Posted by: Anonymous Coward
on March 29, 2004 12:16 AM
"Windows boxes, however, come with a certificate of authenticity that Linux distributions lack. You are meant to remove the certificate of authenticity from the box and carefully scrutinise it to ensure that it is legitimate..."
Actually, whilst Linux doesn't come with a piece of paper that says "I'm Authentic", it does come with a way of determining authenticity.
1. Go to Distro's download page, grab the MD5Sum.
2. Stick each disc in turn into the CD-ROM drive, and run: md5sum<nobr> <wbr></nobr>/dev/cdrom -- and compare the result with the above code from the website.
If they all match, then the CD is authentic.
This method does a byte-by-byte analysis of the CD, and hence, I believe this is a much more reliable way of verifying authenticity than examining some screwy piece of paper littered with holograms.
Another way is using GPG keys. This is more advanced again.
Then again, who's to say someone didn't switch the discs in the box? A hologram won't tell you that...
"In contrast to the flimsy paper envelope holding the Linux CD, the Windows CD is typically in a plastic case that is secured shut with a label that warns you to be sure you are in compliance with the licensing terms found elsewhere in the box before opening it."
Quite the contrary, all the copies of Windows 2000 & XP I've ever seen have come in just as flimsy cases. The boxed sets of WinXP Pro I've seen came with an equally flimsy folder to hold the CD. Office XP came in a cheap flimsy cardboard sleeve. Plastic Case?? I don't think so.
"Once the Linux distribution CD has finished installing, the computer requests that a superuser and regular user account be created by the person. This obvious lack of security involved in having more than one user on a computer that can be logged in simultaneously has driven Linux into relative obscurity."
Okay, when you set up Windows, by default all users are set up with administrative privledges for day-to-day tasks. This means that they can practically do anything with the system.
In contrast, most Linux systems only set up one administrator account, <tt>root</tt>. Any other accounts are standard user accounts, and have limited privledges (equivalent to the Power Users group in Win2K). People then only use <tt>root</tt> when they need to. Clearly this must be more secure than the Windows solution.
Now, I notice the author hasn't yet commented on actually using the operating systems.
"Once installed, Windows can easily be set up to connect to the Internet and be used to browse the Web, check email, and run productivity software without any flaws, and unlike the insecure hacker operating system Linux, will quickly and without complaint run any software offered it from any Web site or email attachment as requested."
Uh huh..... And you can do the same with Linux.
KPPP and similar dialup tools are very easy to configure, likewise with X-ISP, wvdial and the likes. Many distributions come with a firewall based on the netfilter firewall system built into the Linux kernel, and can share internet right out of the box.
Most distributions come with productivity software (notably OpenOffice.org). In contrast, Microsoft Office is a separate package you have to buy separately.
Ohh, and for those using this for private & educational use, there's an added bonus, Linux is available free of charge. Windows is approx $200 at least, plus Office, another $100, plus whatever other 3rd party apps.... you don't get a lot out of $500. (Prices above are approx $AU prices) For a university student like myself, this makes Linux a much better deal.
Linux, since it is not compatable with Windows binaries, is also not suseptable to the latest viruses floating about. Yes, there are viruses for Linux too -- but they are extremely rare (let's just say, in the 7-8 years of me using Linux, I've only heard of one or two, and they were only a problem for server admins of public machines).
Windows on the other hand -- ohh dear, most of the latest viruses seem to be targeted at Outlook/OE. Oddly, Mozilla doesn't seem to suffer with these viruses, even under Windows.
Now, okay, we can't blame Microsoft for the viruses, a lot of this is tall poppey syndrome. MS happens to be the tall poppey, and virus makers are trying to cut it down. However, why is it that they still haven't fixed these holes in Outlook? If they actually sat down and sorted out these problems, I think we'd slowly start to see a drop in the number of viruses.
Okay, now, I'm not advocating Linux as the bees knees here. There is no such thing as a all-purpose OS. Windows and Linux come close, but no where near close enough. Experience has tought me that Microsoft seems to put features & usability ahead of security. Security is an afterthought. Linux has concentrated more on security and stability -- usability has been an afterthought.
When choosing an OS, I've found that it is a horses for courses market. Windows makes a reasonable desktop OS, it's a very good gaming platform, and a decent workstation. However, it starts to fall apart at the server level.
Windows started its life as a MS-DOS application. MS-DOS is a single-user, single-tasking OS. And hence, Windows has inherited a lot of this. Hence, whilst it can work as a server, and do the job quite successfully, it can end up with some funny quirks as a result.
Linux was written from scratch. Thesedays, it's produced by several hundred developers working directly on the kernel around the world, and more than several hundred packages worked on by thousands of developers. It shares a little code with some other OSes, but most of it is unique. The code for Linux is wide open, anyone can look at it, anyone can scruitenise it, anyone can contribute. Contributions are normally in the form of source code patches, which are heavily scrutenised by the core developers.
Over the years, Linux has seen many additions, including improvements to its security. Since the code is open, when a hole is found, it usually isn't long before someone comes up with a fix, the fix gets trialled, and eventually accepted (or rejected). The person with the fix could be anyone -- even from Microsoft or SCO... this is the open nature of Linux.
Microsoft however, prefers to keep its code behind closed doors. This is fine, I have nothing against that -- when you order food at a restaurant, you don't need to know what the ingredients are normally. It's the same thing here. Now, if there is a problem with the code, because Microsoft are the only people with the code, they're the only people who can help us. How long does it take for them to make a patch? Sometimes they can do it suprisingly quickly, but often, it's a long wait.
Moreover, you don't get to see what they changed. You don't know if they really did fix the problem, and what other bugs got introduced in the process. So I now ask the question...
After all this evidence provided above, is Windows really more secure than Linux?
Now, with OSes, I've already demonstrated (IMHO) that there is no perfect OS. Linux has its flaws, as does Windows, as does MacOS, as does just about any other OS you care to mention. So therefore, which is the better OS?
I'm forced to admit, Linux seems to have the upper hand here. (IMHO of course)
I always choose on this criteria:
1. Pick an operating system suitable for the intended task.
If you're setting up a home desktop, then this will most likely be Windows, but could be anything...Linux, *BSD, OS/2, anything you like. Servers: You may want to look at a Unix-like OS such as Linux or *BSD, or the Server-class versions of Windows.
2. Pick an operating system you are familiar with.
It's no good running down to the shop to buy Linux to set up your server if you've never used it before. If you know one OS better than another, then I would consider using that OS. Some people only know Windows, in which case, go Windows 2003 Server or something similar -- I'm used to Linux, and I prefer it as a server OS. I don't know FreeBSD very well, so I tend to avoid it for production purposes.
Anyways, that's my opinion, and my little rant. Hopefully I've presented the other side of the story which I think is missing here.
Stuart Longland < stuartl at longlandclan dot hopto dot org >
Learn about Linux
Download Linux
Get Linux help
My critique
Posted by: Anonymous Coward on March 29, 2004 12:16 AMActually, whilst Linux doesn't come with a piece of paper that says "I'm Authentic", it does come with a way of determining authenticity.
1. Go to Distro's download page, grab the MD5Sum.
2. Stick each disc in turn into the CD-ROM drive, and run: md5sum<nobr> <wbr></nobr>/dev/cdrom -- and compare the result with the above code from the website.
If they all match, then the CD is authentic.
This method does a byte-by-byte analysis of the CD, and hence, I believe this is a much more reliable way of verifying authenticity than examining some screwy piece of paper littered with holograms.
Another way is using GPG keys. This is more advanced again.
Then again, who's to say someone didn't switch the discs in the box? A hologram won't tell you that...
Quite the contrary, all the copies of Windows 2000 & XP I've ever seen have come in just as flimsy cases. The boxed sets of WinXP Pro I've seen came with an equally flimsy folder to hold the CD. Office XP came in a cheap flimsy cardboard sleeve. Plastic Case?? I don't think so.
Okay, when you set up Windows, by default all users are set up with administrative privledges for day-to-day tasks. This means that they can practically do anything with the system.
In contrast, most Linux systems only set up one administrator account, <tt>root</tt>. Any other accounts are standard user accounts, and have limited privledges (equivalent to the Power Users group in Win2K). People then only use <tt>root</tt> when they need to. Clearly this must be more secure than the Windows solution.
Now, I notice the author hasn't yet commented on actually using the operating systems.
Uh huh..... And you can do the same with Linux.
KPPP and similar dialup tools are very easy to configure, likewise with X-ISP, wvdial and the likes. Many distributions come with a firewall based on the netfilter firewall system built into the Linux kernel, and can share internet right out of the box.
Most distributions come with productivity software (notably OpenOffice.org). In contrast, Microsoft Office is a separate package you have to buy separately.
Ohh, and for those using this for private & educational use, there's an added bonus, Linux is available free of charge. Windows is approx $200 at least, plus Office, another $100, plus whatever other 3rd party apps.... you don't get a lot out of $500. (Prices above are approx $AU prices) For a university student like myself, this makes Linux a much better deal.
Linux, since it is not compatable with Windows binaries, is also not suseptable to the latest viruses floating about. Yes, there are viruses for Linux too -- but they are extremely rare (let's just say, in the 7-8 years of me using Linux, I've only heard of one or two, and they were only a problem for server admins of public machines).
Windows on the other hand -- ohh dear, most of the latest viruses seem to be targeted at Outlook/OE. Oddly, Mozilla doesn't seem to suffer with these viruses, even under Windows.
Now, okay, we can't blame Microsoft for the viruses, a lot of this is tall poppey syndrome. MS happens to be the tall poppey, and virus makers are trying to cut it down. However, why is it that they still haven't fixed these holes in Outlook? If they actually sat down and sorted out these problems, I think we'd slowly start to see a drop in the number of viruses.
Okay, now, I'm not advocating Linux as the bees knees here. There is no such thing as a all-purpose OS. Windows and Linux come close, but no where near close enough. Experience has tought me that Microsoft seems to put features & usability ahead of security. Security is an afterthought. Linux has concentrated more on security and stability -- usability has been an afterthought.
When choosing an OS, I've found that it is a horses for courses market. Windows makes a reasonable desktop OS, it's a very good gaming platform, and a decent workstation. However, it starts to fall apart at the server level.
Windows started its life as a MS-DOS application. MS-DOS is a single-user, single-tasking OS. And hence, Windows has inherited a lot of this. Hence, whilst it can work as a server, and do the job quite successfully, it can end up with some funny quirks as a result.
Linux was written from scratch. Thesedays, it's produced by several hundred developers working directly on the kernel around the world, and more than several hundred packages worked on by thousands of developers. It shares a little code with some other OSes, but most of it is unique. The code for Linux is wide open, anyone can look at it, anyone can scruitenise it, anyone can contribute. Contributions are normally in the form of source code patches, which are heavily scrutenised by the core developers.
Over the years, Linux has seen many additions, including improvements to its security. Since the code is open, when a hole is found, it usually isn't long before someone comes up with a fix, the fix gets trialled, and eventually accepted (or rejected). The person with the fix could be anyone -- even from Microsoft or SCO... this is the open nature of Linux.
Microsoft however, prefers to keep its code behind closed doors. This is fine, I have nothing against that -- when you order food at a restaurant, you don't need to know what the ingredients are normally. It's the same thing here. Now, if there is a problem with the code, because Microsoft are the only people with the code, they're the only people who can help us. How long does it take for them to make a patch? Sometimes they can do it suprisingly quickly, but often, it's a long wait.
Moreover, you don't get to see what they changed. You don't know if they really did fix the problem, and what other bugs got introduced in the process. So I now ask the question...
After all this evidence provided above, is Windows really more secure than Linux?
Now, with OSes, I've already demonstrated (IMHO) that there is no perfect OS. Linux has its flaws, as does Windows, as does MacOS, as does just about any other OS you care to mention. So therefore, which is the better OS?
I'm forced to admit, Linux seems to have the upper hand here. (IMHO of course)
I always choose on this criteria:
1. Pick an operating system suitable for the intended task.
If you're setting up a home desktop, then this will most likely be Windows, but could be anything...Linux, *BSD, OS/2, anything you like. Servers: You may want to look at a Unix-like OS such as Linux or *BSD, or the Server-class versions of Windows.
2. Pick an operating system you are familiar with.
It's no good running down to the shop to buy Linux to set up your server if you've never used it before. If you know one OS better than another, then I would consider using that OS. Some people only know Windows, in which case, go Windows 2003 Server or something similar -- I'm used to Linux, and I prefer it as a server OS. I don't know FreeBSD very well, so I tend to avoid it for production purposes.
Anyways, that's my opinion, and my little rant. Hopefully I've presented the other side of the story which I think is missing here.
Stuart Longland
< stuartl at longlandclan dot hopto dot org >
#