Linux, OpenBSD, Windows NT / 2000 Server Comparison: Contents

• Introduction Linux, OpenBSD and Windows NT / 2000 are discussed as server operating systems.
  • Third Attempt It's taken me three tries to narrow the focus sufficiently to finish this paper.
  • Personal Background 18 years as computer professional, 9 years with Windows, 8 years with UNIX, 5 years with NT.
    • Microsoft and the Courts Court rulings have affected my opinion of Microsoft.
    • Mirrored Sites For over a year I ran mirrored web sites on Linux, OpenBSD and Windows NT.
  • Standardizing on an Operating System I used to think it was desirable to standardize an organization on a single OS; not anymore.
    • Microsoft Doesn't Get It Windows servers really are just desktops with more services that are difficult to disable.
    • How Servers Differ from Desktop Systems Servers allow unnecessary functions to be disabled easily.
• Applications
  • Applications Required applications available only on one platform selects that platform; required applications not available eliminates a platform.
  • Applications Supplement OS Some Windows applications are just helpers filling gaps in the OS.
  • Niche Area Support Windows has more niche area applications.
    • OpenBSD Security Applications and Compatibility Modes The compatibility mode may allow a required application to run but is not a reason to choose OpenBSD, but its security features and ability to create security border products may be.
  • Application Integration Tight application integration has benefits but also ties a user more tightly to the product line.
  • Vertical Market Products Windows has a big current lead but Linux is a natural for vertical market applications.
  • Included With Core OS UNIX systems typically include a greater array of full function server applications than Windows.
    • Open Source Applications All open source applications are arguably part of the OS because they are available under similar licenses at no additional cost. What's avaialble is examined.
  • OS Versions and Fragmentation There is just as much diversity in the Windows product line as in different versions of UNIX.
  • Application Summary Windows has more applications but Linux has enough at a much better cost benefit ratio to be a serious contender. OpenBSD is appropriate in specific environments.
• Stability and Reliability
  • Introduction Stability and reliability both relate to a server being available to perform its intended functions.
  • Windows Blue Screen Ad 13 times more reliable than an unstable desktop OS isn't much to brag about.
  • Reboots Reboot frequency closely correlates with stability.
    • Preemptive Reboots Some systems require periodic reboots.
    • NT Reboots NT reboots, both planned and unplanned are much more frequent than UNIX systems.
  • Web Queries and Problems Web queries provide evidence that my NT problems are not unique.
  • Evaluating Reliability Depends on Experience
  • Windows Architecture is inherently less stable than UNIX.
    • Registry Putting most configuration settings in a single proprietary format, binary file was one of the worst technical decisions Microsoft ever made.
      • Limited Registry Tools can't compare to the wealth of tools to work with old fashioned text configuration files.
      • Registry Security and Installs Every install risks damaging the registry and makes administrator decisions without administrator knowledge.
    • Windows Directory Structure makes no sense.
      • System Recovery is more difficult because of Windows chaotic directory structure.
    • GUI Administrative Interface removes administrator control of the system.
  • Linux Stability normally only requires reboots for hardware and kernel upgrades.
    • KVM Comparability Issues required careful use to prevent locked keyboards on Linux and OpenBSD systems.
  • OpenBSD Stability is comparable to Linux.
  • Miscellaneous Reliability Issues UNIX doesn't have unexplainable reliability issues where Windows does.
  • Stability Summary Linux and OpenBSD are far more reliable than any Windows system. The "System Restore" feature included in ME and XP confirms the problem and suggests the cause.
• Security
  • Security Introduction Those with strongly Windows or UNIX backgrounds rarely understand the security of the other family.
  • Windows Security
    • FAT vs. NTFS Choosing a FAT based file system on NT gives up both security and a highly reliable file system.
    • Windows, FAT and Dual Boot Dual boot is the only justification for FAT and has no business in a business environment.
    • NT File and Directory Security NT has a very sophisticated file and directory security system and significant system access controls not available in UNIX.
    • Poor Windows File and Directory Security Tools Poor tools make NT's sophisticated security unnecessarily difficult to use.
    • NT Throwaway Security Microsoft has discarded useful security with horrible default settings.
    • Password Hashes Windows NT and 2000 password hashes are pathetically weak because of backward compatibility concerns.
    • NT Too "Easy" To Be Secure It's really not desirable that non technical users can set up what should be sophisticated servers on the Internet.
    • Recent Windows E-Commerce Compromises Intruders systematically targeted 40 e-commerce sites using well known vulnerabilities as much as three years old.
    • Breaking IIS Exploits. Two steps, one trivial and one which is admin 101, break most IIS exploits, without patches.
    • Window's Single User Origins In the past Windows single user origins have protected it from many serious exploits.
    • UNIX Root Compromises UNIX's true multi user origins have exposed it to more serious attacks.
    • NT Rootkit Compromises Intruders now have all the tools needed to gain remote administrative access on Windows systems.
    • Unneeded Services Windows makes it difficult or even impossible to turn off unneeded services while retaining necessary functionality.
    • Windows Complexity Windows is highly complex and getting more complex with each release, assuring a unending supply of bugs for intruders to exploit.
  • Default Installs OpenBSD is the only system in this comparison that is secure by default.
  • OpenBSD Origins OpenBSD was begun as a separate project with the goals to create a reliable and secure system.
    • Secure by Default Many services typically turned on by default are turned off in OpenBSD; file and directory access is more restricted than other UNIXs.
    • "Four years without a remote hole" OpenBSD claims that no system installed with default settings has been remotely compromised in four years.
      • UNIX Signal Handler and Open Source Software Fixes A recent bug shows how the open source model can result in fixes before the problem is publicly known.
      • IP Filter Bug Another bug shows how even minor security bugs are fixed quickly.
    • OpenBSD Daily Security Audit *BSD systems include a Tripwire like auditing function built in and turned on by default.
  • Quantitative Comparisons Few quantitative measures are readily available to compare operating system security.
    • Web Defacements The attrition.org record of web site defacements is one quantitative measure of web server security if used with care.
      • Linux and other UNIX Defacements No definitive conclusions can be made from recorded Linux and OpenBSD web site defacements.
      • Windows Defacements Windows NT and 2000 web sites which are definitely a minority of all web sites account for a clear majority of web site defacements.
  • Linux: A Security Middle Ground Linux security is not as good as OpenBSD but better than Windows and it can easily be hardened to a significant degree.
    • Firewall in Red Hat 7.1 Install By including firewall setup in the install, Red Hat allows a hard shell to be wrapped around otherwise mediocre security.
      • Firewall Problems Unfortunately Red Hat picked the now obsolete IP Chains and the system configuration tool doesn't work with the firewall.
      • OpenBSD Firewalls The OpenBSD firewall is off by default and defaulted to allow all traffic when first turned on.
      • Back to Linux Firewall Picking the most secure Red Hat firewall option is likely to require some manual configuration.
    • Default Install Conclusions OpenBSD is the security leader with Linux second and NT / 2000 a distant third; both open source systems can be hardened to almost any degree while Windows is a significant hardening challenge.
  • Intrinsic Security Comparisons Intrinsically Windows is not significantly less secure than UNIX but this is not a real world question.
    • Windows Is not Meant to be a Secure System Windows is built to be a highly functional server based on tightly coupled services not a highly secure server.
  • Development Model, Bug Fixes, Security & Reliability
    • OpenBSD is built by a tightly coordinated team with a clear emphasis on high quality code and security at the expense of features. Bugs are fixed very quickly and a single, up-to-date "patch branch" free of any known significant bugs always available.
      • Security Notification lists Some leading security e-mail lists are mentioned and the SANS SAC list recommended.
      • IP Filter Bug the conditions necessary to exploit a security bug the OpenBSD team described as "serious" are examined.
    • Linux is built by a large loosely coordinated team with a large active user base. Bugs are common but fixed very quickly. Multiple distributions introduce issues not faced by OpenBSD.
    • Microsoft Microsoft's unquestionable first priority is making a profit. Then come long feature lists, ease of use (learning), and performance. Security is at best a fifth place priority. Most buyers want features and don't care about security and Microsoft obliges. Their products cannot possibly be as secure as OpenBSD or Linux.
    • System Tradeoffs is a long discussion of how various factors interrelate when building a system. The basis for some quantitative comparisons is outlined but the necessary data not typically available.
    • Open Source Code Review insures a more secure end result than the closed proprietary model. Review by black hats is an essential, and in the long run, beneficial part of the review.
  • Security Conclusion OpenBSD is the security leader but pre hardened Linux versions present some interesting challenges. Both can be hardened as needed. Long Windows NT and 2000 security feature lists don't make secure systems and lots of bugs assure continued large scale intrusions.
• Scalability typically means how many processors a single machine can use or how many machines can be clustered. I'm going to discuss it from the perspective of small businesses and the ability make effective use of resources by moving processes and adding machines as needed.
  • System Performance Benchmarks measure a very specific and limited set of functions that may not reflect live environments. Performance affects total costs.
  • Static Web Pages For years PC Magazine's unrealistic static page web server test has made Linux and Apache look much slower than NT / 2000 and IIS.
  • Other "Benchmarks" give very different results. Each OS looks better or worse depending on the specific task(s) performed.
  • Hardware Requirements Windows systems generally have significantly higher hardware resource requirements than Linux or OpenBSD.
  • OS Performance Comparisons In text mode Linux and OpenBSD should be somewhat faster than Windows and in GUI mode Windows tight integration should give it some advantage.
  • Price Performance Ratio When total system price (including licenses) is comparable, Linux and OpenBSD should run circles around NT and 2000.
  • Scalability As Cost Effective Performance Businesses small enough to run on a single server should consider keeping everything on one server; slightly larger businesses should consider Linux or OpenBSD for web, FTP, or list servers.
  • Relocating Server Applications UNIX systems can easily be moved to other machines and applications split or moved separately; Windows NT and 2000 lack this flexibility.
• Usability
  • Ease of Use and Ease of Learning The difference between doing something the first time, ease of learning, is almost universally confused with doing it repeatedly which is ease of use. System administration has much more repetition than end user computing.
    • Windows Lacks Automation Without third party tools, Windows NT is almost totally devoid of automation tools and Windows administrators typically lack scripting skills.
    • Smart Monkey Administrators Windows is designed to hide computer workings from users which might make sense on an end user computer but not on a server which should only ever be touched by technical staff.
  • System Logs and Monitoring Servers create logs that need to be reviewed and analyzed.
    • Windows System Logging Though windows can log a variety of events and provide log services to applications, it has almost no tools to work with the resulting logs.
    • UNIX System Logging is almost unlimited in what can be logged and where it can be sent. Because all logs are text files or have conversion utilities, analysis possibilities are unlimited.
    • Limited Windows Monitoring NT includes extensive auditing capabilities but results go to logs with no useful analysis tools. Process monitoring is spotty and performance, not security oriented.
    • Tlist Is Not PS The only tool remotely like the UNIX ps command is the Resource Kit, tlist, which is a limited function, semi useful tool.
  • Support Options Except for WordPerfect a decade ago and IBM, I've never been favorably impressed with commercial computer product support.
    • Microsoft Non Support If you can't find the answer on their web site, I've not found calling Microsoft to be worth the effort.
    • Microsoft Consultants Skilled consultants who really know the products exist but finding them reliably is another matter.
  • Open Source Documentation is available free on the Internet. Lazy Windows ways of insert CD, default install, run product are not sufficient; most open source products require some reading of documentation.
    • Installing Software on Linux and OpenBSD A few simple commands will install binaries on most UNIX systems. If support libraries are missing, the install tells you leaving administrators, not install software in control.
    • Free Support for Open Source Free support via Usenet, mailing lists and bug reports is faster and more accurate than most paid commercial support.
    • Commercial Support for Open Source A variety of companies, including IBM, provide paid Linux support.
  • Usability Conclusion The easy to learn mechanics of Windows hide repetitive tedium. Differences in different Windows lines and major changes every five or so years undermine Microsoft claims for easy to use. In the long run UNIX skills are more transportable.
• Staff Issues What matters is not how much UNIX or Windows administrators cost but the cost per managed unit which could reasonably be machines or users or even some workload measure.
  • Scripting Skilled UNIX administrators will automate all routine tasks on the machines they are responsible for and thus likely to be more efficient and satisfied.
  • Reliability Impact on Staff There is little that is more frustrating than troubleshooting problems for which their is no explanation so Windows administrators will typically experience high levels of job frustration.
• Total Cost of Ownership Windows 2000 costs much more. Security and reliability are much cheaper on Linux and OpenBSD. Usability is a mixed bag. If needed applications are available on open source systems, they have to have a lower TCO than Windows.
  • Microsoft Licenses and Non Responsibility Microsoft licenses guarantee that no matter what problems their software causes, they will never be held accountable.
• Summary and Recommendations Windows is an expensive system that typically delivers too much unneeded functionality and unwanted security and reliability surprises compared to free or low cost open source systems that can easily be made to reliably do what is wanted.
  • Moving Away From Windows Few companies today can dispense with Windows servers, but many more than are, could find cost saving uses for Linux systems.
    • Application Choice Over Valued Though the issues are very different in consumer and business desktop markets, it makes no sense to spend extra to get unreliable and insecure servers, able to run applications they never will.
    • Introducing Linux to a Windows Environment Shops not already highly Windows centric and with a mix of platforms and loosely integrated applications will have a much easier time introducing Linux.
    • Gaining Linux Experience Initial Linux experience is best gained at home on an old or low cost second computer and not a dual boot system. KVMs make this practical.
    • First Linux Project A low visibility technical use of Linux, e.g., a DHCP, FTP, relay mail, or cache server, is likely to be the best first use for a Linux server.
  • Conclusion In my experience, NT servers never quite measured up to UNIX servers, and my mirrored server experiment settled the matter. Windows 2000 is way too little, too late to matter.

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in https://geodsoft.com/terms.htm (or https://geodsoft.com/cgi-bin/terms.pl). These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of https://geodsoft.com/terms.htm (or cgi-bin/terms.pl) from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.