Solved

What is better without considering cost, Linux or Windows?

Posted on 2008-06-24
8
419 Views
Last Modified: 2011-09-20
We're rolling out a secure application. We have PHP developers and ASP developers, but am curious as to what is a more secure backend, Linux or Windows?

I have one developer wanting Windows with Apache (as the rest of our company runs on Windows). 1 developer wanting Linux with Apache and the other with ASP on Windows.

Can anyone provide insight into security, speed, features, ability and overall performance of these 2 backends?
0
Comment
Question by:zemond
8 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 21862411
If you are going to run Apache, then you are better off doing that on a Linux/Unix platform as that is the main base for Apache.

It does depend a bit on who will be doing the development.  There's no point in getting an ASP person to do PHP pages and vice-versa.  Do you have any say as to which technology will be used or is preferred?
0
 
LVL 9

Author Comment

by:zemond
ID: 21862476
The application will be pushed into development and has not started yet, we have the choice of going with either technology, of course the open source team preaches php and the windows world team preaches asp, no technology is preferred over another and the best solution of the 2 will be used. Are there any risks or limitations when running apache on Windows. Can mssql do more then mysql?, are there security risks with either technology, etc...
0
 
LVL 1

Expert Comment

by:cblakeJT
ID: 21862580
It also depends on what your IT staff is capable of running, if your entire shop is already windows or linux that maybe its best to stick with that one solutions since thats what you guys have experience in. On the other hand if you have both, Linux might be a bit faster as a web server, but we have found with proper hardware/software setup both can be secure and fast.

Like I said at the top it really comes down to what your staff can support.
0
 
LVL 13

Assisted Solution

by:MicheleMarcon
MicheleMarcon earned 50 total points
ID: 21862937
I would only add that is better to avoid vendor-specific lock-in (in short: avoid Windows).
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 1

Expert Comment

by:cblakeJT
ID: 21863004
Unless of course your developers area all ASP  or .net guys and all your network admins support only windows. Either system has a million pros and cons, but in the end of the day for around the same cost (close enough on this scale to not really matter) they both get the job done. What yours business is setup to support is very important.
0
 
LVL 5

Accepted Solution

by:
mokelly1 earned 300 total points
ID: 21864098
For security, Linux slam dunks windows.  Yes they can both be relatively secure when set up properly.  Who are you going to the bar with.  Your girlfriend or some guy that picks fights all the time?  Windows, is attacked more often than any other OS.  Linux is attacked far less as an OS.  

Any OS can have denial of service attacks but I think Linux has more solutions to security problems than Windows. A less technical person has a better chance of finding solutions and implementing tools. Tools are are much cheaper and even free so you do not have to fill out a PO to get the latest tool.   Microsoft and Novell both heavily use and support Linux.  There is your hand writing on the wall so to speak as both the networking giants have been brought to submission by an open source product.

I see where open source products are winning the battle in anti-virus, word processing, accounting, and of course won the web server war years ago.  Think about the open source model and you realize the advantages.  Real people at the user level numbering in the thousands, making real contributions to the development not 2 dozen eggheads in ivory towers rolling out cash cow versions of the OS.  

If your staff runs into a problem that is caused by a bug in the software, what are the chances they will be able to find the problem with  Microsoft and with Linux.   There is a chance Microsoft will deny the problem and fix it under the covers.  With Linux, the source code is there for all to see and help fix it!  There can be no denying.  There is no one to punish and no one to confront to get your money back.

An IBM-sponsored study on Linux suggested that GNU/Linux has won the server war as of 2006 as 83% were using GNU/Linux to deploy new systems versus only 23% for Windows.  The most notable head to head competition between Microsoft and OSS is web servers where Apache Web Server beats Microsoft's market share 58% to 34% according to Netcrafts survey published April 2007.

While many would never believe that free software could be as good as a Microsoft product, even Microsoft develops and uses open source products and has sold software using the GNU GPL license. Apple is now openly encouraging collaboration with OSS/FS developers.

I have used both ASP-Windows-MSSQL and PHP-Linux-MySQL and easily prefer the latter even though I learned the Windows route first.  The only people that I know that prefer Windows are those that have not used Linux enough and they seem to be mesmerized or hypmotized by the Windows.

Anybody on your staff used both? Ask them.  People that have only used one may have other motivations for wanting their own so they do not have to learn the other.  I resisted until I was forced.  It was not long before I realized how silly I was to not give open source a try sooner.  

We have both running side by side at work and my experience is that the Windows server has to be rebooted no less than once a month and more like once a week.  The only thing that shuts down my Linux servers is a power outage longer than the battery back up.  

There is a timer on Linux and Novell to show how long the server has been up.  I am not aware of one on Windows.  The only reason we keep the Windows server is our accounting software requires it.  That is the "vendor specific lock in" that MicheleMarcon referred to.  We have now located an open source accounting software package, webERP, and will soon be moving everything to open source.

Sites with longest running systems by average uptime in the last 7 days are shown at

http://uptime.netcraft.com/up/today/top.avg.html

Number 1 is a Windows 2000 IIs system, but the next 16 are Linux before there is another Windows server and position 30 is the third Windows system. 27 out of the top 30 uptime servers are Open Source.

If Windows has 38% of the web servers should they not have 9 to 11 in a group of 30 top performers?

Do you go with the OS whose numbers are declining or do you go with the one on the rise?
0
 
LVL 1

Assisted Solution

by:packetgod
packetgod earned 150 total points
ID: 21865663
NOTE: Me=Linux Bigot and also a CISSP security guy with 15 years of experience.

The most secure system is the one that you can support and maintain the best.  You can lock down windows to be very secure, keep it up to date, load it up with anti-this and anti-that and you can have a pretty decent pretty secure system.  Plus with 2008 that have loads and loads of security features like for instance they now have a headless install with no GUI, no IE, no extra BS.  Of course Linux/Unix has been doing that for years but they have finally seen the light.

Now there are relative merits to running apache/PHP on a windows platform but I it is a stable solution that is being used regularly in the world today.  It may run better on Linux but how much better or how much more secure I can't say.  

If you do decide to go with Linux make sure that you have a support methodology written up for it and put into your procedures.  It needs to be updated and maintained just like every other system.  There shouldn't be the one Linux person who got the server up because they love Linux and they are the only ones who know how to use it/support it/etc.  I've seen too many locations where the one Linux server being maintained by a developer is the first to fall in my Pen test.  It gives Linux a bad name!

I've also found many Linux servers doing production work that are desktop variants that have no long term support methodology and need updates every few days until their 6 months are up and the new version is out such as Fedora or Ubuntu (non LTS).  That just doesn't work in a support environment, if you are going to do it, do it right with a server build with only the software packages required for operation.  No more no less, and keep them up to date not through an auto monthly "apt-get update" or whatever, make sure you have a test system to test new patches and updates so that they don't break your applications.  

So last word is that they are lots of benefits to standardizing on a platform  but if you are a large enough company with enough support staff to handle it there can be benefits to diversifying.  One thing that takes out all of one type of system may not take the others.
0
 
LVL 9

Author Closing Comment

by:zemond
ID: 31470443
Thanks guys,
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now