The closest comparison to SharePoint is probably a combination of Zoho Connect, Zoho WorkDrive, and Zoho Flow. Zoho's office suite also integrates with WorkDrive and has collaborative editing. They even have a desktop app for Writer.

Even then, SharePoint is more of a platform. You can build SharePoint apps and extend it.

There isn't a comparison for SharePoint Server. There really isn't any single thing like it for on-premise.

Neither Wikipedia nor Redhat are as big targets as Microsoft’s ecosystems. Not even remotely.

ok, nginx+linux power nearly every website, is that close enough of a sizable target?

As mentioned, even if we exclude websites, Linux is a pretty enormous target. Much more enormous than microsoft - by an order of magnitude or more, yet: we don’t seem to have these kind of issues. Curious, don’t you think?

Very curious. Just based on the incidents we see, and analyze over time, almost all of them are compromised Windows systems. When I say "almost", I'll provide these stats: ~4500 Windows incidents over 5 years, vs. two Linux incidents.

Similarly, looking at vulnerability counts by vendor doesn't paint a rosy picture of our largest vendor Microsoft, either. But it pales in comparison to the incident statistics, which speak for themselves.

To Microsoft's credit, they've managed to turn their weaknesses into a secondary industry, wherein they now no longer sell just the disease, they also sell the cure. "Oh, your Windows systems have security problems? Have we told you about our expansive security solutions? They're only an additional $your_budget_doubled per year!"

Nginx doesn’t have the same attack surface.

Microsoft’s back office suite is massive. So you’re talking about Nginx + a CMS + online office suite + video conferencing + identity providers and so on and so forth.

There isn’t really a direct comparison in the FOSS world. It’s either smaller in scope or smaller in terms of high profile organisation adoption.

This is why I think it’s easier to ignore the “Linux” part. Not because Linux is technically a kernel, but because there isn’t a directly comparable solution that targets Linux / GNU or whatever other base OS moniker you want to use. Same is true for BSD, Darwin and so on.

The alternatives to Microsoft’s dominance are typically more narrow in scope and usually proprietary too (eg Okta for identities, Google Docs for O365, etc)

Does this mean that Microsoft products are secure? Not really. It just means we cannot make a fair comparison against FOSS when it comes to these specific types of attacks.

If every car in your neighborhood that gets broken into is manufactured by a single manufacturer, it is in your interest in asking why that is, and perhaps considering that fact when shopping for a new car.

That does happen though. Cars worth more are stolen while cards worth less are not.

The common factor there isn’t that 40 year old hatchbacks have better security. It’s that the risk vs reward isn’t there compared to the brand new luxury cars with higher resale value on the black market.

This isn’t something I’ve just made up either. This is what the police told us when my neighbours Merc was stolen while my Skoda, which was accidentally left unlocked, was not.

Thieves target the expensive cars because they’re worth more. It’s really that simple.

> Thieves target the expensive cars because they’re worth more. It’s really that simple.

They don't target the expensive cars. The most stolen cars in the US are cheap Hyundais And Kias. Before they claimed the top spot on the list of cars taken most often the winner was pick up trucks and old Toyotas.

Thieves target what's easy to take and easy to chop up and sell, not luxury cars with high resale value.

> They don't target the expensive cars.

US != everywhere.

They do target expensive cars in other counties.

As I said earlier, I have firsthand experience of this being the case.

> Thieves target what's easy to take and easy to chop up and sell, not luxury cars with high resale value.

You’re just proving my point here though. Thieves target cars that have the highest resale value.

Whether that’s as a whole, or for parts where the supply chain for genuine parts has become extremely expensive.

Organised crime happens for money.

Yeah there will there will be a subsection of society that steal cars for shits and giggles. But those also aren’t the sort of motives for hackers who’d go after Microsoft Sharepoint. So if we are to compare like-for-like, then you have to discuss organised crime rather than bored teenagers.

———

By the way, I love how your username is accidentally appropriate for this conversation :D

If every car in your neighborhood that gets broken into is manufactured by Ford, but some people keep saying that their sneakers never get broken into, why don't you just walk everywhere, also they've never driven a car and don't really believe anyone else drives a car and keep implying it's just a status symbol...

and then they say "okay what if we consider everyone's sneakers all together, and how rarely they get stolen compared to cars" as if they've come up with a sensible comparison in complexity...

and then someone suggests "RedHat Linux" as an alternative to your car. Apparently they don't know what section of the world a car fits into, to suggest an alternative - but they're still convinced that you don't need a car and they are genuinely puzzled why more people aren't using "RedHat Linux" instead of cars...

... also only Ford make cars and the only real alternative is something completely different and then pay consultants to customise it and retrain your entire workforce at great cost and upheaval for little to no return, except hoping for an increase in security but not being able to prove same, or even clearly nail down what that means precisely.

One should be wary of anyone selling you a solution to your problems they know nothing about. Naturally, the only way to be entirely secure is to shutdown all the applications and decommission all the computers, a solution which the business side tends to finds unreasonable. Thus the tender balance between business needs and business risk emerges as the deciding principle.

But the numbers are the numbers in heterogenous environments, regarding security problems by platform. And if it rains perpetual Windows-based incidents on your security staff, and you don't consider the numbers when evaluating what you will and will not do, compute/services-wise, then you are statistically likely to see the same rate of incidents, at whatever cost that comes to the business, indefinitely.

> "a solution which the business side tends to finds unreasonable"

Isn't it odd that "unreasonable" solutions keep being suggested in threads started by people who first push Linux, and second ask what the thing even does anyway.

> "Thus the tender balance between business needs and business risk emerges as the deciding principle."

There is no tender balance and this is nothing like the deciding principle, and again it's illustrative that in a world where big organizations turn to poor quality software with poor UX for reasons like "nobody got fired for buying IBM" and "I look good on the Gartner report" and "the vendor will bend over backwards to make our auditors and legal team approve it" that Linux people go for the only thing they have going and try to suggest it's the most important thing, even though it's demonstrably an afterthought or a never-thought.

> "you are statistically likely to see the same rate of incidents, at whatever cost that comes to the business, indefinitely."

And you see this happening for literally 30 years and the "whatever cost" being written off as a business expense that has never changed anything, but you still call it "the deciding principle" when the evidence shows that the decision makers barel consider this at all?

Whoops. I used hyperbole, and it went undetected. Here: s/the deciding factor/a deciding factor/g. We're good now.

So now you've changed your position, what happens to your original claim "If every car in your neighborhood that gets broken into is manufactured by a single manufacturer, it is in your interest in asking why that is, and perhaps considering that fact when shopping for a new car."

Why would that need to be said at all, if businesses are using security as A [prominent] deciding factor already?

My reply "businesses are visibly not using it as a deciding factor" still seems correct.

We're still good now.