I'm not in IT, but request services from IT for our marketing efforts. While I appreciate the human side of updates and attacks I am wondering is unix/linux any better?
Can someone comment on the number of vulnerabilities in linux versus Win 2K/XP in a managed IT environment. Is linux just as bad as windows in this respect.
Also I am continually told that windows requires a restart for the patches to take - this brings downtime. Is this true. Also is linux any better?
Discussion on:
View:
Show:
...is unix/linux any better?
In my opinion, yes... however Linux has it's own drawbacks. Everyone pits Linux vs Windows, but they forget FreeBSD, OpenBSD and NetBSD. These last three are in my experience even better...
Can someonecomment on the number of vulnerabilities in linux versus Win 2K/XP in a managed IT environment. Is linux just as bad as windows in this respect?
First off, this will spark a lot of controversy. What do you call a Linux bug? In general, the Linux Kernel has only a few known bugs (can count them on one hand) vs a lot more in the Windows Kernel.
The problem is that most websites that report bugs count a bug found in a common component several times because it appears in different distributions of Linux. Also, is a bug in Sendmail really a Linux bug? According to these sites it usually is - the same holds true for Apache, MySQL, PostgreSQL, etc. Yet, most of this software can also run on WIndows.
Also I am continually told that windows requires a restart for the patches to take - this brings downtime. Is this true. Also is linux any better?
In general, WIndows does require more restarting than Linux when applying patches. When making networking changes, Windows loves to restart, although Linux generally doesn't require it - you just need to restart the appropriate service. So, yes, Linux can be better at this.
Does it save time? In my opinion, not much but it gives me less headaches
In my opinion, yes... however Linux has it's own drawbacks. Everyone pits Linux vs Windows, but they forget FreeBSD, OpenBSD and NetBSD. These last three are in my experience even better...
Can someonecomment on the number of vulnerabilities in linux versus Win 2K/XP in a managed IT environment. Is linux just as bad as windows in this respect?
First off, this will spark a lot of controversy. What do you call a Linux bug? In general, the Linux Kernel has only a few known bugs (can count them on one hand) vs a lot more in the Windows Kernel.
The problem is that most websites that report bugs count a bug found in a common component several times because it appears in different distributions of Linux. Also, is a bug in Sendmail really a Linux bug? According to these sites it usually is - the same holds true for Apache, MySQL, PostgreSQL, etc. Yet, most of this software can also run on WIndows.
Also I am continually told that windows requires a restart for the patches to take - this brings downtime. Is this true. Also is linux any better?
In general, WIndows does require more restarting than Linux when applying patches. When making networking changes, Windows loves to restart, although Linux generally doesn't require it - you just need to restart the appropriate service. So, yes, Linux can be better at this.
Does it save time? In my opinion, not much but it gives me less headaches
I am not sure that we'll ever know how vulnerable linux is or was at a point in time. While we all spend the majority our time fighting MS fires, the linux os and all other os's for that matter, can check themselves for the same discovered vulnerabilities. Since hackers appear to be generally after data and not your OS, they attack the "OS of the day" and so we all focus on MS while the others are left quietly to repair.
I am not an MS lover/basher by any means. I have on more than one occasion, though, wondered, if these other pre-windows OS's were so great, why are they not the most used OS on the planet?
Windows gave birth to legions of software developers: some brilliant & some evil. Had Sun, IBM, etc. done the same we would be bashing them instead. Will Linux repeat the same security mistakes? In hindsight, probably not.
I am not an MS lover/basher by any means. I have on more than one occasion, though, wondered, if these other pre-windows OS's were so great, why are they not the most used OS on the planet?
Windows gave birth to legions of software developers: some brilliant & some evil. Had Sun, IBM, etc. done the same we would be bashing them instead. Will Linux repeat the same security mistakes? In hindsight, probably not.
>if these other pre-windows OS's were so great, why are they not the most used OS on the planet?
ITVet - you can't be a veteran of IT for more than just a couple of years if you don't know the answer to that question!
ITVet - you can't be a veteran of IT for more than just a couple of years if you don't know the answer to that question!
If you knew your OS history, you'd know that Microsoft happened to hit the market at a very fortunate time with a big-hit product. No-one had anything like it. You can call it luck, genius, marketing or whatever.
As IBM-like PC's began displacing Mac's for dominance on the desktop, Microsoft's OS also became dominant. MS rode the success of IBM to the top. Since people were already very familiar with IBM, the clones then helped extend MS's reach beyond just IBM. At this same time, IBM's OS/2 and Mac's new OS both tubed their intros, basically ceding the field to Microsoft.
To claim that Microsoft has the "best" OS is a gargantuanstretch. It may have the best GUI, but there are many other factors to consider - security, patch management, uptime, compatability, stability, etc.
Bill Gates is a brilliant man. One of the most brilliant ideas he ever had was to get the computer manufacturers to sell computers with his operating system on them, at a low price. But you had to have a copy on every computer you sold. Well, whysell a machine with two or more operating systems?
So a lot of machines went out the door with MS-DOS, whether the customer wanted them or not. MS-Windows provided a logical upgrade path. Then people wanted MS-Windows not because it was any good, but because it was compatible with what they already had. Computer software isn't like a car - last time you bought a Ford, this time, get a chevy. Nowadays, nobody really bothers debating the technical merits of operating systems - technical merits are really irrelevant to the discussion. No, the question is "do I upgrade, and if so, to what?" The biggest competitor Microsoft has right now is itself - a lot of people are still running Windows/98 which is good enough.
So a lot of machines went out the door with MS-DOS, whether the customer wanted them or not. MS-Windows provided a logical upgrade path. Then people wanted MS-Windows not because it was any good, but because it was compatible with what they already had. Computer software isn't like a car - last time you bought a Ford, this time, get a chevy. Nowadays, nobody really bothers debating the technical merits of operating systems - technical merits are really irrelevant to the discussion. No, the question is "do I upgrade, and if so, to what?" The biggest competitor Microsoft has right now is itself - a lot of people are still running Windows/98 which is good enough.
You did illustrate my point. The original question was whether Linux was better and I was just trying to explain that we who have been in the business do not know exactly what Microsoft did, but they did it and at this point in time they are the prime target.
I take issue with those companies who dig into Microsoft for its security when they had the same opportunity to turn their os's and themselves into monopoly's but missed the boat. It wasn't that they weren't/aren't all trying. Therefore, if you replace Microsoft with Sun/IBM/HP/RedHat and assuming the same vigor to be a monopoly, you would still have a company in the same situation and a technical community questioning "Is one better than the other..."
By no means do I think Windows is technically the best OS by any measure.
"Better" is a tough nut to crack. I agree that technical merits are not used to judge the os's anymore.Its probably because such a discussion would be to arcane for many if not somewhat impractical. It would be impractical because we don't have a homogenous technical environment within which we work. If you want "Better" then you would likely have to purchase every piece of your infrastructure from one vendor.
I think this discussion opens an old bag of worms.
My advice to anyone trying to determine this is to first determine your company's needs and then research what it takes to get that functionality on an Operating System you are looking to invest in. The fact of the matter, as already stated... is that Microsoft holds a larger portion of the market, which makes their systems more widely targeted.
In addition, a well configured IDS/Firewall solution along with proper security practices & policies in effect doesn't hurt. In many cases it can take the initial risk of a vulnerability down a few notches, allowing a bigger window to get things done and deployed. This should be the baseline for a company, but never the single point of failure.
My advice to anyone trying to determine this is to first determine your company's needs and then research what it takes to get that functionality on an Operating System you are looking to invest in. The fact of the matter, as already stated... is that Microsoft holds a larger portion of the market, which makes their systems more widely targeted.
In addition, a well configured IDS/Firewall solution along with proper security practices & policies in effect doesn't hurt. In many cases it can take the initial risk of a vulnerability down a few notches, allowing a bigger window to get things done and deployed. This should be the baseline for a company, but never the single point of failure.
All UNIXes (and Linux is a UNIX) are maniacal about seperating the operating system from the applications that run under the operating system, and separating the applications from one another. The reason why is because from day 1, UNIX was designedto be a multiuser operating system. If you have multiple users, then you really have to have ways to keep them separated.
Windows, by way of contrast, started as a single user operating system, so it had rudimentary security. Microsoft then added more security features as time went on. But, the single user operating system thinking persisted for a long time and some of the design decisions they made cannot be undone now without breaking their existing code base.
So, for example, IIS runs with administrator privs. If you compromise the web server, then you have the machine. By way of contrast Apache runs with root privs only at start up, long enough to grab port 80 (one of the few stupid design decisions in UNIX, and I say this with 20-20 hindsight, was the decision to require that processes have privilege to grab the low numbered ports) and then it becomes effectively user NOBODY. So if you compromise Apache, then you've compromised the nobody account and you really have very little.
Microsoft has 14,000 employees, but not all of them are programmers. They have marketing slime, accountants, Fei Sheui consultants, van drivers, managers. There are roughly a quarter of a million open source developers all over the world, and every one of them is a developer of one sort or another. There are more eyeballs on open source code than there are on the proprietary code.
I have tried to write an objective comparison of these issues (but it's dated now) at http://www.aqsnw.com/~jeffs/OS_comparison.html
Windows, by way of contrast, started as a single user operating system, so it had rudimentary security. Microsoft then added more security features as time went on. But, the single user operating system thinking persisted for a long time and some of the design decisions they made cannot be undone now without breaking their existing code base.
So, for example, IIS runs with administrator privs. If you compromise the web server, then you have the machine. By way of contrast Apache runs with root privs only at start up, long enough to grab port 80 (one of the few stupid design decisions in UNIX, and I say this with 20-20 hindsight, was the decision to require that processes have privilege to grab the low numbered ports) and then it becomes effectively user NOBODY. So if you compromise Apache, then you've compromised the nobody account and you really have very little.
Microsoft has 14,000 employees, but not all of them are programmers. They have marketing slime, accountants, Fei Sheui consultants, van drivers, managers. There are roughly a quarter of a million open source developers all over the world, and every one of them is a developer of one sort or another. There are more eyeballs on open source code than there are on the proprietary code.
I have tried to write an objective comparison of these issues (but it's dated now) at http://www.aqsnw.com/~jeffs/OS_comparison.html
Our network admin was quite confident that our systems were up to date on patches (and they were) but had recently granted a static address on our system to our District Maintenance group for a heating and air conditioning monitoring station. What he hadn't been told was that this turnkey system ran off a W2K server running IIS, and neither we nor the District had assigned anyone responsibility for patching or anti-virus updating.
What you don't know about your network can really become a problem.
What you don't know about your network can really become a problem.
"...since Microsoft had released a patch for this flaw long before the attack was launched..."
If you had seen this patch, or series of patches, before the Slammer hit, you would understand why this was not just automatically updated on these systems. This was one of the worst patches I've seen as for as installation instructions and documentations. I think you gotta hand it to the admins that actually figured out how to patch it successfully...
If you had seen this patch, or series of patches, before the Slammer hit, you would understand why this was not just automatically updated on these systems. This was one of the worst patches I've seen as for as installation instructions and documentations. I think you gotta hand it to the admins that actually figured out how to patch it successfully...
No auto manufacturer has ever found a way to prevent a car from being stolen. Risk of ownership and use is borne by the user. Lock your doors, buy an antitheft device, install an alarm, whatever, to deter the thieves. But don't blame the manufacturer because you failed to lock the doors on your car!
The Greeks have a saying: Whenever you point your finger at someone else, there are always three fingers pointing right back at you. Yes, some patches don't work well. Part of IT Ops' job itto evaluate patches. Ever heard of a test environment?
Any IT professional worth his or her salt would have downloaded, tested, and installed the patch that mitigated SQL Slammer risk before the end of July 2002.
The Greeks have a saying: Whenever you point your finger at someone else, there are always three fingers pointing right back at you. Yes, some patches don't work well. Part of IT Ops' job itto evaluate patches. Ever heard of a test environment?
Any IT professional worth his or her salt would have downloaded, tested, and installed the patch that mitigated SQL Slammer risk before the end of July 2002.
Any IT professional worth his or her salt would have downloaded, tested, and installed the patch that mitigated SQL Slammer risk before the end of July 2002.
Have you any idea how many patches MS puts out? If I had to evaluate all their patches, I couldn't do anything else! Most companies don't want a big IT budget, so we're already understaffed...
Have you any idea how many patches MS puts out? If I had to evaluate all their patches, I couldn't do anything else! Most companies don't want a big IT budget, so we're already understaffed...
I agree...you have to test these things. Most IT depts. are under-staffed...so that's not a real good excuse.
If you're running IIS and/or SQL, you should be diligent and pay particular attention to the patches coming out for these systems.
It's too easy to say "there are too many patches and not enough time". It's our jobs, as admins, to keep up w/ the patches and ensure security and stability...that IS what we're paid for.
If you're running IIS and/or SQL, you should be diligent and pay particular attention to the patches coming out for these systems.
It's too easy to say "there are too many patches and not enough time". It's our jobs, as admins, to keep up w/ the patches and ensure security and stability...that IS what we're paid for.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
