Slashdot Mirror
YA Microsoft Linux Screed
"Microsoft Windows has better security than Linux out of the box" is my favorite line -- but there are many other good ones, find them and trade them with your friends -- in the polemic
"Linux in Retail and Hospitality."
This is actually from February apparently, but c't and
LinuxToday
have called attention to it. If you don't feel like reading their .doc file (I'm still looking for a robust .doc reader that doesn't suck), the IGLU LUG comes to your rescue with
their HTML version.
This is about using Linux in point-of-sale systems, in case you were wondering what POS stands for.
Have you ever heard of openbsd? Ever use it? It is definitely secure out of the box. Really.
"Open source" means that anyone can get a copy of the source code. Developers can find security weaknesses very easily with Linux. The same is not true with Microsoft Windows.
</Quote>
It's possible they meant to say hackers/crackers but this Freudian Slip was wonderful for me
--= Isn't it surprising how badly I spell ?
Retail environments, at least most of the ones I've dealt with, don't generally buy an off-the-shelf PC and then select their POS software. They buy a full system - and they usually buy it from a company that specializes in retail systems integration. A lot of them don't know what the underlying system is and don't care, so long as it works well and saves them money.
The vast majority of these machines are not going to be Internet-connected in any way at all, and are not readily accessible to script kiddies in the first place. Chains will use either low-speed frame relay lines or dial-up to report numbers back to HQ, not an Internet connection. They also don't need "support for all sorts of devices", just the ones that are sold with the system in the first place. I don't need half a dozen different credit card slip printers - just one good, working, reasonably priced one. And I'd buy them in bulk for each terminal. A lot of how Windows became such a blivet to begin with was by having to support everything under the sun.
I mean, that's an argument that was used against Apple for years by the Windows minions - Windows had (at least, before Office became pretty much the only alternative) dozens of available word processors and spreadsheets, and the Mac (read today as "Linux") only had (has) a handful. OK, this may be true, but how many do you need at once? I'd rather have one good word processor on my platform of choice, for instance, than a dozen crappy ones. POS systems are even more of the same - when a register is booted it generally runs nothing but that app. The distro of Linux isn't even relevant - it'll be customized to the maximum possible and stripped of anything that can increase support work.
While not exactly FUD, this whitepaper mainly fights a war that retailers don't care about. And a lot of the "main street" type businesses that might buy off-the-shelf POSware aren't going to be caring about Microsoft's message because they don't even research it far enough.
Heck, there's even thriving Mac POS vendors - there's enough room for everybody. Too bad Microsoft doesn't appear to understand it. They must be more threatened than I thought.
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
The fact is that ANY business application of any software requires an expert (in-house or consultant) before people should roll it out.
You may think that and be correct. But the fact remains that many small NT shops limp along OK without expert assistatnce, and maybe a little tech support from the guy who sold them the comptuer. You can slap Great Plains on an NT box and have an accounting system.
These small businesses will never pay a Unix admin the money he's worth, nor would they pay a good NT guy the money either. And retention would be a problem in an environment where the guy is rehabing old 486s and refilling the copy machine toner. So, they do the rational thing and limp along with part time or slightly retarded computer help.
Open source software + contracted service would be a great solution for small businesses with no inhouse experience, and cheaper than paying MS licences. However the customer base is never going to pick up the phone and sign a service contract with RedHat or IBM (nor should they). The only real answer is that it's going to take a phalanx of Linux saavy people in the small system integrators that are out there.
And that I don't see. It's easier for the corner comptuer guy to build a computer and slap MS Small Business server or Exchange on it and send the money back to Microsoft. If he could find a skilled Linux admin to hire, the guy is going to figure that he's got better things to do than screwing in IDE drives in his spare time and go and make $90K doing Unix admin for a big corporation.
(As a sidenote, Novell essentially built their business on these Corner Computer Store integrators, but it took a massive channel push and lots of product education. So, it's possible, but it's a long haul for someone.)
--
Business. Numbers. Money. People. Computer World.
As someone who has been responsible for securing WinNT boxes on the internet, I would question your claim that they are in any way secure out of the box.
:P.. You need to come up with some mechanism to audit the log files in a regular and tamperproof fashion. Why do microsoft's logs suck so much anyway? It's impossible to analyze them without a third party tool or a syslogd adapter. The log viewer as shipped doesn't scale beyond workgroup use. You also need to install a file integrity checker.
/proc.
As anyone would know who deals with these beasts, the filepermissions are pre-configured so that many critical system files are open to the world. When it comes to the security vs. convenience tradeoff, MS sides with convenience every time and it's up to you to fix it.
The up-front cost of securing an NT box is very similar to that of securing a *desktop* linux distro. You have to audit the running services and remove the ones that are uneccessary (printer servers anyone?) you can have fix all the broken filepermissions. You should configure ip filtering. You need keep up with the security patch of the week, or of the day if you're running IIS
The reason WinNT/2000's security stinks so much is because it's so opaque.. The only way to really tell if it's working is to download a sniffer, l0pthcrack, a scanner, etc etc.. Not that you don
t have to do that with unix either, but at least most of the tools are you need come with the system already (gratis), and in the case of linux you can compile the kernel yourself with what you know are secure settings, whatever additional patches you want, and have fun with
I don't know very many systems that are secure out of the box, other than openbsd, but in the case of NT it's harder to configure and there's more limitations as to what you can tweak. It's silly to argue that NT is secure out of the box. If there's anything that came out of the recent chinese hacktivism, it's that microsoft's code is too bloated and their release schedules are too aggressive for them to audit it properly by themselves.
-OT
There have been few times when I wished I had moderator points more. Moderators: A post should only be judged insightful if you KNOW that it is. YHBT YHL HAND.
But so have I.
This is not a rant against the parent post, it's a troll. This is a rant against stupid moderators.
setup scripts, and do some last minute checking on up2date daemons
OK, besides the fact that up2date is a Red Hat Linux specific feature, connecting any system to the internet without looking at the services that run at startup time and applying errata/service packs is extrememly irresponsible and arrogant. Windows NT is worse than good UNIX systems in this respect, because just about everything is *on* by default, and many of those services are exploitable, or need good hard configuring not to be.
admins all use windows95 on their system at home
I don't know ANY admins that use Win95 on their home systems (or 98, or ME). At least none who have one clue what they're doing. The resemblance between Win95 and WinNT is totally superficial. There is nothing even related to administration of an NT server that you can practice on a Win95 box. Win95 doesn't have features as basic as file permissions or services. The only thing you can practice on Win95 is point and click.
I still do not know how to lock the ports below 1024 like redhat linux does
Every UNIX I know of does this by default. It's a feature of the kernel, and not something that you have to DO.
NT is quite secure but not really stable
And in the breath before, suggesting to visit Bugtraq to check the bugs in each. Look at the number of hacks per OS (I beleive that attrition.org keeps track of that sort of thing), and you will see that NT has a disproportionally large number of breakins. Although they are not the most commonly used servers, they are the most frequently hacked. Repeat after me: security is not a feature, it's a process. Your security lies not in your OS, it's in your admin.
You average linux distro out of the box will have just about every known service running (ftp http telnet, etc etc).
:)
Uhh...what's your "average" Linux distro? Mandrake 8.0 will warn you that it installs every service by default, but will allow you to opt out of this. 'Sides, if you don't want the service running, then just don't install the service to begin with.
*Nothing* is secure out of the box. This deserves repeating. *Nothing* is secure out of the box. Really. Good security requires tweaking the system -- any system -- for your particular situation. Being Open Source, Linux is definitely the most tweakable of the two choices. And if you want a truly secure system from a networking standpoint, heck, just unplug it from any unsecure networks. (this would include the Internet).
And Microsoft operating systems are very secure. Provided you follow instructions and leave the power switch on the machine in the "off" position.
My journal has hot
(I'm still looking for a robust .doc reader that doesn't suck)
I hear that Microsoft Word is good for that sort of thing.
DrLunch.com The site that tells you what's for lunch!
MS has a huge percentage of the hospitality industry. A lot of people don't realize that most hotels are franchised, owned by individuals (or companies). Hampton Inns, for example, aren't all owned by the same people. However, they have to choose whatever front office system is mandated by the franchise office, because they have to use the same back end reporting.
Whenever a desk clerk checks you in at a Hampton Inn, for example, they're using exactly the same system no matter which Hampton Inn it is. A lot of the franchises write their own front office systems, and MS dominates those systems:
Holiday Inn - mostly *nix
Choice Hotels (Comfort/Quality/Econo) - Windows NT
Hampton Inn - Win95/NT wkstations, *nix back end
Fairfield Inn - Win95/NT
Days Inn - Linux (woohoo!)
There's a catch with the Days Inn system, though. They really broke tradition when they picked Linux, but unfortunately, they picked a bad rollout time (just-prior-to-12/31/1999) and didn't do enough beta testing. The Y2k problem completely wiped out all hotel receivables. All your direct bill records were toast. The implementation was so bad, in fact, that the system's name of "PowerUp" turned into a nickname of "PowerDown".
The hoteliers rebelled, turning the franchise meeting into a yelling match. Nobody wanted the system, and everybody said Linux sucked. It wasn't that Linux actually sucked, of course, it was just that the program was so inherently bad.
The Windows systems, on the other hand, have been rolled out with mostly good reviews. They were deployed on killer hardware (almost everybody mandates Dell workstations) instead of cheap clones, and they got lavish training manuals and videos. It's been a case of throwing money at the problem vs. trying to cut corners, and the Linux camp came out looking rather rough.
Anyway, the next time you go to a hotel, peek your head over the front desk and take a look at what they're using to check you in. You might be surprised. (Then again, you could stay at Days Inn just to support Linux!)
What's your damage, Heather?
At least win2k will ask if you want IIS or anything, with linux its either server or workstation.
actually with redhat it's server, workstation, or custom. it's really hard to see because it is that big icon right below workstation. this allows you the option to select individual packages. if you say server yes everything is running. it assumes that you wanted a server and know what the hell you are doing. wheather or not this is good is debatable, but there are options for everyone. if you are going to blame redhat for the ignorance of it's users then the faults applied to microsoft would be quite excessive for the same reasons.
use LaTeX? want an online reference manager that
-- john
under reason 3.
From the 188 total distributions 28 are derived from the popular Red Hat Linux. So Red Hat is derived from the Linux kernel and then those 28 are derived from Red Hat. Nine of the 188 are derived from Debian. Where does this stop This is starting to sound like we're headed back in time to the 1980's and 1990's era where retailers were locked into a single vendor's innovation.
am i the only one who finds this interesting? isn't this what microsoft wants? that is if they are the vendor in question.
use LaTeX? want an online reference manager that
-- john
Microsoft is really showing their whiney side in this one. This isn't flamebait. I've just heard so much crap from microsoft that Windows NT is "Better" than linux/FreeBSD/whatever that it's really annoying me.
They just have to keep insisting that Windows NT is better, don't they? They should consider giving up, because in other "reports" that Windows NT is "better" they've just gotten ignored and/or flamed by some other guy. Heck, even Sun got medieval on their hiney with a letter some PR guy sent reporters asking a couple of questions that were "supposed" to be hard to answer.
What's wrong with these people? I'm pretty annoyed with these letters, and I'm sure you are, too.
-----------------
Visit www.Peachsoft.net everybody!
There is no "Days Inn" system. Cendant properties choose between "Project Powerup" systems from three PMS vendors: HSS, Multi-Systems, or REZSolutions. These are three completely different PMS apps with Cendant interface modules. Two of these run on UNIX-type OSs, the latter runs on NT. Unfortunately, the hospitality industry is about two decades behind in software development, the *nix offerings all have abysmal user interfaces. With the average moronic front desk staffer in mind the GM is drooling over a Win GUI interface in hopes that his staff, who types one word per hour, might someday take less than a decade to check in a guest. The choice between the three systems (at least for Cendant brands) is indeed made at the property level and not higher.
As for your statement that most franchises write their own front-office, this is just wrong. There is only one chain that writes their own, I think it is Hilton. Most franchises don't care what package (if any) the individual properties use, that was the big whoop-de-do with Cendant's Project Powerup: unified software. Although I don't know exactly how unified equates to three different packages in their case.
The ire over Project Powerup had nothing to do with technical issues. Nobody wanted to install the system because it interfaced directly with Cendant. Hotels pay franchise fees based upon room revenues, with a direct connection to Cendant it would no longer be possible to fiddle with the figures in order to pay less franchise fees. There was also the fact that Cendant would be using your guest database for marketing. Big Brother at its finest! Oh yeah, and Cendant only footed the bill for a minimal installation. For my previous employer, they offered to replace our 15 terminals and custom software with 2 terminals. This, of course, would have made our Howard Johnsons front desk disparate from our other two hotels on the same property that were not Cendant brands, as well as leaving it unable to communicate with our accounting, inventory control, and 75 point of sale terminals at the 14 bars and restaurants located on the property (all running custom in-house software). The switch would've costed our company at least $100K annually in additional staff required to manually do accounting processes that were automated under the existing system. To this day, no Project Powerup system was ever brought to that property.
The hospitality industry's sister, the service industry, is dominated by unix. Micros is the major player there, and their unix offering is rock solid and can support 250+ terminals (cash registers) on one server. Their NT offering can't do above 25. Unix doesn't show its ass there like it does in the hospitality industry because the cash registers are all custom hardware with their own IO that only communicate with the server to send transaction information (over serial cables!). So the wait staff don't have to type
maru
www.mp3.com/pixal
"ALso go to some of the l33t rul3z crack3r irc chat rooms and ask some of them what they about linux vs NT in security and most will say unix can be secure but most on the web are not and NT is quite secure but not really stable"
Isn't that like saying my Ford Taurus is dangerous because my neighbor drove his into a tree?
Any of the out-of-box security arguments are simple just FUD esp. when they are talking about business applications. The fact is that ANY business application of any software requires an expert (in-house or consultant) before people should roll it out. It should be safe to assume that those experts would know how to implement the system in a secure fasion on whatever platform you are talking about (if they are truly experts).
Where GNU/Linux shines in this arena is that the security problems are identified and fixed earlier than proprietary OSes. This breeds a culture in OpenSource where everyone takes some responsibility for security.
This point was driven home to me when I took some code I had written years back and compiled on a newer RedHat system. The GNU compiler warned me that I was using wgets() and it might present a security problem because of buffer overruns. I've never had VC++ warn me about any possible security problems.
But then you say that POS means "Point of Sale". I always thought it meant something else.
translates Word .DOCs. Has saved me from microsoft using coworkers many times. Check it out at http://www.wvware.com/.
http://selenium.dowco.com/report.html
Carousel is a lie!
The paper contains some valid points - and some points that are only partially valid.
.IDC and .HTX files BY DEFAULT? I don't think so. For all the 'wizard' based approach of MS stuff, I'd have thought they'd have been able to give you a few installtion options besides 'typical' and 'custom'. Follow that up with the ".printer" ISAPI filter installed by default with IIS5/Win2K and the recent exploit. BY DEFAULT, a typical installation is not secure, imo. I've no doubt they CAN be secure - I've seen some, but it often takes extra hardware and learning time. READ- it's not 'free', and translates into a higher TCO than MS would have you believe. Possibly higher than Linux. :)
Lack of drivers - this is and will continue to be a problem for Linux - and any non-Windows systems. They're specifically talking about the retail industry. Custom cash registers, scanners/bar code readers, etc. Until 'niche' device manufacturers release their hardware specs, the Linux camp will always be behind schedule. If reverse-engineering legislation was created to 'protect' device manufacturers, people might not even legally be allowed to write drivers for Linux, even if it would be a net increase in sales to the manufacturer.
Dev tools - this one is always coming along, I know, but there aren't many big name flashy dev tools for Linux. Yes, I know, they generally aren't needed, but this is a perception case which may never be won. Mid-level managers can at least *look* at MSVS, and get an idea of what's going on when they look over the shoulder of their developers. Looking at someone in vi just isn't as interesting. Again - this is perception we're talking about. Doesn't matter if I can do something in 5 minutes that takes an MSVS user 2 hours - perception will be that it's 'easier' to program for Windows, at least in most peoples' minds (generally the people who AREN'T doing the coding!)
Compatibility - I've lost track of how many cool looking apps I download from freshmeat or sourceforge that simply won't compile. I've had stock RH5.2, 6.1, Slackware, Suse, Mandrake and Caldera installs. They've ALL had problems running stuff. DEVELOPERS - either TEST your stuff on stock installs, or GIVE EXPLICIT instructions about how it was compiled. You will reduce frustration time (and possible tossing of Linux altogether) if people are at least clued in about if it's their fault or your code's fault if it doesn't compile/work right.
LESS SECURE - Windows itself may be secure, but a network app like IIS surely isn't that secure 'by default'. Installations in 1999 STILL being set to parse
Increased development costs - red herring, imo. "Since there are not large numbers of developers familiar with Linux development already, you will have to spend some extra money getting them the training they need. "
I don't think there are too many companies yet clamoring to jump into linux based on management directives. Management may approve, but the push for Linux seems to come from the ground troops - developers. This may change over time, but right now, there won't be many developers choosing/asking/begging to work on a system they don't understand. Conclusion: any company embracing linux is most likely doing so at the behest of their developers, and as such, 'increased labor/training costs' is a non-issue. They're already (at least mostly) trained, either from other projects or self-taught.
BTW - Was this a translated document? What the heck does "Microsoft is also driving better security with its customers than Linux is doing" mean?
creation science book
"I'm still looking for a robust .doc reader that doesn't suck"
Try StarOffice
~sabine
Also, will it run under the different Graphical User Interfaces (GUI's) available for Linux? GNU, KDE, and GNOME are the most popular, but there are others available too.
Gee, I always though GNU Wasn't UNIX, not a GUI... Does anyone have an idea for what GNU stands for now that it's a GUI?
GNU's Not Ugly?
GUIs not UNIX?
Any other ideas?
And why is it that Microsoft keeps stating that Windows is a registered trademark of Microsoft Corp. but not that Linux is a Registered trademark of Linus Torvalds?
--Volrath50
Given how many people seem to have interpreted `pos', I think I like this line:
"Retailers typically stay with their POS systems for years because of the costs that can be involved in upgrading thousands of terminal devices to a new environment." Suddenly the reason for using Windows becomes obvious...
Molf
OK, but by that same argument, MS-DOS is more secure than either one of them hands-down right out of the box. If you don't want to have to work to maintain your network and its software, maybe you shouldn't have a network to begin with...
Also, 95 is not 2000. There are no MMCs (or any real administrative tools, for that matter) in 95 for you to practice with at home. You need to sit down with a book to figure out how those work.
"Because of the out of the box securness, Los Alamos national labatories trust NT with all their secret data,"
They also trust communist Chinese spies. Are you saying that NT/2000 can be trusted as much as Wen Ho Lee? In that, I'd agree with you.
"also the NSA uses NT quite heavily and may even use it solely for storing highly classified secrets."
Doubtful. The only reason NT 3.51 got its Red Book security classification it got (C-3? I forget) was that the machines used to test it were heavily modified from their original install and not connected to any network. If you want network certification, you need to work with the Orange Book, and no MS OS has ever been submitted for testing by the NSA, let alone certified.
Besides, the NSA's work with SELinux gives credibility to the argument that there's a more secure groundwork to work with in Linux than in Windows.
"However, the truth is that a properly configured unix box can be very secure. You just need to find someone who can do it and there is a shortage of qualified unix admins who are good enough."
If you intend to put a NIC into your NT/2000 machine, you'll need an MCSE to do all that configuration as well. The only difference here is that MCSEs are a little more common. However, if the company is smart, they'll hire IT people that can learn new skills and not slaves to one piece of software.
"Anyway the article does not talk about stability. NT is pretty secure. However its not that stable. Go to www.bugtrack.com or cern's website and compare the unix bugs to NT one's."
If parts of the OS aren't stable, how can it be said to be secure? If there's a bug in a security feature (especially if it's a well-documented one MS is slow on the uptake to fix), then it isn't secure.