Windows or Linux for Security

Submitted by Peter on Wed, 2009-12-09 19:55

In 2004 Nicholas Petreley wrote a paper comparing the security of Linux versus the security of Windows. NP mades only two mistakes. He assumed all Microsoft operating systems were the same even though Microsoft used to sell two unrelated operating systems. NP also occasionally confused applications with operating systems. Even with those errors, the paper was a good read and gave many reasons why Linux is a better choice for some roles than Windows.

Read NP's paper in HTML or PDF.

Windows 7

My comments on Windows and Linux security were originally written in 2004 then updated for Microsoft Vista and are now updated for Windows 7.

One immediate reason for changing from Windows to Linux was Vista. Microsoft then reduced the desertion rate by supplying XP with Vista so that we can immediately upgrade from Vista to XP. Windows 7 is now available and is less of a problem than Vista. The server version of Windows went through similar changes but many people never tried updating their server software after the pain they suffered with Vista on their desktop computers.

I still use Windows 2000 for performance and have an XP machine on the side in case I need an application that only works on XP. XP is slightly slower and does not offer any advantages plus the registration is a pain. XP 64 offers the chance to use the whole 8 gigabytes of memory on my little desktop computer but runs slower than Windows 2000 with 3 GB. Why would I upgrade a server if Microsoft cannot get something as simple as a desktop computer to work?

Linux was on a winner based on Ubuntu Linux 9.04 against Vista. A lot of people liked their experience with Ubuntu and authorised the changeover of their servers from Windows to Linux. Ubuntu 9.10 is a step ahead of Ubuntu 9.04 but Windows 7 removed most of the objections to Windows, leaving Linux again battling to change our desktops. There are other distributions of Linux replacing Windows in some countries but none with the world wide success of Ubuntu against Vista.

Desktop

Microsoft's Windows owns the desktop. While Linux eats away at the edges of home and corporate PCs, Microsoft is expanding in the handheld computer market in competition to Symbion. Linux, by itself, is catching up too slowly. OpenOffice and other popular open source applications appear on Windows every day. OpenOffice could replace Microsoft's Office long before people switch to Linux. You can give yourself the freedom to choose either Windows or Linux for security by simply changing your applications to run on any operating system.

Server

In the server market, Linux killed off every version of Unix except Solaris and the Oracle takeover of Sun will kill of Solaris over the next few years. Apache, an open source Web server is killing off Microsoft's IIS and has killed off every other Web server. People who use Apache eventually switch to Linux.

Many of NP's comments apply to servers because servers are directly exposed to the Internet and attack. Desktop computers are usually exposed to viruses through email and the high level of desktop failures is more attributable to the poor quality of email virus filters than anything else. If a virus attacks your Linux desktop computer, destroys all your files, and leaves Linux intact, you have still lost everything, the survival of Linux is irrelevant.

NP says Linux does not fail to the point where you need to restart Linux. At the time, I found people restarted Linux less often than you restarted Windows but more often than you restarted Microsoft's NT. If Microsoft had maintained NT as a separate operating system, Microsoft's share of the server market would still be growing and NP's security review would be a three way comparison, not a two way comparison.

Clearly Microsoft killed off their own competition for Linux in the server market, NT, and focused on the desktop. Microsoft then focused on the Xbox market and then the hand held market. You are unlikely to see Microsoft quickly solving the server problems mentioned by NP because they are focused on the desktop market because that is similar to their Xbox and hand held markets. In Microsoft's eyes, the desktop's future is as an entertainment device.

Open Source Cross Platform

Apache and OpenOffice are two open source applications that run on all the important operating systems. There is a growing list of replacements for applications that run only on Windows. I had replaced more than half my Windows based applications with open source cross platform equivalents when NP wrote his comparison. Today I use open source applications almost exclusively. In the five years after the comparison, Filezilla became cross platform, Firefox became the dominant Web browser for new users, and a bucket full of other open applications reached maturity on the main operating systems.

Microsoft Word was still for some publishers but that requirement is now gone. Gimp can now read raw files from professional cameras. The main roadblocks to a total Windows replacement by Linux are the user security interface (or the lack of) and the lack of device drivers from manufacturers on initial release, something that is changing very slowly.

The Linux server approach

Linux struggles against Windows on the desktop because Microsoft is very good at handling many mixed applications. Microsoft struggles against Linux in the server market because servers do not need a mass of different applications running on one computer or the magical graphical interfaces that lead you through a maze of applications. For a server, a simple Web interface is fine for configering the only application on the server.

When you set up an email server, you build the server for email and nothing else. When you create your Web server, it serves Web pages and nothing else. Linux and computers are both so cheap and plentiful that there is no reason to use the Microsoft Small Business Server approach with 30 different applications on one server. Microsoft licensing restrictions were the only reason why Microsoft SBS existed.

Security is far simpler when you have just one application per server. One of the reasons server administrators rate Linux as more secure than Windows is the need to secure only one application on a server, not many applications. Windows servers struggle to be secure because there are so many different application administrators working on the servers. If you go back to Microsoft NT and you configure one application per server, you have just one server administrator per server. Jumping forward to the Microsoft Small Business Server approach, you can have five or more administrators changing security settings and some of those may be contractors working in another country with no responsibility for the pain caused by failed security.

After SBS, Microsoft server administrators started switching to one application per server but then they started switching back because of the fashion trend towards virtualisation and cloud computing. Both virtualisation and cloud computing are flavours of consolidation with administrators banging their heads against each other in the security area. Virtualisation works with Linux because all the servers were already separate and can be kept in separate virtual servers but many Windows servers go virtual without the correct separation of applications. You might end up with 20 applications spread over 20 virtual servers but every virtual server still has bits of many applications and 3 or 5 or 10 administrators fiddling with the security settings.

Why switch?

If you are using applications that run on any operating system, you are free to choose any operating system, even Apple's strange version of Unix. You can also use a mixture of operating systems and jump from machine to machine without having to relearn every application. You could have Windows on your notebook computer and Sun's Java OS on your hand held computer but still have every application window, button, and keystroke work the same.

Virtual Private Servers

One physical server can be split into many Virtual Private Servers with each VPS running one application or many. The main consideration is the type of virtualisation. VMware virtualisation lets you have a different operating system in every VPS and you are stuck with the security problem of maintaining many different operating systems. The Xen style approach has one operating system, Linux, as the base for the server, and every VPS uses the base operating system. Security is improved because the application of a security update to the base operating system in a Xen style server is automatically applied to all the virtual servers.

You can practice with Linux on the desktop then change your servers. You can test application changes on your desktop then move them up to your VPSs. You can use Linux based Xen style virtualisation without the financial, administrative, and processor overheads of proprietary VMware style virtualisation. You can split your applications into one application per VPS so that you have just one administrator per VPS.

Conclusion

If you use Windows now, start using open source cross platform applications, such as Apache, where they are a good replacement for your current Windows based applications. You will then become free to choose Linux when you become tired of the Microsoft licensing paranoia or the doubts about Windows security.

User login

Popular page

Web Architect

When you build a house you start with an architect and then, at the end, bring in an interior designer to select the colours for paint and carpet. A Web Architect is the Web equivalent to a home architect. A Web designer is the Web equivalent to an interior designer. Why do people start at the wrong end for a Web site? A Web Architect saves you money now and for many years in to the future.

Copyright

All the content of this site is under the copyright of PeterMoulding.com except where explicitly stated otherwise. Contact us to buy articles or images.