See also my comparison of operating system security between MS-Windows and Linux which I hope you will find useful.
| Windows/98 | Windows/NT 4.0 | Windows/2000 | RedHat Linux 6.2 | SunOS on PC | Linux on SPARC or Alpha or Itanium | |
| Clusterable | no | no | Advanced server and data center: yes | Beowulf Piranha Steeleye |
Beowulf | Beowulf See the avalon page |
| Office Automation? | MS-Office Wordperfect |
MS-Office Wordperfect |
MS-Office Wordperfect |
StarOffice WordPerfect |
StarOffice? | StarOffice? |
| Fat-16 | yes | yes | yes | yes | no | yes |
| Fat-32 | yes | no | yes | yes | no | yes |
| NTFS | no | yes | yes | yes | no | yes |
| HPFS | no | yes | yes | yes | no | yes |
| ext2 file system | no | no | no | yes | no | no |
| address space | 2 Gbytes | 2 Gbytes | Advanced Server: 8 GB Data Center: 64 GB |
4 Gbytes in 2.2 and earlier kernels, but 64
bit integers
are supported 64 Gbytes in 2.4 kernels |
4 Gbytes | Terabytes |
| SMP | no | yes, 4 CPUs | yes, 8 CPUs Data Center, 32 CPUs |
yes, 4 CPUs | ? | yes, 256 CPUs |
| NIS client | no | no | ? | yes | yes | yes |
| NIS server | no | no | ? | yes | yes | yes |
| Kerberos client | no | no | not compatible with UNIX | yes | yes | yes |
| NFS client | no | no | optional with SFU | yes | yes | yes |
| NFS server | no | no | optional with SFU | yes | yes | yes |
| NetBEUI client | yes | yes | yes, but breaks with early versions of Samba | yes | yes | yes |
| NetBEUI server | yes | yes | yes, but breaks with early versions of Samba | yes | yes | yes |
| Secure | no | no | no | no | no | no |
| Easy to use GUI | yes | yes | yes | yes | ? | yes |
| Webserver | PWS (bundled with Front Page) | IIS | IIS | apache | apache | apache |
| Size of a full installation | 1.7 GBytes | |||||
| bundled scripting language | .bat files | .bat files | .bat files, sh | csh, sh, tcsh, bash, perl, tcl,... | csh, sh, tcsh, perl | csh, sh, tcsh, bash, perl, tcl,... |
| Scalability: low end | slow pentium, 32 MBytes RAM | Pentium, 62 MBytes RAM | 250 MHz Penitum | System-on-a-chip
(we're an EE school, right?). Matchbox
PC. The book says 4 Mbytes RAM, 80386 CPU. |
||
| Scalability: high end | 2.4
supports 4 GBytes RAM SuSE has a patch to 2.2.12 for 4 GBytes. 2.4 may support 64 GBytes of RAM on ia32! |
8 Gbytes RAM | ||||
| Journaling file system | no | NTFS and HPFS | NTFS and HPFS | yes, see ReiserFS | ||
* klyx ( http://www.kde.org
) - Excellent front-end for creating TeX documents. If you want to save
time in preparing books etc. GET
THIS TOOL!
* htmldoc ( http://www.easysw.com/htmldoc
) - Excellent for creating PDF and PS files from HTML documents. Also
creates
index
pages (toc's) etc. Also a very nice tool and I belief a must
have in your environment.
| Article | Microsoft Response |
| Market Bulletin: Examining CCIA's White Paper on Windows 2000 | |
| Migrate With Confidence From Microsoft Windows NT and Windows 2000 toUNIX/Linux | |
| The halloween memos |
See also NT
vs. Linux Server Benchmark Comparisons .
Conclusion: Linux is not yet competitive with Windows/2000 in all SMP
systems. However, Linux is competitive if not superior in
uniprocessors
systems. Linux is also superior for systems with more than 2
GBytes
of RAM (because Windows/2000 won't go that high).
Which operating system is most secure? It is important that you make sure ANY computer system is properly patched and secured. Most linux distributions do have some sort of automatic update system to help you keep up-to-date.
However, the claim that UNIX based are the most commonly hacked systems or the claim that Windows are the most commonly hacked systems is really irrelevent. That you are on a system that is more commonly hacked or less commonly hacked really doesn't matter because you still have to be dilligent about keeping the software up-to-date.
Now, having written that, there are some design features in UNIX based system that tend to make UNIX systems intrinsically secure:
In the fall of 2005, Sony released a new kind of Digital Rights
Management (DRM) system for MS-Windows machines. When an ordinary
user goes to play a Sony CD with the new DRM scheme, software from the
CD is installed into your MS-Windows computer. This software has
all kinds of adverse effects on your machine, and when (not if) you try
to remove it, the act of removing it may cause your computer to have a
blue screen of death. Insofar as I can, the story was broken by Sysinternals.
Here is my analysis of the the Sony DRM scheme:
Wednesday, November 2, 2005 · Last updated 8:23 p.m. PT
Sony unit to distribute software patch
SAN JOSE, Calif. -- After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.
The offending technology was designed to thwart music piracy.
Sony BMG Music Entertainment and its partner, UK-based First 4 Internet, said they decided to offer the patch as a precaution, not because of any security vulnerability, which some critics had alleged.
"What we decided to do is take extra precautionary steps to allay any fears," said Mathew Gilliat-Smith, First 4 Internet's CEO. "There should be no concern here."
The controversy started Monday after Windows expert Mark Russinovich posted a Web log report on how he found hidden files on his PC after playing a Van Zant CD. He also said it disabled his CD drive after he tried to manually remove it.
Russinovich made the discovery while running a program he had written for uncovering file-cloaking "RootKits." In this case, the Sony program hid the antipiracy software from view. Similar technology also has been used by virus and worm writers to conceal their code.
A firestorm quickly erupted over what appeared to be an attempt by the music company to retain control over its intellectual property by secretly installing hidden software on the PCs of unsuspecting customers.
Making matters worse, Sony did not disclose exactly what it was doing in its license agreement, Russinovich said. It only mentions that proprietary software to enable copy protection would be installed. The software affects only PCs running the Windows operating system.
"The (license) makes no mention that it's going to install something that's going to be hidden from view, that will constantly consume CPU resources even if I'm not listening to music and it will have no uninstall capability," he said.
Because the technology looks for a specific prefix in the filename, it also could be used by malware authors to mask their programs, Russinovich said. There's also the question of how a PC user is supposed to maintain a system that runs hidden programs.
"If you've got software on your computer that you can't see, there's no way for you to manage it from a security point of view," he said. "You don't know if you need updates for it. You don't know if you should uninstall it because you don't know it's even there."
Though there are no known problems with software, that could change and leave millions of unsuspecting PC users at risk of having their machines taken over by malware, said Ero Carrera, a researcher at F-Secure, a computer security firm.
"The code of the application is not exactly well done," he said. "I would tend to believe there are people already working on finding exploits."
The copy protection technology, which limits how many times a CD can be copied, was included on about 20 titles, including discs from The Bad Plus and Vivian Green, among others.
Gilliat-Smith and Sony BMG spokesman John McKay said the technology had been on the market for about eight months and there had been no major complaints prior to Russinovich's blog post. Still, a newer, similar technology was in the process of rolling out before the latest controversy erupted.
The patches that reveal the hidden files are being made available to antivirus companies as well as customers who visit the Sony BMG site. They do not remove the copy protection software, however.
McKay said customers can request a program to safely uninstall everything by visiting the Sony BMG Web site at http://cp.sonybmg.com. That site, however, requires a form to be filled out and submitted.
In a test of the form late Wednesday, an e-mail confirming receipt was quickly returned by Sony BMG customer service, but it included no instructions on how to remove the software. The message promised another reply "shortly."
The process is unlike the vast majority of Windows software, which can be easily uninstalled - by the user, without permission - through the "Add or Remove Programs" tool in the operating system's control panel.
The controversy highlights the need for rules as to what content providers can and can't install on PCs to protect their property, said Russinovich, who is co-founder and chief software architect at Winternals Software, which specializes in advanced systems software for Microsoft Windows.
"We need to get some formality about what's legal, what's ethical and what's fair - and what level of disclosure there needs to be," he said. "It's fine for Sony to say we're not going to do that now. What kind of guarantee do we have they're not going to do it at a future date or that other companies are not going to do this?"
Mark Russinovich has a blog where he writes about unkillable
processes. Evidently, it is possible to get a process in a
state where it cannot be killed without rebooting the system!
True, Linux has zombie processes, but it is easy to find the zombies
(use ps -l command) and get rid of them by killing their
parent process. (Look at the PPID column in the ps -l
command). You don't have to reboot the system.
However, even this is optimistic. A lot of people are running
IIS and they don't even know it, because IIS is turned on by default
when
Windows/NT comes out of the box! So the IIS numbers are inflated
by people who never actually made a decision, but let the OS install
program
decide for them.
From: "Bas v.d. Wiel" <bwiel@hotmail.com>
9:22 AM
Subject:
OS comoparison..
To:
<jeff@www.jeffsilverman.ddns.net>
Win2K has a few different
flavors,
each with different specs.. (this has to be.. according to
M$.. even though they use the same
kernel..don't ask me why!). This determines max.
address space, max number of
CPU's..
etc.. it's all on M$'s website,
www.microsoft.com.
NTFS is available in different
flavors
as well. Linux will read NTFS as came with NT4. Win2K
has an upgraded (read:
incompatiblized)
version of NTFS that can't be reliably used by
Linux.
I'd be wary of mixing any
environment
with M$. Their 1998 leaked 'Halloween' memo states
M$'s policy to uncommoditize
common
protocols. Looking at Kerberos on Win2K: this doesn't
cooperate with Unix... and M$
blames
Unix for it!
What I'm trying to say is that
M$
is on a path to twist and corrupt all possible open protocols
that it can get its hands on, so
that integration will be a thing of the past.
Again, I'm not making this up!
It's
official M$ material! Slap the words Halloween and
Microsoft into altavista and
you're
bound to hit the memo soon enough. M$ says it's not
official policy, but with the top
brass of the OS department approving it.. how much more
official could it get?? All
right..
ol' Billy himself could sign, but that's about it.
Be wary of integrating M$ products into a unix environment!!
if you still want to try: www.xlink.com and www.pcnfs.com (not sure about the latter).
Bas
http://www.scripting.com/misc/halloweenMemo.html
From:
"K. Bjarnason"
<kelseyb@telus.net>
7:24 PM
Subject: re: OS comparison page
To:
<jeff@www.jeffsilverman.ddns.net>
Windows 2000 clusterable: no.
Incorrect. Windows 2000 Advanced Server has a clustering
service
as
part of the base package. So does DataCenter.
Windows 2000 SMP: up to 8 CPUs.
Incorrect. Windows 2000 DataCenter supports up to 32.
Scalability, high end:
Win2K DataCenter supports up to 64Gb of physical memory.
Advanced
server supports up to 8Gb.
Just FYI.
bohamut@san.rr.com wrote:
Jeff,On page:
http://www.jeffsilverman.ddns.net/~jeffs/OS_comparison.htmlYou stated:
Secure = no no no... (etc).
apparently indicating that every OS compared was not secure.
Yes.
Am I reading the table correctly?
Can any OS be secure on Intel x86/PC hardware?Yes. Look at http://www.engardelinux.org/ and http://www.trustix.com/products/tsl/ and http://www.dwheeler.com/secure-programs/. Definitely check out http://www.nsa.gov/selinux/index.html
If not, can you recommend a secure OS, and does it require a specificI recomend OpenVMS, which runs on a VAX, an Alpha, and is being ported to the Itanium.
hardware set?
One of the reasons why I like VMS is because it is impossible to have a buffer overflow problem in programs written in FORTRAN, BASIC, COBOL, Ada, Java, and Pascal. In UNIX, when you call the operating system, you pass the address of the buffer. The buffer is 0 terminated, and the buffer has to big enough to handle the string. In VMS, when you call the operating system, you pass the address of a descriptor. The descriptor describes the string, including how the string is and possibly how big the string can be. So if you have a string which is too long for the buffer that is supposed to contain it, it will throw an exception.
The Java Operating System, JOS, see http://wiki.jos.org/,
may be
secure.
Except that there has been no
development of JOS since 2001.
Jeff
Obscure recipies for burgersA quick response would be greatly appreciated.
Thanks.Fritz
Bohamut@san.rr.com