Author Topic: How about making a peace?  (Read 869 times)

www.unixsucks.com

  • Member
  • **
  • Posts: 131
  • Kudos: 56
    • http://www.unixsucks.com
How about making a peace?
« on: 27 August 2002, 20:22 »
Ok, here is what I propose, let's make non biased decision about Windows2000 vs Linux based on number of securuity vulnerabilities. We'll just count no of vulnerabilities for last year for some "comparable" configuration.
Here is list for Windows 2000 server

1. OS
2. IIS
3. DNS
4. File sharing

Here is list for Linux (Debian)
1. OS
2. Apache, PHP processor
3. Bind
4. SSHD
5. Samba
6. NIS

Let me know wether it's fair or not.
I'd also assume that we are talking about average admin which installed what came with a system and did not make any additional attempts to secure system.

[ August 27, 2002: Message edited by: http://www.unixsucks.com ]

Gregory Suvalian

creedon

  • Member
  • **
  • Posts: 430
  • Kudos: 0
How about making a peace?
« Reply #1 on: 27 August 2002, 20:47 »
quote:
Originally posted by www.unixsucks.com:
Ok, here is what I propose, let's make non biased decision about Windows2000 vs Linux based on number of securuity vulnerabilities. We'll just count no of vulnerabilities for last year for some "comparable" configuration.
Here is list for Windows 2000 server

1. OS
2. IIS
3. DNS
4. File sharing

Here is list for Linux (Debian)
1. OS
2. Apache, PHP processor
3. Bind
4. SSHD
5. Samba
6. NIS

Let me know wether it's fair or not.
I'd also assume that we are talking about average admin which installed what came with a system and did not make any additional attempts to secure system.

[ August 27, 2002: Message edited by: www.unixsucks.com ]



I'd say, from my (admittedly) uninformed perspective that it sounds fair, but I'd like to see the response time for fixes for each vulnerability, I think that might be a little more realistic in real-world conditions.
As I said, I have no training in this area; I would suggest that other forum members who are more informed express their opinion before such a comparison is made.
I'm SERIOUS about Linux; are you??

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
How about making a peace?
« Reply #2 on: 27 August 2002, 21:25 »
quote:
How about making a peace?

That sounds like a very good idea, the most sensible thing that you have ever said here infact. Unfortunately my Networking knowledge is limited and if I try to answer your question I will most likely make a fool of myself.
This is where we hand over to Voidman...   ;)
Contains scenes of mild peril.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
How about making a peace?
« Reply #3 on: 27 August 2002, 21:39 »
I have a better idea. Why don't we use your list from Linux and we'll use my list for Windows. Here is my list:

http://www.trustworthycomputing.com/
Someone please remove this account. Thanks...

preacher

  • VIP
  • Member
  • ***
  • Posts: 858
  • Kudos: 107
    • http://kansascity.cjb.net
How about making a peace?
« Reply #4 on: 28 August 2002, 13:21 »
Im not going to sit here and try to throw technical statistics at you, but rather mention the one reason that linux and especially the apache web server are so popular. Cost. Yes IIS is easier to set up, and yes it can handle larger loads than apache (I've read many comparison tests and agree), however apache and linux are more than capable enough to support huge sites and average sized sites. The added benefit is that they are free. You are quick to trash talk apache, however big sites such as www.ibm.com and www.apple.com use it. Last time I checked Windows 2000 advanced server was near $1000. That is by no means affordable, especially to the small time  websites. I can download any distro of linux for free and download the newest version of apache and Im set. For the money I spent on linux ($0.00), it is more than sufficient, in fact its excellent.
Kansas City Hustle
http://kansascity.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
How about making a peace?
« Reply #5 on: 28 August 2002, 16:53 »
Those are good reasons Preacher but I do not agree that cost is the primary reason for Apache's success, in fact has very little to do with it.

Apache is popular because it is not proprietay (runs on nearly every OS known to man), It is far more secure, more versatile, and all statistics I have seen (that aren't backed by Redmond) show that it outperforms IIS. Remember Apache runs on large Sun, IBM or Linux clusters, even on mainframes.

Maybe IIS will outperform Apache on Windows (I haven't looked at the performance data in some time), but no one in their right mind runs Apache on Windows. That's like putting steel doors on your cardboard house so no one will break in. IIS only runs on Windows and the Windows/IIS combo is about the least secure combo you can have.

Of course when the Linux/Apache combo starts out being better than Windows/IIS, being free certainly is a bonus.

[ August 28, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
How about making a peace?
« Reply #6 on: 28 August 2002, 17:25 »
Can somebody just remind me what google runs on again?

Oh no n/m, i've remembered, it's clustered linux.
Contains scenes of mild peril.

preacher

  • VIP
  • Member
  • ***
  • Posts: 858
  • Kudos: 107
    • http://kansascity.cjb.net
How about making a peace?
« Reply #7 on: 29 August 2002, 21:20 »
Apache's success isnt just based on cost(although if it was as expensive as IIS, Im sure it wouldnt be nearly as popular). Actually there are quite a few sites that do run apache on windows 2000, one of which happens to be internet security site antionline.com. I have seen quite a few comparison tests between the Apache webserver 1.3.x, IIS, Zeus, Netscape Enterprise, and a few others, and IIS does hold its own for high loads, although it is outclassed usually by Zeus. IIS did beat apache in most of these tests, however I believe that apache 2.0.x performs equally or superior to IIS. Im not a microsoft fan, however I am willing to admit that windows systems are capable of being extremely secure. If this wasnt possible then why would anyone run it at all? I think the true difference between the security in linux and windows is the intelligence of the system administrators. Most linux sys admins seem to be more technically savvy and keep their systems more secure.

 
quote:
Originally posted by VoidMain:
Those are good reasons Preacher but I do not agree that cost is the primary reason for Apache's success, in fact has very little to do with it.

Apache is popular because it is not proprietay (runs on nearly every OS known to man), It is far more secure, more versatile, and all statistics I have seen (that aren't backed by Redmond) show that it outperforms IIS. Remember Apache runs on large Sun, IBM or Linux clusters, even on mainframes.

Maybe IIS will outperform Apache on Windows (I haven't looked at the performance data in some time), but no one in their right mind runs Apache on Windows. That's like putting steel doors on your cardboard house so no one will break in. IIS only runs on Windows and the Windows/IIS combo is about the least secure combo you can have.

Of course when the Linux/Apache combo starts out being better than Windows/IIS, being free certainly is a bonus.

[ August 28, 2002: Message edited by: VoidMain ]

Kansas City Hustle
http://kansascity.cjb.net

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
How about making a peace?
« Reply #8 on: 29 August 2002, 21:39 »
But IIS is also free (as in beer). Why would anyone run Apache on a Windows box when both cost them no extra? It's because IIS sucks and is full of holes. The cost has little or nothing to do with why one is used over another, especially since they both are free.

Here's a good link that interestingly appears to be hosted on an IIS server:
http://www.eweek.com/article2/0,3959,3763,00.asp

And let's compare performance of Apache and IIS on a Sun Fire 15K server with 106 CPUs. Oh yeah, IIS won't run on that (Apache=versatility).

[ August 29, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
How about making a peace?
« Reply #9 on: 31 August 2002, 08:01 »
i just wanted to add a reply with the word 'fuck' in it, because i like the word 'fuck'. Who else likes the word 'fuck'? They are saying fuck on TV... its funny.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'