Linux.com

Home Linux Community Forums Linux System Administration Linux Security Ubuntu Server and Windows question. SOLVED

Ubuntu Server and Windows question. SOLVED

Link to this post 10 Feb 11

Hey everyone, I have a question. I am currently a college student and Microsoft IT guy. I had a question regarding Ubuntu server security vs windows. I recently added a gui to my ubuntu server because I don't know what I am doing otherwise, lol.

But while I was searching for information on ubuntu server I saw a lot of people saying how guis are normally considered a security risk, and that a lot of people use something like webmin or whatever else to remotely log in with a gui.

So my question is this, how does a gui as a security risk compare to using a windows server which is all gui based ? Is it the same? Is there something with linux guis that makes them less safe then windows? Or is it safer then windows but still a risk?

Please help with my confusion, lol.

Link to this post 10 Feb 11

The reason that most Linux and unix server admins do not use GUIs on their servers is because all running software add potential faults, vulnerabilities and crashes. By reducing the quantity of applications that are being run you reduce the potential exploitable vulnerabilties and reduce the system resources in use.

A simple example would be to consider the following:

Webserver1 has the following installed:
*Linux Kernel
*bash
*networking drivers
*apache webserver
*php

Webserver2:
*Linux kernel
*bash
*networking drivers
*apache webserver
*php
*gdm
*x11
*x11 libraries
*xml parsers
*gnome libraries
*ubuntu update manager
*gnome window manager
*libcairo
*gnome aplpications
*firefox
*etc...

Just a quick look at the list shows a great difference in the quantity of running application, which all can be searched on the web for security vulnerabilities, all of which can potentially cause a denial of service on the application layer or cause the cpu or memory to reach full load if exploited.

In contrast to until windows server 2008 you were forced to keep a gui running at all times, this mean that all gui applications, libraries and processes are always available to be exploited and reducing the quantity of resources that are available to the service you wish to give. Depending on what gui application and software is running the potential of vulnerability varies, but on a platform like windows that offers no option to turn of unnecessary apps you always have a high potential for failure.

Link to this post 10 Feb 11

So all of that makes sense, but since linux with a gui still would have to be directly hacked most likely instead of a virus effecting it like windows, that a linux with a gui server is better then a windows server still. Correct?

Link to this post 10 Feb 11

A Linux gui is more secure because it is not prone to the normal windows frustrations, but also because in a Linux Environment the applications are detached from the kernel which means that if they are compromised they cannot cause a kernel panic, in contrast with windows systems the gui is tied directly to the kernel, so if an app or the gui app fails it can result in a blue screen of death and a complete system freeze.

The best thing to take away from this is the fact that on a production machine you want to limit your running apps to the bare minimum to restrict resource usage and potential faults. If you start playing with CLI apps and basic configuration files you will quickly learn to love them and have no problem severing your attachment to guis.

Link to this post 10 Feb 11

UNIX in general follows an acient golden rule: "if you don't have it, you cannot break it"
You tend to have a machine with just minimal services and nothing more, with just the utility you need, only minimal packages and so on.

Link to this post 11 Feb 11

you all were extremely helpful, Thank you I appreciate it. It all makes a lot of sense and I am really looking forward to learning linux and using it in the future.

Giving you all a thumbs up on karma, thanks again. Questions were very well answered.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board