Slashdot Mirror


Windows vs. Linux Security, Once More

TAGmclaren writes "The Register is running a very interesting article about Microsoft and Linux security. From the article: 'until now there has been no systematic and detailed effort to address Microsoft's major security bullet points in report form. In a new analysis published here, however, Nicholas Petreley sets out to correct this deficit, considering the claims one at a time in detail, and providing assessments backed by hard data. Petreley concludes that Microsoft's efforts to dispel Linux "myths" are based largely on faulty reasoning and overly narrow statistical analysis.' The full report is available here in HTML form, and here in PDF. Although the article does make mention of OS X, it would have been nice if the 'other' OS had been included in the detailed analysis for comparison."

5 of 489 comments (clear)

  1. Notice they compare to Windoze to Dead Rat Linux by Anonymous Coward · · Score: -1, Flamebait

    I noticed they picked Dead Rat Linux to compare Windoze to. From my reviews os security update lists Dead Rat has the most patches to fix vulnerabilities they added in.

  2. Re:Misleading article by Anonymous Coward · · Score: -1, Flamebait

    Exactly!

    It's bullshit. But how is that a license to return the favor? I'm just saying - read this article with the same level of speculation as you would a Get the Facts survey - because it too is coming from one side.

  3. The Truth about Apple Users by Anonymous Coward · · Score: -1, Flamebait
  4. Re:Make Sure That You Only Present... by Anonymous Coward · · Score: -1, Flamebait

    Oh yeah... Look who's talking.. Windows Kernel Expert... Get some classes about Windows internals and general OS design, then start open your mouth shithole, idiot.

  5. Re:Make Sure That You Only Present... by Anonymous Coward · · Score: -1, Flamebait

    The best way to run Linux servers is from a headless setup...

    First off you setup Lilo or grub to boot up with the serial port of the computer the main terminal instead of the normal tty1.

    That way you can have one old laptop running dos or a minimal linux installation with simply a terminal running on the serial port. Then if the computer goes down (basicly no networking ability. Or you need to get into single user mode) and you have to access it you simply take the old laptop and plug it into the back of your server.

    That way you eliminate the need for a keyboard and monitor for each server. In a small server room were you have a few dozen boxes in the same area as a broom closet this will cut down on heat, clutter, and expense.

    The majority of the time you would do your administration locally. You'd set it up not only to use SSH, but to operate off of keypairs. You keep the key in a USB stick and it'll make it easy to access any server quickly and without resorting to passwords. That way you can make passwords very large and change them often.

    Then all you have to worry about is the security of your workstation, and that shouldn't be a problem because since it is your personal system you lock it the fuck down, using SELinux or even a different operating system then your servers (like if your running Redhat Enterprise linux on your servers, you run OpenBSD on your workstation) to cut down on the likelyhood that a cracker would be able to use exploits to gain control of your workstation AND your server. Use third computer network monitoring stations (mini-itx boards make great little stations all over the place for monitoring. Also their hardware-based encryption allows for easy and fast ad-hoc VPN networking)

    Turn off your workstation when your not there.

    And that way you can have your cake, your GUI and eat it too.

    Look at the advantages:
    Centralized administration.
    High security.
    Reduced heat and power requirements.
    Reduced cost per server.
    Reduce server room clutter.
    Easy automation thru scripting using SSH.
    Easy very remote and secure administration (over the internet)
    X11 over SSH will provide you with access to any vendor specific GUI tools you need.
    etc etc

    Contrast that to Windows:
    Confusing server room setup.
    20 server boxes, 20 monitors, 20 keyboards, 20 mice. Or using extepensive and error prone KVM setups which may only reduce the clutter by a third or so practically.
    More cable clutter, more power requirements, reduced efficiency.

    Remote administration is severely limited. If your workstation is the same OS you can use windows terminal services. But even then scripting and automation is much more difficult then in Unix.

    Also you are allowing yourself to be vunerable to the same exploits which would affect your servers. This would allow your workstation to be more easily comprimised at the same time as the servers making recovering from successfull attacks even more difficult and time consuming.

    If you do run a different OS then your servers (IE a non-NT based OS. NT=NT 4.0, W2k=NT 5.0 WinXP=NT 5.5 Win2003 = NT 5.7 Longhorn will be NT 6.0 in my estimation.) you will only have the choice of expensive commercial SSH (which would still be difficult to use on Windows. It's GUI is everything), telnet, VNC.

    If your using Windows I would expect that you would spend extensive time sitting in the server room, flipping switches, and going from keyboard to keyboard. In Linux-land admins sit in their office listenning to music and with a few xterms open.