What is better without considering cost, Linux or Windows?

We're rolling out a secure application. We have PHP developers and ASP developers, but am curious as to what is a more secure backend, Linux or Windows?

I have one developer wanting Windows with Apache (as the rest of our company runs on Windows). 1 developer wanting Linux with Apache and the other with ASP on Windows.

Can anyone provide insight into security, speed, features, ability and overall performance of these 2 backends?
Who is Participating?
mokelly1Connect With a Mentor Commented:
For security, Linux slam dunks windows.  Yes they can both be relatively secure when set up properly.  Who are you going to the bar with.  Your girlfriend or some guy that picks fights all the time?  Windows, is attacked more often than any other OS.  Linux is attacked far less as an OS.  

Any OS can have denial of service attacks but I think Linux has more solutions to security problems than Windows. A less technical person has a better chance of finding solutions and implementing tools. Tools are are much cheaper and even free so you do not have to fill out a PO to get the latest tool.   Microsoft and Novell both heavily use and support Linux.  There is your hand writing on the wall so to speak as both the networking giants have been brought to submission by an open source product.

I see where open source products are winning the battle in anti-virus, word processing, accounting, and of course won the web server war years ago.  Think about the open source model and you realize the advantages.  Real people at the user level numbering in the thousands, making real contributions to the development not 2 dozen eggheads in ivory towers rolling out cash cow versions of the OS.  

If your staff runs into a problem that is caused by a bug in the software, what are the chances they will be able to find the problem with  Microsoft and with Linux.   There is a chance Microsoft will deny the problem and fix it under the covers.  With Linux, the source code is there for all to see and help fix it!  There can be no denying.  There is no one to punish and no one to confront to get your money back.

An IBM-sponsored study on Linux suggested that GNU/Linux has won the server war as of 2006 as 83% were using GNU/Linux to deploy new systems versus only 23% for Windows.  The most notable head to head competition between Microsoft and OSS is web servers where Apache Web Server beats Microsoft's market share 58% to 34% according to Netcrafts survey published April 2007.

While many would never believe that free software could be as good as a Microsoft product, even Microsoft develops and uses open source products and has sold software using the GNU GPL license. Apple is now openly encouraging collaboration with OSS/FS developers.

I have used both ASP-Windows-MSSQL and PHP-Linux-MySQL and easily prefer the latter even though I learned the Windows route first.  The only people that I know that prefer Windows are those that have not used Linux enough and they seem to be mesmerized or hypmotized by the Windows.

Anybody on your staff used both? Ask them.  People that have only used one may have other motivations for wanting their own so they do not have to learn the other.  I resisted until I was forced.  It was not long before I realized how silly I was to not give open source a try sooner.  

We have both running side by side at work and my experience is that the Windows server has to be rebooted no less than once a month and more like once a week.  The only thing that shuts down my Linux servers is a power outage longer than the battery back up.  

There is a timer on Linux and Novell to show how long the server has been up.  I am not aware of one on Windows.  The only reason we keep the Windows server is our accounting software requires it.  That is the "vendor specific lock in" that MicheleMarcon referred to.  We have now located an open source accounting software package, webERP, and will soon be moving everything to open source.

Sites with longest running systems by average uptime in the last 7 days are shown at


Number 1 is a Windows 2000 IIs system, but the next 16 are Linux before there is another Windows server and position 30 is the third Windows system. 27 out of the top 30 uptime servers are Open Source.

If Windows has 38% of the web servers should they not have 9 to 11 in a group of 30 top performers?

Do you go with the OS whose numbers are declining or do you go with the one on the rise?
If you are going to run Apache, then you are better off doing that on a Linux/Unix platform as that is the main base for Apache.

It does depend a bit on who will be doing the development.  There's no point in getting an ASP person to do PHP pages and vice-versa.  Do you have any say as to which technology will be used or is preferred?
zemondAuthor Commented:
The application will be pushed into development and has not started yet, we have the choice of going with either technology, of course the open source team preaches php and the windows world team preaches asp, no technology is preferred over another and the best solution of the 2 will be used. Are there any risks or limitations when running apache on Windows. Can mssql do more then mysql?, are there security risks with either technology, etc...
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

It also depends on what your IT staff is capable of running, if your entire shop is already windows or linux that maybe its best to stick with that one solutions since thats what you guys have experience in. On the other hand if you have both, Linux might be a bit faster as a web server, but we have found with proper hardware/software setup both can be secure and fast.

Like I said at the top it really comes down to what your staff can support.
MicheleMarconConnect With a Mentor Commented:
I would only add that is better to avoid vendor-specific lock-in (in short: avoid Windows).
Unless of course your developers area all ASP  or .net guys and all your network admins support only windows. Either system has a million pros and cons, but in the end of the day for around the same cost (close enough on this scale to not really matter) they both get the job done. What yours business is setup to support is very important.
packetgodConnect With a Mentor Commented:
NOTE: Me=Linux Bigot and also a CISSP security guy with 15 years of experience.

The most secure system is the one that you can support and maintain the best.  You can lock down windows to be very secure, keep it up to date, load it up with anti-this and anti-that and you can have a pretty decent pretty secure system.  Plus with 2008 that have loads and loads of security features like for instance they now have a headless install with no GUI, no IE, no extra BS.  Of course Linux/Unix has been doing that for years but they have finally seen the light.

Now there are relative merits to running apache/PHP on a windows platform but I it is a stable solution that is being used regularly in the world today.  It may run better on Linux but how much better or how much more secure I can't say.  

If you do decide to go with Linux make sure that you have a support methodology written up for it and put into your procedures.  It needs to be updated and maintained just like every other system.  There shouldn't be the one Linux person who got the server up because they love Linux and they are the only ones who know how to use it/support it/etc.  I've seen too many locations where the one Linux server being maintained by a developer is the first to fall in my Pen test.  It gives Linux a bad name!

I've also found many Linux servers doing production work that are desktop variants that have no long term support methodology and need updates every few days until their 6 months are up and the new version is out such as Fedora or Ubuntu (non LTS).  That just doesn't work in a support environment, if you are going to do it, do it right with a server build with only the software packages required for operation.  No more no less, and keep them up to date not through an auto monthly "apt-get update" or whatever, make sure you have a test system to test new patches and updates so that they don't break your applications.  

So last word is that they are lots of benefits to standardizing on a platform  but if you are a large enough company with enough support staff to handle it there can be benefits to diversifying.  One thing that takes out all of one type of system may not take the others.
zemondAuthor Commented:
Thanks guys,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.