The presence of such teams inculcates a maker-checker mechanism; that ensures product superiority.

The people who write most of the open source software have other day jobs and lives. These open source projects are something that they do over their free time and clearly not for bread & butter.

Therefore; they can NOT be expected to react spontaneously and fix the flaws. After all; there is always maximum commitment when someone sees the “$” sign; & more so, the “$” sign will always supersede passion and hobbies.

Cross Posted from iManEdge

Possibly Related Articles:
12275
Enterprise Security
Software
Enterprise Security Budgets Databases Software Open Source Operating Systems Network Security vendors
Post Rating I Like this!
Default-avatar
bob bruen I have been managing computer & nwrwork operations for several decades, including Open Source and Closed Source from a variety of vendors.

This article does not present the real facts and is about Linux vs. Windows.

In a production environment, Windows systems take 5 to 10 times as long to install and manage as a Red Hat Linux (including Fedora and CentOS). Red Hat has an enterprise edition, which provides all the support you need. Fedora and CentOS offer auto updates through yum. The forums for open source are as good, if not better than MS help.

RH is still way cheaper than Windows, no matter how you make the comparision. Moreover, Linux updates rarely ruin your system the Windows does on a regular basis.

The design of Microsoft Windows is the single bigggest cause of security problems today. You do not see anything like that in the Open Source world.

You really should have researched this before publishing it. It looks like an advertisement for Windows using untrue statements - an old argument that no ones buys anymore.

1341238038
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.