GeodSoft logo   GeodSoft

Linux, OpenBSD, Windows NT / 2000 Server Comparison: Contents

  • Introduction Linux, OpenBSD and Windows NT / 2000 are discussed as server operating systems.
  • Applications
    • Applications Required applications available only on one platform selects that platform; required applications not available eliminates a platform.
    • Applications Supplement OS Some Windows applications are just helpers filling gaps in the OS.
    • Niche Area Support Windows has more niche area applications.
    • Application Integration Tight application integration has benefits but also ties a user more tightly to the product line.
    • Vertical Market Products Windows has a big current lead but Linux is a natural for vertical market applications.
    • Included With Core OS UNIX systems typically include a greater array of full function server applications than Windows.
      • Open Source Applications All open source applications are arguably part of the OS because they are available under similar licenses at no additional cost. What's avaialble is examined.
    • OS Versions and Fragmentation There is just as much diversity in the Windows product line as in different versions of UNIX.
    • Application Summary Windows has more applications but Linux has enough at a much better cost benefit ratio to be a serious contender. OpenBSD is appropriate in specific environments.
  • Stability and Reliability
  • Security
    • Security Introduction Those with strongly Windows or UNIX backgrounds rarely understand the security of the other family.
    • Windows Security
      • FAT vs. NTFS Choosing a FAT based file system on NT gives up both security and a highly reliable file system.
      • Windows, FAT and Dual Boot Dual boot is the only justification for FAT and has no business in a business environment.
      • NT File and Directory Security NT has a very sophisticated file and directory security system and significant system access controls not available in UNIX.
      • Poor Windows File and Directory Security Tools Poor tools make NT's sophisticated security unnecessarily difficult to use.
      • NT Throwaway Security Microsoft has discarded useful security with horrible default settings.
      • Password Hashes Windows NT and 2000 password hashes are pathetically weak because of backward compatibility concerns.
      • NT Too "Easy" To Be Secure It's really not desirable that non technical users can set up what should be sophisticated servers on the Internet.
      • Recent Windows E-Commerce Compromises Intruders systematically targeted 40 e-commerce sites using well known vulnerabilities as much as three years old.
      • Breaking IIS Exploits. Two steps, one trivial and one which is admin 101, break most IIS exploits, without patches.
      • Window's Single User Origins In the past Windows single user origins have protected it from many serious exploits.
      • UNIX Root Compromises UNIX's true multi user origins have exposed it to more serious attacks.
      • NT Rootkit Compromises Intruders now have all the tools needed to gain remote administrative access on Windows systems.
      • Unneeded Services Windows makes it difficult or even impossible to turn off unneeded services while retaining necessary functionality.
      • Windows Complexity Windows is highly complex and getting more complex with each release, assuring a unending supply of bugs for intruders to exploit.
    • Default Installs OpenBSD is the only system in this comparison that is secure by default.
    • OpenBSD Origins OpenBSD was begun as a separate project with the goals to create a reliable and secure system.
    • Quantitative Comparisons Few quantitative measures are readily available to compare operating system security.
      • Web Defacements The attrition.org record of web site defacements is one quantitative measure of web server security if used with care.
        • Linux and other UNIX Defacements No definitive conclusions can be made from recorded Linux and OpenBSD web site defacements.
        • Windows Defacements Windows NT and 2000 web sites which are definitely a minority of all web sites account for a clear majority of web site defacements.
    • Linux: A Security Middle Ground Linux security is not as good as OpenBSD but better than Windows and it can easily be hardened to a significant degree.
      • Firewall in Red Hat 7.1 Install By including firewall setup in the install, Red Hat allows a hard shell to be wrapped around otherwise mediocre security.
        • Firewall Problems Unfortunately Red Hat picked the now obsolete IP Chains and the system configuration tool doesn't work with the firewall.
        • OpenBSD Firewalls The OpenBSD firewall is off by default and defaulted to allow all traffic when first turned on.
        • Back to Linux Firewall Picking the most secure Red Hat firewall option is likely to require some manual configuration.
      • Default Install Conclusions OpenBSD is the security leader with Linux second and NT / 2000 a distant third; both open source systems can be hardened to almost any degree while Windows is a significant hardening challenge.
    • Intrinsic Security Comparisons Intrinsically Windows is not significantly less secure than UNIX but this is not a real world question.
    • Development Model, Bug Fixes, Security & Reliability
      • OpenBSD is built by a tightly coordinated team with a clear emphasis on high quality code and security at the expense of features. Bugs are fixed very quickly and a single, up-to-date "patch branch" free of any known significant bugs always available.
        • Security Notification lists Some leading security e-mail lists are mentioned and the SANS SAC list recommended.
        • IP Filter Bug the conditions necessary to exploit a security bug the OpenBSD team described as "serious" are examined.
      • Linux is built by a large loosely coordinated team with a large active user base. Bugs are common but fixed very quickly. Multiple distributions introduce issues not faced by OpenBSD.
      • Microsoft Microsoft's unquestionable first priority is making a profit. Then come long feature lists, ease of use (learning), and performance. Security is at best a fifth place priority. Most buyers want features and don't care about security and Microsoft obliges. Their products cannot possibly be as secure as OpenBSD or Linux.
      • System Tradeoffs is a long discussion of how various factors interrelate when building a system. The basis for some quantitative comparisons is outlined but the necessary data not typically available.
      • Open Source Code Review insures a more secure end result than the closed proprietary model. Review by black hats is an essential, and in the long run, beneficial part of the review.
    • Security Conclusion OpenBSD is the security leader but pre hardened Linux versions present some interesting challenges. Both can be hardened as needed. Long Windows NT and 2000 security feature lists don't make secure systems and lots of bugs assure continued large scale intrusions.
  • Scalability typically means how many processors a single machine can use or how many machines can be clustered. I'm going to discuss it from the perspective of small businesses and the ability make effective use of resources by moving processes and adding machines as needed.
    • System Performance Benchmarks measure a very specific and limited set of functions that may not reflect live environments. Performance affects total costs.
    • Static Web Pages For years PC Magazine's unrealistic static page web server test has made Linux and Apache look much slower than NT / 2000 and IIS.
    • Other "Benchmarks" give very different results. Each OS looks better or worse depending on the specific task(s) performed.
    • Hardware Requirements Windows systems generally have significantly higher hardware resource requirements than Linux or OpenBSD.
    • OS Performance Comparisons In text mode Linux and OpenBSD should be somewhat faster than Windows and in GUI mode Windows tight integration should give it some advantage.
    • Price Performance Ratio When total system price (including licenses) is comparable, Linux and OpenBSD should run circles around NT and 2000.
    • Scalability As Cost Effective Performance Businesses small enough to run on a single server should consider keeping everything on one server; slightly larger businesses should consider Linux or OpenBSD for web, FTP, or list servers.
    • Relocating Server Applications UNIX systems can easily be moved to other machines and applications split or moved separately; Windows NT and 2000 lack this flexibility.
  • Usability
    • Ease of Use and Ease of Learning The difference between doing something the first time, ease of learning, is almost universally confused with doing it repeatedly which is ease of use. System administration has much more repetition than end user computing.
      • Windows Lacks Automation Without third party tools, Windows NT is almost totally devoid of automation tools and Windows administrators typically lack scripting skills.
      • Smart Monkey Administrators Windows is designed to hide computer workings from users which might make sense on an end user computer but not on a server which should only ever be touched by technical staff.
    • System Logs and Monitoring Servers create logs that need to be reviewed and analyzed.
      • Windows System Logging Though windows can log a variety of events and provide log services to applications, it has almost no tools to work with the resulting logs.
      • UNIX System Logging is almost unlimited in what can be logged and where it can be sent. Because all logs are text files or have conversion utilities, analysis possibilities are unlimited.
      • Limited Windows Monitoring NT includes extensive auditing capabilities but results go to logs with no useful analysis tools. Process monitoring is spotty and performance, not security oriented.
      • Tlist Is Not PS The only tool remotely like the UNIX ps command is the Resource Kit, tlist, which is a limited function, semi useful tool.
    • Support Options Except for WordPerfect a decade ago and IBM, I've never been favorably impressed with commercial computer product support.
      • Microsoft Non Support If you can't find the answer on their web site, I've not found calling Microsoft to be worth the effort.
      • Microsoft Consultants Skilled consultants who really know the products exist but finding them reliably is another matter.
    • Open Source Documentation is available free on the Internet. Lazy Windows ways of insert CD, default install, run product are not sufficient; most open source products require some reading of documentation.
    • Usability Conclusion The easy to learn mechanics of Windows hide repetitive tedium. Differences in different Windows lines and major changes every five or so years undermine Microsoft claims for easy to use. In the long run UNIX skills are more transportable.
  • Staff Issues What matters is not how much UNIX or Windows administrators cost but the cost per managed unit which could reasonably be machines or users or even some workload measure.
    • Scripting Skilled UNIX administrators will automate all routine tasks on the machines they are responsible for and thus likely to be more efficient and satisfied.
    • Reliability Impact on Staff There is little that is more frustrating than troubleshooting problems for which their is no explanation so Windows administrators will typically experience high levels of job frustration.
  • Total Cost of Ownership Windows 2000 costs much more. Security and reliability are much cheaper on Linux and OpenBSD. Usability is a mixed bag. If needed applications are available on open source systems, they have to have a lower TCO than Windows.
  • Summary and Recommendations Windows is an expensive system that typically delivers too much unneeded functionality and unwanted security and reliability surprises compared to free or low cost open source systems that can easily be made to reliably do what is wanted.
    • Moving Away From Windows Few companies today can dispense with Windows servers, but many more than are, could find cost saving uses for Linux systems.
      • Application Choice Over Valued Though the issues are very different in consumer and business desktop markets, it makes no sense to spend extra to get unreliable and insecure servers, able to run applications they never will.
      • Introducing Linux to a Windows Environment Shops not already highly Windows centric and with a mix of platforms and loosely integrated applications will have a much easier time introducing Linux.
      • Gaining Linux Experience Initial Linux experience is best gained at home on an old or low cost second computer and not a dual boot system. KVMs make this practical.
      • First Linux Project A low visibility technical use of Linux, e.g., a DHCP, FTP, relay mail, or cache server, is likely to be the best first use for a Linux server.
    • Conclusion In my experience, NT servers never quite measured up to UNIX servers, and my mirrored server experiment settled the matter. Windows 2000 is way too little, too late to matter.
transparent spacer

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in http://GeodSoft.com/terms.htm (or http://GeodSoft.com/cgi-bin/terms.pl). These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.

 

What's New
How-To
Opinion
Book
                                       
Email address

Copyright © 2000-2014, George Shaffer. Terms and Conditions of Use.