- PeterMoulding.com
- Author
- Trainer
- Speaker
- Business Coach
- How to write a How To book
- PHP Courses
- Speaking
- Web Architect
- Australia
- Books
- Authors
- Akkana Peck
- Alex Berenson
- Andrew Nugent
- Ben Sanders
- Brock Clarke
- Chris Simms
- David Mercer
- Dianna Mullet
- Don Winslow
- Dori Smith
- Harlan Coben
- Jack McDevitt
- James Wines
- Jerry Yudelson
- John Grisham
- Kevin Mullet
- L. E. Modesitt Jr.
- Laurell K. Hamilton
- Marshall Karp
- Martina Cole
- Michael Marshall Smith
- Michel Roux Jr
- Nadia Sawalha
- Philip Pullman
- Raymond Khoury
- Richard North Patterson
- Robert Masello
- Sally Roth
- Sarah Langan
- Stella Rimington
- Stephen King
- Stephen Leather
- T.C. Boyle
- Tom Negrino
- Tony Hillerman
- Urban Waite
- Val McDermid
- Valerio Massimo Manfredi
- Beginning GIMP
- Beginning Visual C++
- Culturalism
- Fiction
- A Drink Before The War
- A Talent for War
- Bag of Bones
- Blood and Ice
- Burn
- Dark Lady
- Dead Line
- Eclipse
- Empress of Eternity
- Exley
- Flipping Out
- Just One Look
- Nightfall
- Pet Sematary
- Savage Moon
- Skinwalkers
- Starvation Lake
- The Fallen
- The Gardens of the Dead
- The Jump
- The Last Templar
- The Mermaids Singing
- The Midnight Mayor
- The Secret Soldier
- The Summons
- The Terror of Living
- The Testament
- The Tower
- Under the Dome
- Virus
- AJAX and PHP
- Aging with Grace
- Food books
- Green Architecture
- Life Is So Good
- SQL: The Complete Reference
- The Backyard Bird Lover's Ultimate How-to Guide
- The Garden Gurus
- Authors
- Sustainability
- -18 hours left to decide the future of Australia
- Campbells vegetable stock or Massel vegetable stock?
- Carbon Sequestration
- Carbon tax for Australia is a fraud
- Copenhagen will fail
- Cost of living in Australia
- Dick Smith jumps on the population bandwagon
- Dry Run: Preventing the Next Urban Water Crisis
- Energy Saving Lights
- Garlic
- How many people can live in Australia?
- Julia Gillard offers 9.9 billion dollars bribe to Rob Oakeshott
- Laundry detergent
- Petrol or Diesel?
- Reflective foil batts kill
- RoHS
- Sea level to rise 3mm due to climate change
- Solar power
- Spring again in Sydney
- Sustainable fuels
- The CRUD Tax is back
- The people who make building regulations do not own houses
- Water efficiency
- Which insulation is safer, foil or wool?
- Will Australia reduce greenhouse gas emissions?
- Technology
- Android or Blackberry or iPhone or a flip phone?
- Apple versus Google 2011
- Cameras
- Cars
- Colour
- Burgundy
- Colour Blindness
- Colour Names
- Dulux colours
- Pantone colours
- Safe Colours
- Seculine ProDisk Mini colour balance card
- What Causes Colour Blindness?
- Hardware
- Batteries for the Digital Age
- Cables
- Cases
- Computer reliability
- Computrace
- Disks
- Astone ISO Gear 481E
- Best SSD for your notebook computer
- Disk block size
- Hitachi disk HDS722020ALA330
- LaCie USB 2.0 250 GB mobile hard drive design by F.A. Porsche
- SMART disk
- Samsung 2 TB HD204UI quiet low power disk for mass storage
- Seagate and Samsung merge disk business
- Select the right disk for your RAID array
- USB disk speed
- Western Digital WD20EARX 2 GB SATA 3 disk
- How long should computer hardware last?
- Keyboards
- Mainframe
- Memory cards
- Monitors
- Netbooks, notebooks, tablets, and xPads
- Network Attached Storage
- OLED Displays
- PC's are a thing of the past
- Printers
- Quiet
- Samsung Galaxy S
- Speed
- Television
- Tools
- USB
- Worst computer movies
- Xserve is dead. What next?
- Your backup will not work
- iPad or Acer Aspire One?
- IQ
- Its obsolete, throw it out!
- LG Intello Washing Machine
- Lack of a challenge
- NBN spends another $12 billion of our tax money on nothing
- Networks
- 802.11n wireless networking
- D-Link DIR-655 wireless router
- D-Link DWA-160 Xtreme N dual band USB adapter
- D-Link DWA-556 Xtreme N PCI Express desktop adapter
- MIMO
- National Broadband Network
- Netgear wireless modem router DGND3300 with 300 Mbps 802.11n
- Refrigerator kills wireless broadband
- Small Wireless Network
- TP-LINK TL-SG10005D 5 port gigabit switch
- TP-Link TL-WR1043N wireless N gigabit router
- Telstra Pre-paid Mobile Wi-Fi
- Where are the router plus proxy server combinations?
- Open Source documentation
- Software
- 7-zip
- Accounting
- Asterisk
- Audacity
- Backup software
- Bloat only in Windows
- CAD
- CDex
- Disk imaging software for copying and backup
- Exact Audio Copy
- Filezilla
- Firefox
- Java
- LibreOffice or OpenOffice?
- Linux
- 1 in 5 servers will ship with Linux
- Android phones outsell iPhone
- Another Move to Linux
- CentOS 5.5 installation on SSD and RAID 5
- Debian
- Debian 5.0.5 AMD64 installation
- Fedora
- Fedora or Ubuntu?
- Gnome or KDE?
- K9copy
- Linux 2.6.38
- Linux Gnome login settings lost
- Linux Mint
- Linux RAID, a rant
- Linux Speed
- Linux Time
- Linux reliability as demonstrated by Ubuntu 10.10
- Linux reliability as demonstrated by Ubuntu 11.4
- Linux still a struggle in 2011
- Linux workstation disk RAID 1
- Linux, NT, Windows, and SETI
- Linux, three years of progress
- London Stock Exchange switches to Linux
- Mandrake Linux 9.2
- The partition is misaligned by 48128 bytes - warning from Linux RAID
- Ubuntu
- How to fix the scroll bars in Ubuntu 11.4 Gnome
- Kubuntu 10.10 alternate installation on desktop with RAID 1
- POWbuntu
- Ubuntu 10.10 after 6 months use
- Ubuntu 10.10 alternate installation
- Ubuntu 10.10 desktop RAID 1
- Ubuntu 10.10 desktop RAID 5
- Ubuntu 10.10 desktop install on a netbook
- Ubuntu 10.10 desktop installation
- Ubuntu 10.10 netbook install on a netbook
- Ubuntu 10.10 server AMD64
- Ubuntu 10.10 upgrade to version 11.4 beta 2
- Ubuntu 10.4
- Ubuntu 11.10
- Ubuntu 11.10 first upgrade
- Ubuntu 11.4 after one month use
- Ubuntu One
- Ubuntu by Microsoft?
- Ubuntu desktop upgrade 10.4 to 10.10 failed because I did not check the media
- Ubuntu strikes again
- Yes, use Linux but not that distribution!
- Nero
- OpenOffice
- OpenOffice is now Apache Office
- Project management
- Scribus
- Software for Windows and Linux
- Time
- Todo applications
- Tomboy notes
- Top text editors
- Version control
- VideoLAN VLC media player
- Visio
- Webmin
- Webmin installation on CentOS for Web development
- Webmin installation on Ubuntu
- What is the most popular open source software today?
- Windows
- Another Windows person goes Linux
- BAD_POOL_CALLER
- Cygwin
- Microsoft Malicious Software Removal Tool cannot find a common virus
- One of the developers of Windows XP is criminally insane
- There are unused icons on your desktop
- W32time
- Which Windows version?
- Windows 7 Home Premium
- Windows XP Stop 0x0000007B during installation
- Windows XP is a disaster
- Windows processes
- XML
- Zip, bzip, gzip, or 7zip?
- configFree
- Technology Succession Planning
- VoIP
- Web Sites
- Drupal
- Do Drupal themes have to use the GPL?
- Drupal 7
- A better search facility for Drupal
- Drupal - performance or flexibility
- Drupal 7 new features
- Drupal 7 ships on January 5
- Drupal 7.4 hits PeterMoulding.com
- Drupal function sequence
- The evolution of a module
- Undefined index: headers in DefaultMailSystem->mail() (line 54 of /modules/system/system.mail.inc).
- Undefined index: to in DefaultMailSystem->mail() (line 83 of /modules/system/system.mail.inc).
- implode(): Invalid arguments passed in DefaultMailSystem->format() (line 23 of /modules/system/system.mail.inc).
- Drupal Code Load Cut
- Drupal How To
- Drupal Modules
- Backup and Migrate
- Browscap
- CKEditor with Drupal WYSIWYG
- Captcha
- Colorbox
- Content Construction Kit
- Content type
- Devel module for Drupal
- Drupal Rules as an automation language
- Drupal Spam add-on module
- IMCE
- IMCE Wysiwyg bridge
- ImageAPI
- Lightbox2
- Node Gallery Access
- Node_Gallery
- Path
- Path redirect
- Pathauto
- Pet
- Search
- Service links
- Session Variable
- Taxonomy
- Token
- Transliteration
- Trigger
- Variable module
- Other modules
- Drupal Training
- Drupal access controls need a major rewrite
- Drupal coding tricks
- Drupal performance
- Drupal themes for the future
- Drupal.org colours
- Import existing data into Drupal
- Multiple Web sites made easy using Drupal multisite and the right start
- drupal_lookup_path()
- Adobe PDF
- Apache
- Apache Mahout
- Audi.com
- Bleet
- CSS Strikes Again
- CSS or xCSS
- Can you believe Facebook or email?
- Content Management Systems
- Databases
- Facebook scam
- Font
- Fonts
- HTML
- Install Apache, MySQL, and PHP 5 in Ubuntu 11.4 using the Ubuntu Software Centre
- Language Codes
- Marketing
- Memcache
- Nginx
- Oscars
- PHP
- SPDY
- Search software
- Techoni.com.au
- Theme themes
- U.S. Patent No. 6,985,875
- Virtual Private Server
- Visible Improvement
- Web 4.0
- Web browser usage
- Web browsers
- Web site development
- Bluefish
- Eclipse and PHP
- Getting a Git client, a story of ancient technology and pain
- HTTrack
- MVC
- Netbeans
- Nvu
- PHP
- PHP or ..., CakePHP/Symfony/ZF versus ...
- Programming
- Superfish
- Web browser emulators for testing your Web site
- Web development frameworks
- Web site books
- Web site development on your own computer
- Webmin or phpMyAdmin or cPanel for creating databases?
- aiki framework
- jQuery
- Views development - Learn Fields first
- Views development - Learn Actions and Rules
- jQuery .each()
- jQuery .has()
- jQuery .is()
- jQuery and Firefox Firebug
- jQuery children
- jQuery for people not using Drupal - Installation and getting started
- jQuery hover
- jQuery hover de-duplication example
- jQuery or CSS?
- jQuery performance
- jQuery tests
- Web site hosting
- Westpac Web site still broken after two years and ten months
- Wordpress wins another CMS survey
- Drupal
Windows or Linux for Security
Submitted by Peter on Wed, 2009-12-09 19:55
In 2004 Nicholas Petreley wrote a paper comparing the security of Linux versus the security of Windows. NP mades only two mistakes. He assumed all Microsoft operating systems were the same even though Microsoft used to sell two unrelated operating systems. NP also occasionally confused applications with operating systems. Even with those errors, the paper was a good read and gave many reasons why Linux is a better choice for some roles than Windows.
Read NP's paper in HTML or PDF.
Windows 7
My comments on Windows and Linux security were originally written in 2004 then updated for Microsoft Vista and are now updated for Windows 7.
One immediate reason for changing from Windows to Linux was Vista. Microsoft then reduced the desertion rate by supplying XP with Vista so that we can immediately upgrade from Vista to XP. Windows 7 is now available and is less of a problem than Vista. The server version of Windows went through similar changes but many people never tried updating their server software after the pain they suffered with Vista on their desktop computers.
I still use Windows 2000 for performance and have an XP machine on the side in case I need an application that only works on XP. XP is slightly slower and does not offer any advantages plus the registration is a pain. XP 64 offers the chance to use the whole 8 gigabytes of memory on my little desktop computer but runs slower than Windows 2000 with 3 GB. Why would I upgrade a server if Microsoft cannot get something as simple as a desktop computer to work?
Linux was on a winner based on Ubuntu Linux 9.04 against Vista. A lot of people liked their experience with Ubuntu and authorised the changeover of their servers from Windows to Linux. Ubuntu 9.10 is a step ahead of Ubuntu 9.04 but Windows 7 removed most of the objections to Windows, leaving Linux again battling to change our desktops. There are other distributions of Linux replacing Windows in some countries but none with the world wide success of Ubuntu against Vista.
Desktop
Microsoft's Windows owns the desktop. While Linux eats away at the edges of home and corporate PCs, Microsoft is expanding in the handheld computer market in competition to Symbion. Linux, by itself, is catching up too slowly. OpenOffice and other popular open source applications appear on Windows every day. OpenOffice could replace Microsoft's Office long before people switch to Linux. You can give yourself the freedom to choose either Windows or Linux for security by simply changing your applications to run on any operating system.
Server
In the server market, Linux killed off every version of Unix except Solaris and the Oracle takeover of Sun will kill of Solaris over the next few years. Apache, an open source Web server is killing off Microsoft's IIS and has killed off every other Web server. People who use Apache eventually switch to Linux.
Many of NP's comments apply to servers because servers are directly exposed to the Internet and attack. Desktop computers are usually exposed to viruses through email and the high level of desktop failures is more attributable to the poor quality of email virus filters than anything else. If a virus attacks your Linux desktop computer, destroys all your files, and leaves Linux intact, you have still lost everything, the survival of Linux is irrelevant.
NP says Linux does not fail to the point where you need to restart Linux. At the time, I found people restarted Linux less often than you restarted Windows but more often than you restarted Microsoft's NT. If Microsoft had maintained NT as a separate operating system, Microsoft's share of the server market would still be growing and NP's security review would be a three way comparison, not a two way comparison.
Clearly Microsoft killed off their own competition for Linux in the server market, NT, and focused on the desktop. Microsoft then focused on the Xbox market and then the hand held market. You are unlikely to see Microsoft quickly solving the server problems mentioned by NP because they are focused on the desktop market because that is similar to their Xbox and hand held markets. In Microsoft's eyes, the desktop's future is as an entertainment device.
Open Source Cross Platform
Apache and OpenOffice are two open source applications that run on all the important operating systems. There is a growing list of replacements for applications that run only on Windows. I had replaced more than half my Windows based applications with open source cross platform equivalents when NP wrote his comparison. Today I use open source applications almost exclusively. In the five years after the comparison, Filezilla became cross platform, Firefox became the dominant Web browser for new users, and a bucket full of other open applications reached maturity on the main operating systems.
Microsoft Word was still for some publishers but that requirement is now gone. Gimp can now read raw files from professional cameras. The main roadblocks to a total Windows replacement by Linux are the user security interface (or the lack of) and the lack of device drivers from manufacturers on initial release, something that is changing very slowly.
The Linux server approach
Linux struggles against Windows on the desktop because Microsoft is very good at handling many mixed applications. Microsoft struggles against Linux in the server market because servers do not need a mass of different applications running on one computer or the magical graphical interfaces that lead you through a maze of applications. For a server, a simple Web interface is fine for configering the only application on the server.
When you set up an email server, you build the server for email and nothing else. When you create your Web server, it serves Web pages and nothing else. Linux and computers are both so cheap and plentiful that there is no reason to use the Microsoft Small Business Server approach with 30 different applications on one server. Microsoft licensing restrictions were the only reason why Microsoft SBS existed.
Security is far simpler when you have just one application per server. One of the reasons server administrators rate Linux as more secure than Windows is the need to secure only one application on a server, not many applications. Windows servers struggle to be secure because there are so many different application administrators working on the servers. If you go back to Microsoft NT and you configure one application per server, you have just one server administrator per server. Jumping forward to the Microsoft Small Business Server approach, you can have five or more administrators changing security settings and some of those may be contractors working in another country with no responsibility for the pain caused by failed security.
After SBS, Microsoft server administrators started switching to one application per server but then they started switching back because of the fashion trend towards virtualisation and cloud computing. Both virtualisation and cloud computing are flavours of consolidation with administrators banging their heads against each other in the security area. Virtualisation works with Linux because all the servers were already separate and can be kept in separate virtual servers but many Windows servers go virtual without the correct separation of applications. You might end up with 20 applications spread over 20 virtual servers but every virtual server still has bits of many applications and 3 or 5 or 10 administrators fiddling with the security settings.
Why switch?
If you are using applications that run on any operating system, you are free to choose any operating system, even Apple's strange version of Unix. You can also use a mixture of operating systems and jump from machine to machine without having to relearn every application. You could have Windows on your notebook computer and Sun's Java OS on your hand held computer but still have every application window, button, and keystroke work the same.
Virtual Private Servers
One physical server can be split into many Virtual Private Servers with each VPS running one application or many. The main consideration is the type of virtualisation. VMware virtualisation lets you have a different operating system in every VPS and you are stuck with the security problem of maintaining many different operating systems. The Xen style approach has one operating system, Linux, as the base for the server, and every VPS uses the base operating system. Security is improved because the application of a security update to the base operating system in a Xen style server is automatically applied to all the virtual servers.
You can practice with Linux on the desktop then change your servers. You can test application changes on your desktop then move them up to your VPSs. You can use Linux based Xen style virtualisation without the financial, administrative, and processor overheads of proprietary VMware style virtualisation. You can split your applications into one application per VPS so that you have just one administrator per VPS.
Conclusion
If you use Windows now, start using open source cross platform applications, such as Apache, where they are a good replacement for your current Windows based applications. You will then become free to choose Linux when you become tired of the Microsoft licensing paranoia or the doubts about Windows security.
