Operating System Myths—v.1

[GreNME]

This is a list of common myths and misconceptions concerning operating systems that are regularly used when discussing performance, stability, and security. This list is not a spur-of-the-moment document, having had input from numerous sources here on the [H]. Also, it should be noted that the opinions of all of those who have influenced or contributed directly to the list don't always agree, but we all agree on one important principle: the best approach to understanding operating systems is to know fact from myth.

Without further ado, OS Myths v.1—

• Suggesting Win98 for performance—Windows 98, on any equipment that falls within system specs for XP (and arguably lower), does not perform better than Windows 2K/XP. In fact, tests have shown 98 performing slower. Add to that the known memory holes and similar large memory issues with the 9x series, and it is immediately ruled out as an option in today's higher CPU-intensive and high-memory-capacity machines. Since the main argument for suggesting 98 is because of its "lighter" reputation, XP Home is a better solution than 98 because, unlike the 2K and XP Pro versions, it comes standard with less underlying processes running and has none of the domain-level pieces that 2K/XP Pro have. The lowest common denominator for low-profile hardware performance is the not a 9x, but an NT... Win XP Home.
  
  Credits to: posts by SJConsultant, Ranma_Sao, & GreNME for information contained above
  
  .
• Disabling services for performance—there exists no proof that disabling services (a la Quack Viper) or removing the page file improves performance. What disabling is known to do is shut off and keep off specific underlying processes in Windows, which may or may not cause detrimental performance (YMMV). There are certain services, like Messenger and Remote Registry, that may help avoid annoyances when set to manual. Understanding how and why services do what they do is a great way to get "under the hood" of an OS (especially Windows), but don't jump on premature "answers" too quickly to solve your performance hopes. As a recent example: disabling many of the services will cause immediate problems during and/or after the install of Service Pack 2 for XP.
  
  Credits to: Phoenix86, Ranma_Sao, SJConsultant, & GreNME for information contained above
  
  .
• Disabling the page file on systems with large amounts of ram for performance—this might have been true, at one time. The windows 9x series, for example, was verified having some serious page file issues, so there may be no problem believing this would have worked. However, with 2k/xp, this is no longer the case. There is really only one tweak that will make any significant difference: Put the page file on another drive, preferrably on a different controller. Also, it's worth noting, as of a couple years ago, fixing the page file size to something static would prevent windows from dynamically increasing the swap size in the middle of, say, a game, which would sometimes cause a stutter. This was under win2k, and it was on old hardware, so we don't think it's really relevant anymore. There are some strong arguments by those who contributed for running without a page file (like a realistic theory about reducing the number of page faults), but more speed is not one of them.
  
  Credits to: XOR != OR, Phoenix86, Ranma_Sao, and GreNME for information contained above
  
  .
• Operating system A is more secure than B—Traditionally speaking, no operating system is inherently more secure than any other; it all comes down to administration. Some say this regarding linux, some say this regarding *bsd, and yes, some will even say this regarding windows ( those are typically brave souls ), and at the end of the day, all it's really saying is what that person is most comfortable administrating. Every operating system has its strengths and its faults, many of which are shared between different operating systems, and no one has significantly more of one or less of the other. The biggest variable in the matter of securing a machine will always be the human setting it up. Addition for clarity: Security can mean different things depending on what is to be secured from what, and the security of two systems can't be compared unless they also see the same use. Since different OSes will often be put to different use, and differences in market share will skew the results, it's hard to do direct comparisation. For different uses, different systems will probably be better or worse. However, the deciding factor is not the software, but how well it is set up and maintained, which depends solely on the person in charge. Thus, the most secure system for any one administrator is almost always the one he knows best. This is not an attempt to remove the viability of any OS.
  
  Credits to: XOR != OR, SJConsultant, Phoenix86, Ranma_Sao, HHunt, & GreNME for information contained above
  
  .
• Linux is the answer to having an older machine perform like new—Linux is a great alternative to running Windows, and has just as many overall capabilities, but the most often-used misconception is that installing a modern Linux will perform like new computer on an old machine. If one were to run without a GUI, Linux performs wonderfully, even on older hardware. However, "even on" is the catch. It will always run better on newer hardware, just like Windows and any other OS, because the better the machine, the better the software will run (9 times out of 10). And if you decide you want to run a GUI, then the requirements go up. GNOME and KDE, the two most popular graphic environments, require pretty much as much in terms of system requirements as WindowsXP. If you want that old machine to work its best as a file server or web server or just to try out UNIX tricks, then you'll get better results leaving the graphic environment off, meaning you won't be getting everything you may want out of the deal. When running without a GUI, Linux flies, and can even fly on older hardware. Once a graphical environment is added to the mix, the overhead increases dramatically.
  
  Credits to: XOR != OR, Phoenix86, & GreNME for information contained above
  
  .
• Blaming Microsoft for all problems—Nothing is more detrimental to troubleshooting than seeing people blame everything on Microsoft anytime they have a problem with their PC. While Microsoft does not need defending (Service Pack 2 seems to be doing very well), some need to realize that poorly written drivers and applications are often likely to blame. Microsoft can try as hard as they want to make a stable OS, but if loading some dubious sound card or other component drivers cause lockups and freezes, you can't always blame MS. This is where digitally signed drivers have come into play, as well as WHQL certification. In addition, there are recommended techniques for optimization, security, setup, and configuration. Equally, there are non-recommended techniques for many of these, as well. Often, the best way to understand what can be done in various situations with software is to understand how the things are done. Be wary of any modification, tweak, 'fix,' or other walk-throughs that avoid this or cannot explain how it is changing things. This is not meant to defend any MS business practice or legal issues, it is meant to point out that using MS as a scapegoat for our troubles is not solving any problem, and could be allowing the problem to get worse.
  
  Credits to: djnes & GreNME for information contained above.
  

My name appears in yellow in some of those only because I am paraphrasing things these other guys have said in many different ways over time. I appreciate these guys sharing their knowledge on the forum consistently and freely as much as they have. They are an asset to the [H] for sure.

This is a first revision of the list, and as time progresses, there will be some documentation linked as well. This is revision 1 of the list, so expect changes as time progresses.

 

[djnes]

I have some ideas for some others, so I'll try to get them organized somehow. I'd still like maybe for some suggestions on how we can test the page file theories. I've always been doing it on my gaming systems especially, and have always felt it does make a difference. Not in overall speed of the computer, but in terms of my game level loads, as per our previous conversation(s). I'm not saying this to disagree, I'm just saying I'd have to vote on the side of recommending it for a gaming system. Once I do disable it, and reboot, the system does seem a bit snappier, which is far from scientific. I guess I'd like to see some kind of test for this.

 

[mosin]

I have some ideas for some others, so I'll try to get them organized somehow. I'd still like maybe for some suggestions on how we can test the page file theories. I've always been doing it on my gaming systems especially, and have always felt it does make a difference. Not in overall speed of the computer, but in terms of my game level loads, as per our previous conversation(s). I'm not saying this to disagree, I'm just saying I'd have to vote on the side of recommending it for a gaming system. Once I do disable it, and reboot, the system does seem a bit snappier, which is far from scientific. I guess I'd like to see some kind of test for this.

First, I'm not a gamer, so anything I say may not apply.

I read at Microsoft's site that a small pagefile on C:, and a Windows managed one on a separate drive is best for stability. I agree, based on the machines that I have set up. Is it best for gamers, too? I don't know, but for me it seems to be the best way that I have tried.

EDIT: Here's where to start at Microsoft's website.

 

[GreNME]

djnes, I'm still for coming up with a consensus-led test to figure out exactly what the limits and reaches of it are. Contact Phoenix86 and SJConsultant as well, maybe we can trade e-mail while figuring it out. It would definitely be useful as something to refer to when telling people exactly what can work for them.

 

[djnes]

djnes, I'm still for coming up with a consensus-led test to figure out exactly what the limits and reaches of it are. Contact Phoenix86 and SJConsultant as well, maybe we can trade e-mail while figuring it out. It would definitely be useful as something to refer to when telling people exactly what can work for them.

I'm just not coming up with any ideas on how to test this. Anyways, I thought of another OS Myth:

It's always Microsoft's fault. - Nothing irrates me more than seeing people blame everything on Microsoft anytime they have a problem with their PC. While I am not going to even try and defend MS (although XP SP2 seems to be doing very well), some people need to realize that poorly written drivers and applications are most likely to blame. Microsoft can try as hard as they want to make a stable OS, but if your loading some crappy sound card drivers that cause lockups and freezes, you can't always blame MS. Again, I'm not trying to defend MS, I just wish some people would learn more about how their PC works, so they can point blame to the appropriate place.

 

[133]

If disabling of services is going to mess up the Service Pack 2 install there should be some kinda README or Disclaimer or something letting us know what we NEED to have running.

Personally, i disabled a ton of services and my comp is running smoother than ever.

 

[doh]

Operating system A is more secure than B—Traditionally speaking, no operating system is inherently more secure than any other; it all comes down to administration. Some say this regarding linux, some say this regarding *bsd, and yes, some will even say this regarding windows ( those are typically brave souls ), and at the end of the day, all it's really saying is what that person is most comfortable administrating. Every operating system has its strengths and its faults, many of which are shared between different operating systems, and no one has significantly more of one or less of the other. The biggest variable in the matter of securing a machine will always be the human setting it up.

http://www.openbsd.org/

Only one remote hole in the default install, in more than 8 years!

I don't think Windows or most canned Linuxes can speak to that reputation.

 

[Yogi]

[*] Linux is the answer to having an older machine perform like new—Linux is a great alternative to running Windows, and has just as many overall capabilities, but the most often-used misconception is that installing a modern Linux will perform like new computer on an old machine. If one were to run without a GUI, Linux performs wonderfully, even on older hardware. However, "even on" is the catch. It will always run better on newer hardware, just like Windows and any other OS, because the better the machine, the better the software will run (9 times out of 10). And if you decide you want to run a GUI, then the requirements go up. GNOME and KDE, the two most popular graphic environments, require pretty much as much in terms of system requirements as WindowsXP. If you want that old machine to work its best as a file server or web server or just to try out UNIX tricks, then you'll get better results leaving the graphic environment off, meaning you won't be getting everything you may want out of the deal. When running without a GUI, Linux flies, and can even fly on older hardware. Once a graphical environment is added to the mix, the overhead increases dramatically.

Credits to: XOR != OR, Phoenix86, & GreNME for information contained above

You might want to mention that Linux can be used with lighter GUIs like XFCE and the *box window managers. They can be good alternatives for old machine that you want a GUI for.

Another myth:

Windows Critical Updates are somehow bad. - I run into a suprising number of users who think that windows critical updates are either some kind of hidden spyware, or will cause them to loose system stability or all their data. Microsoft isn't perfect, but for goodness sakes people, just download the critical updates! They are CRITICAL!

I'm also not sure I completely agree with the "All OS' are equally secure" point, or at last how it is worded. It's true that 99% of security is about good administration, and that users cause almost all security problems, but actual security holes and exploits are different from OS to OS. Sometimes people can explit holes before a patch is released, and so you want an OS with fewer security holes from the get go.

This looks like the start of a good guide, keep it up.

 

[Stugots]

...
Disabling services for performance—there exists no proof that disabling services (a la Quack Viper) or removing the page file improves performance. What disabling is known to do is shut off and keep off specific underlying processes in Windows, which may or may not cause detrimental performance (YMMV). There are certain services, like Messenger and Remote Registry, that may help avoid annoyances when set to manual. Understanding how and why services do what they do is a great way to get "under the hood" of an OS (especially Windows), but don't jump on premature "answers" too quickly to solve your performance hopes. As a recent example: disabling many of the services will cause immediate problems during and/or after the install of Service Pack 2 for XP.
...

i disagree. if you are using a system with say 256mb of ram, and windows is consuming 130+mb of ram, disabling services will bring that down closer to 100mb depending on how many you disable. it wont improve perfomance but it will make your system more responsive because it wont have to swap to the hard disk when it runs out of hard drive space.

 

[GreNME]

I'm just not coming up with any ideas on how to test this. Anyways, I thought of another OS Myth:

It's always Microsoft's fault. - Nothing irrates me more than seeing people blame everything on Microsoft anytime they have a problem with their PC. While I am not going to even try and defend MS (although XP SP2 seems to be doing very well), some people need to realize that poorly written drivers and applications are most likely to blame. Microsoft can try as hard as they want to make a stable OS, but if your loading some crappy sound card drivers that cause lockups and freezes, you can't always blame MS. Again, I'm not trying to defend MS, I just wish some people would learn more about how their PC works, so they can point blame to the appropriate place.

Nice one! Consider it added!

i disagree. if you are using a system with say 256mb of ram, and windows is consuming 130+mb of ram, disabling services will bring that down closer to 100mb depending on how many you disable. it wont improve perfomance but it will make your system more responsive because it wont have to swap to the hard disk when it runs out of hard drive space.

It won't improve system performance, and if you can disable enough services to free up 30 megabytes of RAM, then you would have to be disabling some important (or possibly critical) OS services, unless you are getting rid of 3rd-party services that Windows never installed (like the two iTunes installs). So, assuming lots of caveats and still not claiming any performance increase, your what-if situation might hold a little water. However, I can guarantee you that disabling 30MB of startup services is likely to totally screw your SP2 install.

 

[Stugots]

...However, I can guarantee you that disabling 30MB of startup services is likely to totally screw your SP2 install.

agreed

 

[BillLeeLee]

I'll tack on one that focuses more into your "Operating System A is more secure than Operating System B"

Windows is filled with insecurity holes and is prone to virii, more than Linux/BSD/Mac OS X

Yes, it may seem like that because every month, or possibly every week, we get reports in saying "New major critical security flaws found in Windows software," or "New virus/worm on the rampage on Windows machines."

Well, part of the equation is that MS owns something like 90% of the market with its operating system, and if people want to do damage with a virus or exploit, it's best for them to target the product with the biggest market share.

Linux/*BSD/Mac OS X aren't exactly impervious to security threats - you have to keep them updated and do many of the same things you'd be doing on a Windows box, like run a firewall and antivirus.

Linux has a flaw in the 2.6 kernel that would allow a certain piece of C++ code to crash the computer. It was fixed in the 2.6.7 kernel and I think patches might have been released for the other kernels (not sure).

I'm not really sure on the *BSD front myself, but as a whole, if you can't take care of your computer and protect it correctly, then it doesn't really matter what you're running, because you're still open to root kitting, trojans, etc.

Thanks to XOR != OR for expounding on the virtues of the firewall and AV for Linux, and those who shared Linux/Windows security knowledge

 

[GreNME]

http://www.openbsd.org/

I don't think Windows or most canned Linuxes can speak to that reputation.

Do I really need to point out that almost all remote exploits out there, no matter the operating system, are exploited due to 3rd-party software? Are you saying OpenBSD doesn't use Apache? Been plenty of holes there. Samba? Also, you really think there haven't been recent remote exploits?

Default means nothing. A default anything can't do much as a workstation, desktop, or server. This means it has to be configured, which means things need to be set up, modified, and/or configured. No one OS is going to be, if fully properly configured, safer than the other. It will always come down to the human element.


Oh, and BillLeeLee, good addition. I'll get to it in a bit. You too, Yogi.

 

[Vertigo Acid]

http://www.openbsd.org/
I don't think Windows or most canned Linuxes can speak to that reputation.

Beat me to it That's the first thing I thought of when I read that "myth". Ever read the DoD standards for trusted systems? That would suggest that yes, some OSes are more secure than others. There are linux/bsd (trustix, openbsd) distributions that have attaned B ratings, something that Windows has yet to achieve (NT-based OSes are C2, IIRC)

 

[Sean]

I'll tack on one that focuses more into your "Operating System A is more secure than Operating System B"

Windows is filled with insecurity holes and is prone to virii, more than Linux/BSD/Mac OS X

Yes, it may seem like that because every month, or possibly every week, we get reports in saying "New major critical security flaws found in Windows software," or "New virus/worm on the rampage on Windows machines."

Well, part of the equation is that MS owns something like 90% of the market with its operating system, and if people want to do damage with a virus or exploit, it's best for them to target the product with the biggest market share.

Linux/*BSD/Mac OS X aren't exactly impervious to security threats - you have to keep them updated and do many of the same things you'd be doing on a Windows box, like run a firewall and antivirus.

Linux has a flaw in the 2.6 kernel that would allow a certain piece of C++ code to crash the computer. It was fixed in the 2.6.7 kernel and I think patches might have been released for the other kernels (not sure).

I'm not really sure on the *BSD front myself, but as a whole, if you can't take care of your computer and protect it correctly, then it doesn't really matter what you're running, because you're still open to root kitting, trojans, etc.

Thanks to XOR != OR for expounding on the virtues of the firewall and AV for Linux, and those who shared Linux/Windows security knowledge

Quite true, except you need to add to this that the holes, and exploits are actually exploited on a large scale AFTER Microsoft releases a patch/Critical update. It just that jonny user doesn't do the updates.

Cheers,

 

[BillLeeLee]

Quite true, except you need to add to this that the holes, and exploits are actually exploited on a large scale AFTER Microsoft releases a patch/Critical update. It just that jonny user doesn't do the updates.

Cheers,

Yes, it seems that most major problems happen as a result of people who don't update either due to ignorance or laziness.

Heck, doesn't windows by default have automatic updating enabled? Although I think it just downloads the updates but doesn't apply them, which is a problem.

Hundreds of computers on my school's network were devestated by Sasser, Blaster, myDoom, etc. because they never updated their computers, despite news reports and the school even telling people.

Then there are people who voluntarily but unknowingly put stupid crap on their comp like bonzibuddy and coolwebsearch and gator, then their comp starts bugging out, and they blame MS like djnes said. Nothing like finding 500+ instances of adware/spyware, and crap that people actually decided to isntall on their comp.

 

[GreNME]

Beat me to it That's the first thing I thought of when I read that "myth". Ever read the DoD standards for trusted systems? That would suggest that yes, some OSes are more secure than others. There are linux/bsd (trustix, openbsd) distributions that have attaned B ratings, something that Windows has yet to achieve (NT-based OSes are C2, IIRC)

Get back to me when it gets classified for desktop use by the DoD and other parts of the government (CIA, FBI), like Windows is almost exclusively.

As servers, *BSD kicks ass. As a desktop, there are reasons its market presence is in the decimals...

 

[Clockwork]

Do I really need to point out that almost all remote exploits out there, no matter the operating system, are exploited due to 3rd-party software? Are you saying OpenBSD doesn't use Apache? Been plenty of holes there. Samba? Also, you really think there haven't been recent remote exploits?

Default means nothing. A default anything can't do much as a workstation, desktop, or server. This means it has to be configured, which means things need to be set up, modified, and/or configured. No one OS is going to be, if fully properly configured, safer than the other. It will always come down to the human element.


Oh, and BillLeeLee, good addition. I'll get to it in a bit. You too, Yogi.

Actually, all of the software in OpenBSD's ports tree is all extensively audited and hardened. The apache server software that ships with OpenBSD is not the same apache you would download from an apache mirror site. Yes there are still issues with the OS as there are with any of them. But OpenBSD's focus is security, it could easily be argued that it is more secure than the others. The other one that might be in this class, but probably way beyond it is Plan 9.

 

[SJConsultant]

Beat me to it That's the first thing I thought of when I read that "myth". Ever read the DoD standards for trusted systems? That would suggest that yes, some OSes are more secure than others. There are linux/bsd (trustix, openbsd) distributions that have attaned B ratings, something that Windows has yet to achieve (NT-based OSes are C2, IIRC)

The DoD standards are criteria on which systems are evaluated to see if they meet that criteria. The DoD does not go out and test every OS, the OS Manufacturer submits their product for testing. If the OS hasn't been submitted for testing at that level then its all purely speculation whether it can pass or not.

Not to mention, any system configured at such levels is not going to be functional as a desktop system.

A majority of you that are trying to claim one OS is more secure than the other is failing to understand is the weakest link in anything computer security related is the human element. Security cannot be simplified down to an OS.

 

[HHunt]

Actually, all of the software in OpenBSD's ports tree is all extensively audited and hardened. The apache server software that ships with OpenBSD is not the same apache you would download from an apache mirror site. Yes there are still issues with the OS as there are with any of them. But OpenBSD's focus is security, it could easily be argued that it is more secure than the others. The other one that might be in this class, but probably way beyond it is Plan 9.

OpenVMS is supposedly so bugfree and secured that there is essentially nothing left to fix, if we're going to compare OSes.
Doesn't help the 3rd-party software, of course.
(This is where things like the OpenBSD apache version helps: They froze it at some version and will only bugfix it. Add in that they've searched the code for common sources of buffer overflows, and it is potentially more secure than another system running some normal apache version. See the next, speculative, paragraph.)

Also, there's the 0-day exploits and the like. If something comes up that there is a known exploit for, but no fix (yet), or if some flaw is found and utilized before you can know about it, being a good sysadmin can only limit the damage. It's tempting to say that the fewer holes that appear per unit time, the less the risk of this happening is. Going by this an OS might perhaps be said to be "more secure" than another if it is thought to contain fewer unknown holes.

Btw, has anyone bothered to define "secure"? "Less likely to have an exploitable hole you haven't plugged" is roughly what I'm aiming at here, because that seems like the main way software can contribute to data security and accessability or the lack of such.
(You can't simplify security to not include the software.)

Oh, and another myth: The *BSDs aren't good desktop OSes. I can't vouch for openBSD, but Net- and Free- make perfectly good, fast and capable desktops, with more recent versions of relevant software than several linux distros. If you don't use a BSD because you don't think it will work as a desktop you really need to try.[1] Yes, they are fine for servers, but so is linux, and does that make it less of a desktop?

[1] And if you've never considered it, please do. (This message brought to you by FreeBSD Astoturfing Inc.)

 

[GreNME]

Oh, and another myth: The *BSDs aren't good desktop OSes. I can't vouch for openBSD, but Net- and Free- make perfectly good, fast and capable desktops, with more recent versions of relevant software than several linux distros. If you don't use a BSD because you don't think it will work as a desktop you really need to try. Yes, they are fine for servers, but so is linux, and does that make it less of a desktop?

Actually, yes. I don't care much for hypothetical "could-be" situations, I'm concerned with what actually is. The truth is, governments, companies, and more than 90% (closer to 95%) of the general public finds Windows more viable as a desktop, and by those same figures (same link), 99% of the market finds both Linux and BSD less useable for the desktop.

Call me when that actually changes, and then we'll talk desktop viability.

[edit] Guys, don't take this as some kind of challenge to the viability of Linux or BSD. I'm not doggin' it, and neither are the others who contributed. In fact, some of us are regular users of some form of *nix out there, and enjoy it immensely. This is not a contest to see who knows more hypothetical situations or has more links to root (or admin) exploits out there. It is simply that any of the major OSes out there can be suitably secured with suitable administration. Your mileage with any single OS out there is going to vary depending on whatever your preferences and comfort-level is with certain OSes.

Just want to clear that up.

 

[SJConsultant]

Oh, and another myth: The *BSDs aren't good desktop OSes. I can't vouch for openBSD, but Net- and Free- make perfectly good, fast and capable desktops, with more recent versions of relevant software than several linux distros. If you don't use a BSD because you don't think it will work as a desktop you really need to try. Yes, they are fine for servers, but so is linux, and does that make it less of a desktop?

The choice of desktop OS has to meet the requirements of the end user, so in essence a majority of my clients *cannot* use linux or BSD simply because the software they depend on does not run on linux or BSD.

No one ever said Linux or BSD was not good for a desktop and let's not make this into another Windows vs. every other OS out there thread.

 

[HHunt]

The choice of desktop OS has to meet the requirements of the end user, so in essence a majority of my clients *cannot* use linux or BSD simply because the software they depend on does not run on linux or BSD.

No one ever said Linux or BSD was not good for a desktop and let's not make this into another Windows vs. every other OS out there thread.

Damn, why wo defensive, both of you? Some form of paranoia, or shell-shock from one flamewar too many?
All I was saying is that is doesn't make a worse desktop than linux.

(Viability for my personal use, others personal use, or corporate use doesn't enter into it.)

 

[GreNME]

Damn, why wo defensive, both of you? Some form of paranoia, or shell-shock from one flamewar too many?
All I was saying is that is doesn't make a worse desktop than linux.

(Viability for my personal use, others personal use, or corporate use doesn't enter into it.)

I understand where you're coming from, but you're arguing a point that is addressing a far more wide-reaching playing field. For you, personally, one seems more viable than the other. No one has disputed that. In fact, we've clarified it. We just made it a point to clarify that "good for me" does not equal "good for everyone."

 

[Phoenix86]

Damn, why wo defensive, both of you? Some form of paranoia, or shell-shock from one flamewar too many?
All I was saying is that is doesn't make a worse desktop than linux.

(Viability for my personal use, others personal use, or corporate use doesn't enter into it.)

Stemming a flame war in this type of thread is a good thing. The 'myth' is 'Operating system A is more secure than B.' By posting Linux is good, you are trying to counter that point. You ARE trying to argue it, which is the whole point of the myth. It's NOT the OS, it's the USER.

Trust me, I'm no linux type, have hardly ever worked on it. Can I make a OpenBSD vulnerable? Simple answer, of course I can. So it's not 'more secure' simply because it's OpenBSD. Just like Windows isn't less secure, simply because it's windows. See?

Nice writeup GreNME . Shoot me a PM (will forward to my e-mail, which I never check on the weekends) whenever you want to get me in on a discussion.

 

[HHunt]

Stemming a flame war in this type of thread is a good thing. The 'myth' is 'Operating system A is more secure than B.' By posting Linux is good, you are trying to counter that point. You ARE trying to argue it, which is the whole point of the myth. It's NOT the OS, it's the USER.

Trust me, I'm no linux type, have hardly ever worked on it. Can I make a OpenBSD vulnerable? Simple answer, of course I can. So it's not 'more secure' simply because it's OpenBSD. Just like Windows isn't less secure, simply because it's windows. See?

Nice writeup GreNME . Shoot me a PM (will forward to my e-mail, which I never check on the weekends) whenever you want to get me in on a discussion.

Counterpoint:
How secure can each OS be made to be
a) with the same amount of time/money/work
a1) by you?
a2) by an expert?
b) With practically unlimited resources, by an expert?

What if you count the possibilities of holes being found/utilized before you can fix them against "secure"?

My point is that there might be differences in how secure an OS can be made, and in how likely something is to come up that you can't prepare for, no matter how good a sysadmin you are.

As an example: Let's say you're running someOS with someWebServer. You're an expert on it and it's as secure as it can practically be.
Someone finds a previously unknown flaw in both, throws together a script, and gets all your data, before thrashing everything.
Now, consider another OS and/or another webserver that do not have holes like this being found, and is set up with the same care.

Do you agree that in this specific scenario someOS and someWebServer was less secure than the hypothetical alternative?
And no, I'm not specifically targetting windows/IIS. And I'm not really defending Linux either. (I fairly sure there are better alternatives).

My point: I don't really disagree with you, but I also can't agree that all OSes are equally secure. Some might be easier to secure, some might be less likely to spring nasty suprises on you, and some might have unfixable faults.

 

[HHunt]

Also, I can't actually quite get your responses to match up with my intended meanings (the desktop thing this time.)

My only point was, to be more concise: "No, there's nothing magical about linux that'll make KDE or gnome run better than on a BSD."
Please tell me, again, how those extrapolations came to be?

(I'm just irked because this is one very specific, oft repeated myth that has no basis in reality. Anything that goes of on a tangent that far off will take interest away from the concrete issue I'm addressing. In short, I'm an egocentric fan-boy )

And why is "fan-boy" censored

 

[BillLeeLee]

And why is "fan-boy" censored

I think because of all the flames in the video card forum between the ATi and Nvidia fans.

 

[HHunt]

I think because of all the flames in the video card forum between the ATi and Nvidia fans.

Ah, right. Shame, it's a descriptive word.

 

[[MS]]

Quite true, except you need to add to this that the holes, and exploits are actually exploited on a large scale AFTER Microsoft releases a patch/Critical update. It just that jonny user doesn't do the updates.

Cheers,

You couldn’t be more right, exploits are very rarely seen in the wild until well after a patch is widely available.

In fact it’s normally the reverse for bugs that are exploited. Once a critical update has been posted to windows update, people around the globe immediately start to disassemble the patch and look for differences in the assembly for the various APIs, helped along by the amount of information that is usually made available with any critical update. Based on the changes made, they try and figure out how a box without the patch might be exploited, and then going about trying to produce an exploit.

 

[GreNME]

HHunt, you seem to be missing a very important variable when comparing different operating systems: incredibly huge differences in usage and market presence. When Apple, for example, had a much larger (like 8-10 times larger) percent market presence than it currently has, viruses were not uncommon (I personally spoke with a friend about an incident he had years ago just the other day). However, not even viruses and number of patches are a good gauge of security. Instead, we have to look at the intrinsic exploitability of each OS. And judging from the fact that a number of exploits are available out there for BSD as well as any other *nix (and let's not forget Win, et. al), the picture doesn't seem clear at all that any single OS seems somehow more intrinsically less exploitable.

On the other hand, if we were simply comparing which had better default settings, then NetBSD would come in on top, hands down (everything off). However, this (everything off) is not how people use operating systems, and their general use and market coverage, as well as the cross-section of the user base, must be taken into account. Otherwise, your numbers are doctored and disingenuous. Can you really claim that the majority of users of various *nix flavors are not people who are more curious in knowing how the OS works? Are you saying you would not admit that, in general, the high number of users of Windows makes it a prime candidate for people understanding security on a superficial level, at best? Using a realistic cross-section of user bases, it's no surprise to see that the reason *nix in general (and *BSD in particular) enjoy feeling secure—it's primarily a programmer's OS that is most commonly used by (you guessed it) programmers (or software enthusiasts). Recently (last ~5 years), it's seen an upswing of networking enthusiasts (usually with programming background). You're comparing an OS whose intrinsic designs more suit a niche to an OS whose intrinsic designs more suit the general public. It's really no wonder there is so much bias.

Don't get me wrong—I totally understand your love for the OS. While I hang on the Linux side of things (*BSD wasn't my cup o tea) with the *nixes, I understand your points. However, when viewing it from the larger scale, personal preference holds far less credibility than general, measurable preferences. And blanketly claiming a niche as "better" rings more of elitism than it does of an honest audit of qualitative and quantitative data. I prefer to use Windows on my desktop myself, but I'm not going to tell the guy who just made a full switch to Linux (as a friend of mine recently did) that his decision is inferior. If it works for him (and with my friend, I think it will), then that is obviously the way to go.

Once again, I'll reiterate: what is good for you (or me) is not going to necessarily be the best thing for everyone. That's what is at the heart of that "better than" myth.

 

[HHunt]

I don't think you read me as I intended, and I can't blame you:
I'm not speaking about desktops, and not really about your average hobbyist server either. More than anything, I'm thinking about servers, set up by people who know what they are doing.

Of course, neither secrets nor important servers should have any contact with the internet, but that breaks down if your webserver is important and has to access (or store) secret information.


For the rest, I absolutely see your point. I can't quite shake the feling that you're trying to use the "If any OS had Windows's market share, it would have the same number of holes found"-argument, though. I feel that's a way to easy dismissal of the code review that goes on in some projects.

If that is not what you are saying, and your point is that we can't trust the current number of exploits found as any indication of actual trustworthiness, well, I agree. However, that does not mean I won't trust some projects to have less hidden flaws than others. Not only because I like the initiative (OpenBSD, for instance), but because I've seen what it's used for (z/OS), or because of its maturity ([open]VMS).

Also, yes, I do trust ibm to be better at weeding out coding errors than microsoft. Might be naïve of me.

'nother point: I don't think "designed for security" and "designed for general use" need to be exclusive

 

[GreNME]

I don't think you read me as I intended, and I can't blame you:
I'm not speaking about desktops, and not really about your average hobbyist server either. More than anything, I'm thinking about servers, set up by people who know what they are doing.

Of course, neither secrets nor important servers should have any contact with the internet, but that breaks down if your webserver is important and has to access (or store) secret information.

I see where you're coming from, and I don't disagree. I just maintain that it's not going to be the same thing on the desktop/workstation realm.

For the rest, I absolutely see your point. I can't quite shake the feling that you're trying to use the "If any OS had Windows's market share, it would have the same number of holes found"-argument, though. I feel that's a way to easy dismissal of the code review that goes on in some projects.

Nah, the reasons go far beyond the marketshare thing. That's only part of it, and not sufficient on its own. The thing is that there is not an "all things being equal" point-of-view from which to guage.

If that is not what you are saying, and your point is that we can't trust the current number of exploits found as any indication of actual trustworthiness, well, I agree. However, that does not mean I won't trust some projects to have less hidden flaws than others. Not only because I like the initiative (OpenBSD, for instance), but because I've seen what it's used for (z/OS), or because of its maturity ([open]VMS).

Well, certain projects definitely have a higher level of trustworthiness, I agree. The thing is, all of the OSes out there have different projects working on them at different times (yes, even Microsoft has different sets of development projects).

Also, yes, I do trust ibm to be better at weeding out coding errors than microsoft. Might be naïve of me.

'nother point: I don't think "designed for security" and "designed for general use" need to be exclusive

I don't think it's naïve, but I don't think IBM is really that much more trustworthy. They have vested interest in this, just like everyone else. Also, the two don't have to be mutually exclusive, but the two are rarely hand-in-hand on any platform. Claiming one has it over the other is often going to be subjective, at best (rhetorical at worst).

Hence the reason for calling it a myth.

 

[HHunt]

Well written, and yeah, agreed.

However: It's not false, it's imprecise, IMHO. Big difference
You can sometimes say that an OS is more secure than another, if you specify some conditions.
"OpenBSD makes a more secure router than windows if both are set up by competent people" isn't too bad, while "qnx is more secure than MacOS 9" is a rather useless statement. Do we agree?


(Oh, and ibm has a reputation to maintain with z/OS, so it would make sense to be very thorough when auditing it.)

 

[GreNME]

You make a good case. Check out the addition for clarification. Let me know if you approve.

 

[SJConsultant]

You make a good case. Check out the addition for clarification. Let me know if you approve.

IMO.....Very well stated and to the point.

 

[HHunt]

You make a good case. Check out the addition for clarification. Let me know if you approve.

Thanks.
(I suspect my time here has had a a positive effect on that. Debating with SamFarber can hone you sense for nuances and counterarguments. And drive you mad, but that's a side-effect.)

I think I agree with what you're saying, but it's perhaps not quite as clear as it could be.

To hammer out the details, how's this?

"Security can mean different things depending on what is to be secured from what, and the security of two systems can't be compared unless they also see the same use. Since different OSes will often be put to different use, and differences in market share will skew the results, it's hard to do direct comparisation. For different uses, different systems will probably be better or worse. However, the deciding factor is not the software, but how well it is set up and maintained, which depends solely on the person in charge. Thus, the most secure system for any one administrator is almost always the one he knows best."

Less exact than your version, but have I gotten the essence right?
(Damn, how may times did I use "difference"? Well, at least I'm not indifferent to it. )

 

[GreNME]

Awesome.

 

[HHunt]

You're welcome.

(For an ESL guy, I like to think I'm doing okay )

 

[GreNME]

For an ESL guy, you're doing more okay than many native speakers.

This is why I wanted to do this—plenty of great additions I wouldn't have thought of on my own, by some who can say things better than I can in many areas.