Stop Microsoft
Miscellaneous => The Lounge => Topic started by: www.unixsucks.com on 27 August 2002, 20:22
-
Ok, here is what I propose, let's make non biased decision about Windows2000 vs Linux based on number of securuity vulnerabilities. We'll just count no of vulnerabilities for last year for some "comparable" configuration.
Here is list for Windows 2000 server
1. OS
2. IIS
3. DNS
4. File sharing
Here is list for Linux (Debian)
1. OS
2. Apache, PHP processor
3. Bind
4. SSHD
5. Samba
6. NIS
Let me know wether it's fair or not.
I'd also assume that we are talking about average admin which installed what came with a system and did not make any additional attempts to secure system.
[ August 27, 2002: Message edited by: http://www.unixsucks.com ]
-
quote:
Originally posted by www.unixsucks.com: (http://www.unixsucks.com:)
Ok, here is what I propose, let's make non biased decision about Windows2000 vs Linux based on number of securuity vulnerabilities. We'll just count no of vulnerabilities for last year for some "comparable" configuration.
Here is list for Windows 2000 server
1. OS
2. IIS
3. DNS
4. File sharing
Here is list for Linux (Debian)
1. OS
2. Apache, PHP processor
3. Bind
4. SSHD
5. Samba
6. NIS
Let me know wether it's fair or not.
I'd also assume that we are talking about average admin which installed what came with a system and did not make any additional attempts to secure system.
[ August 27, 2002: Message edited by: www.unixsucks.com (http://www.unixsucks.com) ]
I'd say, from my (admittedly) uninformed perspective that it sounds fair, but I'd like to see the response time for fixes for each vulnerability, I think that might be a little more realistic in real-world conditions.
As I said, I have no training in this area; I would suggest that other forum members who are more informed express their opinion before such a comparison is made.
-
quote:
How about making a peace?
That sounds like a very good idea, the most sensible thing that you have ever said here infact. Unfortunately my Networking knowledge is limited and if I try to answer your question I will most likely make a fool of myself.
This is where we hand over to Voidman... ;)
-
I have a better idea. Why don't we use your list from Linux and we'll use my list for Windows. Here is my list:
http://www.trustworthycomputing.com/ (http://www.trustworthycomputing.com/)
-
Im not going to sit here and try to throw technical statistics at you, but rather mention the one reason that linux and especially the apache web server are so popular. Cost. Yes IIS is easier to set up, and yes it can handle larger loads than apache (I've read many comparison tests and agree), however apache and linux are more than capable enough to support huge sites and average sized sites. The added benefit is that they are free. You are quick to trash talk apache, however big sites such as www.ibm.com (http://www.ibm.com) and www.apple.com (http://www.apple.com) use it. Last time I checked Windows 2000 advanced server was near $1000. That is by no means affordable, especially to the small time websites. I can download any distro of linux for free and download the newest version of apache and Im set. For the money I spent on linux ($0.00), it is more than sufficient, in fact its excellent.
-
Those are good reasons Preacher but I do not agree that cost is the primary reason for Apache's success, in fact has very little to do with it.
Apache is popular because it is not proprietay (runs on nearly every OS known to man), It is far more secure, more versatile, and all statistics I have seen (that aren't backed by Redmond) show that it outperforms IIS. Remember Apache runs on large Sun, IBM or Linux clusters, even on mainframes.
Maybe IIS will outperform Apache on Windows (I haven't looked at the performance data in some time), but no one in their right mind runs Apache on Windows. That's like putting steel doors on your cardboard house so no one will break in. IIS only runs on Windows and the Windows/IIS combo is about the least secure combo you can have.
Of course when the Linux/Apache combo starts out being better than Windows/IIS, being free certainly is a bonus.
[ August 28, 2002: Message edited by: VoidMain ]
-
Can somebody just remind me what google runs on again?
Oh no n/m, i've remembered, it's clustered linux.
-
Apache's success isnt just based on cost(although if it was as expensive as IIS, Im sure it wouldnt be nearly as popular). Actually there are quite a few sites that do run apache on windows 2000, one of which happens to be internet security site antionline.com. I have seen quite a few comparison tests between the Apache webserver 1.3.x, IIS, Zeus, Netscape Enterprise, and a few others, and IIS does hold its own for high loads, although it is outclassed usually by Zeus. IIS did beat apache in most of these tests, however I believe that apache 2.0.x performs equally or superior to IIS. Im not a microsoft fan, however I am willing to admit that windows systems are capable of being extremely secure. If this wasnt possible then why would anyone run it at all? I think the true difference between the security in linux and windows is the intelligence of the system administrators. Most linux sys admins seem to be more technically savvy and keep their systems more secure.
quote:
Originally posted by VoidMain:
Those are good reasons Preacher but I do not agree that cost is the primary reason for Apache's success, in fact has very little to do with it.
Apache is popular because it is not proprietay (runs on nearly every OS known to man), It is far more secure, more versatile, and all statistics I have seen (that aren't backed by Redmond) show that it outperforms IIS. Remember Apache runs on large Sun, IBM or Linux clusters, even on mainframes.
Maybe IIS will outperform Apache on Windows (I haven't looked at the performance data in some time), but no one in their right mind runs Apache on Windows. That's like putting steel doors on your cardboard house so no one will break in. IIS only runs on Windows and the Windows/IIS combo is about the least secure combo you can have.
Of course when the Linux/Apache combo starts out being better than Windows/IIS, being free certainly is a bonus.
[ August 28, 2002: Message edited by: VoidMain ]
-
But IIS is also free (as in beer). Why would anyone run Apache on a Windows box when both cost them no extra? It's because IIS sucks and is full of holes. The cost has little or nothing to do with why one is used over another, especially since they both are free.
Here's a good link that interestingly appears to be hosted on an IIS server:
http://www.eweek.com/article2/0,3959,3763,00.asp (http://www.eweek.com/article2/0,3959,3763,00.asp)
And let's compare performance of Apache and IIS on a Sun Fire 15K server with 106 CPUs (http://www.sun.com/servers/highend/sunfire15k/). Oh yeah, IIS won't run on that (Apache=versatility).
[ August 29, 2002: Message edited by: VoidMain ]
-
i just wanted to add a reply with the word 'fuck' in it, because i like the word 'fuck'. Who else likes the word 'fuck'? They are saying fuck on TV... its funny.