Okay oiaohm... you've covered some interesting points and I feel obliged to respond a little to clear up any ambiguity in my post although I thought my posting was fairly precise. Let's try again...
OpenNetware is a Linux server these days called Novell Open Enterprise Server
And your point is??. Who cares? I included it for a broad comparison.
Windows Server and Linux Servers are exploitable if setup wrong.
Which was my entire point. Which is more significant to O/S security the code in the O/S or the person setting it up?. It is a bogus argument to assume that either is "better" than the other without saying
better at what. The dervative of this argument is known in engineering as the "Short circut between the ears" being the biggest problem.
Reactos in time could have a market in servers. CAL(Client Access Licences) the problem of most Windows Server installs
Indeed, yes. I sincerely hope it does. As I've always said - Linux can make a good server O/S in the right context and I hope that via SAMBA ROS will make an excellent client. But you don't HAVE to have Linux if ou want a server!.
Also License restrictions on moving Windows Server OEM from one machine to another after and burn of server. Another problem.
I thought I had made this point pretty clear - esp. for non-corporate users who's funds aren't bolstered by annual tax-rebates on IT spending. I agree with you.
Windows is also Expensive to cluster. Thinking clustering is how you get 100 percent up time
No one mentioned clustering. Clustering is a side issue. Few people other than corporates will be interested in clustering. It's a bogus argument to dredge that into the relevance of ROS as a server platform. I am not even sure if there would be sufficient indidivuals interested in clustering for ROS developers to worry about it unless it was a field they had a specific interest in and wanted to follow up for some reason. Perhaps someone might want to start a poll and ask how many people run clusters at home?. I managed to get one Vax VMS box but that's hardly a cluster lol!
Windows Servers are not able to shut there GUI completely down. This is also a resources problem.
Not sure what the point of this comment is unless it is addressed to a specific context. Without contextual reference I can't really follow the point. I don't know many IT managers who would see the ability to shut down the GUI as a benefit and I now plenty who would see a no-GUI O/S as a drawback. But that comes from real world experience.
None of the Defects above does ROS have to have.
I'd agree other than defects introduced by the person setting up any system. Again, which was my specific point. An O/S, regardless of whatever technical capabilities are claimed, is only ever as strong or secure as the person who set it up (hence as good as the distro also). It follows from this that Linux is not a "better" O/S than any other since all O/S are dependent on a human to configure. Get my point? If not, ask what is the weakest link in any security?. Linux is no guarantee of these issues being inherentily any more "fixable".
Selection of Distro is critical in linux. There are distros for complete clueless that do get servers setup right. Novell Open Enterprise Server is one of them.
I think you've misunderstood my point and are running off the rails here. My point was to answer the comment below ...
Code: Select all
for servers you need linux, or unix.
This is not true. For servers you do not NEED Linux or Unix. It is an unsubstantiated blanket claim. Otherwise you might as well abandon any ambitions for ROS to enter the server market. I certainly hope to be running a ROS webserver soon!. What does or does not make a good server O/S depends on a wide variety of variables, the most important of which revolve around the client's own requirements spec. (as again I think I clearly pointed out). If you're running away with the purely technical argument and ignoring the customer you're missing the most important issue.
There is a common and wide myth in Linux circles that neither Novell Netware nor Windows can operate as a useful server environment. A former client had 15,000 users hosted on Novell and was one of the largest Novell customers in Europe. Another had around 8,000 and found Novell idea. Both these also used Unix as well as mainframes AND Windows - but the most important point was they selected each O/S for a specific and appropriate task. There is no notion in the business world of Linux being "better" than Windows etc... just more appropriate in given circumstances.
Please don't quote dead arguments. Security in Linux has not evolved passed Windows for no good reason.
Ignoring the double-negative for a moment. I think that argument equally vacuuous. Each have different security models. Linux technical security issues are issues with Linux not Windows so there's really no base for a close technical comparison - and without specifying which version of windows or specifics it means zilch.
The point I am addressing here is that security is not a static issue nor is it entirely dependent on the software. If you think that all Linux security problems are "now resolved" I am afraid you're mistaken. Bugs will continue to emerge. A false sense of security is dangerous and precisely why I believe that Linux will see more exploits in the future than in the past. Any blind confidence held in the superiority of Linux over Windows or Windows-equivalent O/S's such as ROS may be shattered to a degree when the next generation of Linux-happy kids get busy and more reckless home-users start abusing Linux.
I am sure that most people can get what I am saying here. The only counter-argument - if, for argument's sake, one was to stack the Linux community against Microsoft - is that the Open Source (Linux) community can react faster and since the source is published weaknesses can be fixed rather than "sat on". Hopefully that will also be a strength for ROS to build on.
Linux is not less attacked than windows. Most likely more attacked. Difference is etc. etc...
Technicalities aside, this boils down to the old "root access" argument. Human engineering - most likely via web apps - forms the best point of access. If you can persuade a user to breach security then it is no longer his machine. We also have many distros which run as "root" so, whilst I agree with the "good versus bad Linux" assertion, the fact is that such distros are out there in significant enough numbers for it to be a problem. The only way around this is to selectively ignore "bad" Linux distros and conveniently eliminate them from the argument. On that I'd have to side with Microsoft and say it's an unfair counter-claim.
I argued the case for Linux with a VMS colleague a couple of years ago who put me seriousy straight regarding the weaknesses of un-hardened Linux versus other systems such as VMS or Novell. On reflection I had to agree with him.
Attack linux at your peril. All you cause is evolution. Quick evolution because the tech is just sitting there not being used.
Selective evolution is a very good driver. I see no reason to knock any Windows-like O/S since they're subject to exactly the same driving force. The "kiddie" phenomenon gave Microsoft an excellent wake-up call and without virus and script writers few can doubt that Windows would be even half as strong as it is now. A good few security breaches can also work wonders to jolt comatose IT departments or at least panic their Finance Director bosses!.
The interview with Peter Gutmann at
http://www.grc.com/SecurityNow.htm is worth checking out regarding signed drivers etc. and improvments in Vista I tend to agree with Steve Gibson's views though. Again, you can have the best and most improved O/S in the world but if you cannot afford financially to upgrade to it every 3 or 4 years then by definition it is useless to you. I cannot afford and will not upgrade to Vista.
Discouting the theories and back to the practical world. I see very few cases where Windows of any version becomes unsecure due to inherent flaws. It rarely ever gets a chance to get that far. All too often I see Windows desktops AND servers (or services) running as Administrator and/or non-literate end-users installing their own software and bypassing sensible security which would apply to both Windows AND say Linux!
In the past 12 months I have seen the following horrors...
- Legal-type UK company purchase business-critical office software to run on XP which requires full administrative access after being badly-ported from a BSD telnet application.
A complete mess made off an office's XP LAN after being swapped from Workgroup to partial SAMBA domain emulation by a Unix-based software company who had no interest in Windows client security and spent an average of 3 minutes on each Windows client before leaving site. Business lost due to continual problems with Unix/XP interfaces.
Catching an employee part way through the installation of remote control software on a high-security PC after a sales person "cold-called" to "demonstrate" some wonderful new software which would intercept all of the company's emails.
Windows security features turned down, off or otherwise disabled or crippled as companies are not willing to provide staff training.
Windows security compromised because companies are not willing to budget for time to apply the required configuration.
Windows security compromised because companies are not willing to traing and/or appoint staff to act in the role of local network admin.
Companies with zero IT-literate staff on site and minimal or no contracted support.
Windows left open to attack due to unwillingness to purchase or budget for the install of either firewall or virus software.
The bespoke software company with the BSD SAMBA domain issues would have been better migrating their product to XP and there would have been no relevant security issues in the particular company using it, instead there is a tangle of NFS mapped drives, XP-SAMBA authentication, Administrator logings, faulty domain authentication and root/admin passwords left around in the office printed on paper in full view of customers because the client dpes not comprehend the technology any better than the vendors. BSD Unix did nothing to help secure this system. Bear in mind also that this vendor is one of the UK's largest in it's own field!.
I think you might see where I am going here - I deal with real world problems which cause people to lose jobs and companies to go bust or get sued. I go in and pick up the pieces after they do stupid things then blame Windows (or maybe Linux!). In this world, what makes a "good" O/S of any kind is very different to the one far too many people imagine to exist.
None of the above problems would be fixed by free software of any kind and no O/S would be "better" than another except in the minds of the loyal fans. The only O/S which would be "more secure" in such a context would be one which stopped the company doing their daily business. In such cases the consultant would be fired and they'd choose another (possibly weaker) O/S.
If you think these scenarios are confined to tiny "cowboy" companies as well please think again. I've seen the same sort stuff in some of the UK's biggest companies (and my NDA means I can't say who!
).
An operating system is not a panacea for IT security issues and you do NOT need Linux if you want to run a server! (that's my two-penneth's worth!
)