Jeff Silverman's operating system comparison page


I was a senior computing specialist at the University of Washington, and I have to decide what operating system should I buy?  Here are some of the candidates I am considering: Windows/98, Windows/NT 4.0 SP6, Windows/2000 Professional, RedHat Linux 6.2, SunOS on PC, and Linux on some other CPU.  However, this comparison is my own work and is not official policy of the UW.
In some cases, there are applications which have specifically coded to run on one platform.  For example, there is a data gathering program which will only run on Windows/95, and it talks to a data analysis program that only runs on Windows/98.  Many of the users want Windows/2000, but none of them know why, and it breaks Samba.

See also my comparison of operating system security between MS-Windows and Linux which I hope you will find useful.

Feature comparison

This table compares the features of the operating systems.
 
 

Windows/98 Windows/NT 4.0 Windows/2000 RedHat Linux 6.2 SunOS on PC Linux on SPARC or Alpha or Itanium
Clusterable no no Advanced server and data center: yes Beowulf
Piranha
Steeleye
Beowulf Beowulf See the avalon page
Office Automation? MS-Office
Wordperfect
MS-Office
Wordperfect
MS-Office
Wordperfect
StarOffice
WordPerfect
StarOffice? StarOffice?
Fat-16  yes yes yes yes no yes
Fat-32 yes no yes yes no yes
NTFS no yes yes yes no yes
HPFS no yes yes yes no yes
ext2 file system no no no yes no no
address space 2 Gbytes 2 Gbytes Advanced Server: 8 GB
Data Center: 64 GB
4 Gbytes in 2.2 and earlier kernels, but 64 bit integers are supported
64 Gbytes in 2.4 kernels
4 Gbytes Terabytes
SMP no yes, 4 CPUs yes, 8 CPUs
Data Center, 32 CPUs
yes, 4 CPUs ? yes, 256 CPUs
NIS client no no ? yes yes yes
NIS server no no ? yes yes yes
Kerberos client no no not compatible with UNIX  yes yes yes
NFS client no no optional with SFU yes yes yes
NFS server no no optional with SFU yes yes yes
NetBEUI client yes yes yes, but breaks with early versions of Samba yes yes yes
NetBEUI server yes yes yes, but breaks with early versions of Samba yes yes yes
Secure no no no no no no
Easy to use GUI yes yes yes yes ? yes
Webserver PWS (bundled with Front Page) IIS IIS apache apache apache
Size of a full installation


1.7 GBytes

bundled scripting language  .bat files .bat files .bat files, sh csh, sh, tcsh, bash, perl, tcl,... csh, sh, tcsh, perl csh, sh, tcsh, bash, perl, tcl,...
Scalability: low end slow pentium, 32 MBytes RAM Pentium, 62 MBytes RAM 250 MHz Penitum System-on-a-chip (we're an EE school, right?).  Matchbox PC.
The book says 4 Mbytes RAM, 80386 CPU.


Scalability: high end


2.4 supports 4 GBytes RAM
SuSE has a patch to 2.2.12 for 4 GBytes.
2.4 may support 64 GBytes of RAM on ia32!

8 Gbytes RAM
Journaling file system no NTFS and HPFS NTFS and HPFS yes, see ReiserFS




































See also http://www.osdata.com/index.htm

Additional products and tools


    * klyx ( http://www.kde.org ) - Excellent front-end for creating TeX documents. If you want to save time in preparing books etc. GET
THIS TOOL!

    * htmldoc ( http://www.easysw.com/htmldoc ) - Excellent for creating PDF and PS files from HTML documents. Also creates index
pages (toc's) etc.  Also a very nice tool and I belief a must have in your environment.

Ease of repair

Since Windows is such an easy to use operating system (its greatest claim to fame is that it is easy to use), you would think that patching its innumerable deficiencies and bugs would also be quick, easy, and reliable.  Alas, this is not the case.   Consider, for example, this rant from Russ Cooper (http://archives.neohapsis.com/archives/ntbugtraq/2002-q2/0053.html)  about Windows Update. Russ then goes on to propose what is to him a logical solution to the problem (http://archives.neohapsis.com/archives/ntbugtraq/2002-q2/0054.html). However, it might be a more logical solution to start converting to Linux, where the patches come much more slowly and you can always verify the patch status because you have the source code!
 

Dueling white papers

 
Article Microsoft Response

Market Bulletin: Examining CCIA's White Paper on Windows 2000
Migrate With Confidence From Microsoft Windows NT and Windows 2000 toUNIX/Linux
The halloween memos

Benchmark results

Linux beats NT by a factor of 2 in the printing industry: http://www2.linuxjournal.com/lj-issues/issue64/3513s1.html and http://www2.linuxjournal.com/lj-issues/issue64/3513.html .

See also NT vs. Linux Server Benchmark Comparisons  .
Conclusion: Linux is not yet competitive with Windows/2000 in all SMP systems.  However, Linux is competitive if not superior in uniprocessors systems.  Linux is also superior for systems with more than 2 GBytes of RAM (because Windows/2000 won't go that high).

Samba comparison

Samba 2.0: A License To Kill NT?
This shows that Windows/NT 4.0 is a little faster than Samba 2.0 until you getpast 3 clients making accesses simultaneously.  At that point, Samba is faster.
 

Reliability comparisons

Zdnet: What's wrong (and right) with Linux? by Steven J. Vaughan-Nichols.
Things are going to get worse before things get worse.

Security comparisons

Which operating system is most secure? It is important that you make sure ANY computer system is properly patched and secured. Most linux distributions do have some sort of automatic update system to help you keep up-to-date.

However, the claim that UNIX based are the most commonly hacked systems or the claim that Windows are the most commonly hacked systems is really irrelevent. That you are on a system that is more commonly hacked or less commonly hacked really doesn't matter because you still have to be dilligent about keeping the software up-to-date.

Now, having written that, there are some design features in UNIX based system that tend to make UNIX systems intrinsically secure:

Most of the people I know who use UNIX (including Linux, FreeBSD, OpenBSD, Solaris, HP-UX, etc.) also use Windows; whereas there are a lot of people who know windows and nothing else. It seems intuitively obvious to me that people tend to be down on what they're not up. Therefore, if you want to compare operating systems, ask somebody who is up on both.
 

A classic example of the consequences of Windows insecurity: Digital Rights Management

In the fall of 2005, Sony released a new kind of Digital Rights Management (DRM) system for MS-Windows machines.  When an ordinary user goes to play a Sony CD with the new DRM scheme, software from the CD is installed into your MS-Windows computer.  This software has all kinds of adverse effects on your machine, and when (not if) you try to remove it, the act of removing it may cause your computer to have a blue screen of death.  Insofar as I can, the story was broken by Sysinternals.

Here is my analysis of the the Sony DRM scheme:

Who developed this DRM scheme?  A company called First4Internet, in the United Kingdom.

The Seattle Post Intelligencer wrote an article about this:

Wednesday, November 2, 2005 · Last updated 8:23 p.m. PT

Sony unit to distribute software patch

By MATTHEW FORDAHL
AP TECHNOLOGY WRITER

SAN JOSE, Calif. -- After a chorus of criticism, Sony Corp.'s music division said Wednesday it is distributing a free software patch to reveal hidden files that automatically installed to hard drives when some of its music CDs were played on personal computers.

The offending technology was designed to thwart music piracy.

Sony BMG Music Entertainment and its partner, UK-based First 4 Internet, said they decided to offer the patch as a precaution, not because of any security vulnerability, which some critics had alleged.

"What we decided to do is take extra precautionary steps to allay any fears," said Mathew Gilliat-Smith, First 4 Internet's CEO. "There should be no concern here."

The controversy started Monday after Windows expert Mark Russinovich posted a Web log report on how he found hidden files on his PC after playing a Van Zant CD. He also said it disabled his CD drive after he tried to manually remove it.

Russinovich made the discovery while running a program he had written for uncovering file-cloaking "RootKits." In this case, the Sony program hid the antipiracy software from view. Similar technology also has been used by virus and worm writers to conceal their code.


 

A firestorm quickly erupted over what appeared to be an attempt by the music company to retain control over its intellectual property by secretly installing hidden software on the PCs of unsuspecting customers.

Making matters worse, Sony did not disclose exactly what it was doing in its license agreement, Russinovich said. It only mentions that proprietary software to enable copy protection would be installed. The software affects only PCs running the Windows operating system.

"The (license) makes no mention that it's going to install something that's going to be hidden from view, that will constantly consume CPU resources even if I'm not listening to music and it will have no uninstall capability," he said.

Because the technology looks for a specific prefix in the filename, it also could be used by malware authors to mask their programs, Russinovich said. There's also the question of how a PC user is supposed to maintain a system that runs hidden programs.

"If you've got software on your computer that you can't see, there's no way for you to manage it from a security point of view," he said. "You don't know if you need updates for it. You don't know if you should uninstall it because you don't know it's even there."

Though there are no known problems with software, that could change and leave millions of unsuspecting PC users at risk of having their machines taken over by malware, said Ero Carrera, a researcher at F-Secure, a computer security firm.

"The code of the application is not exactly well done," he said. "I would tend to believe there are people already working on finding exploits."

The copy protection technology, which limits how many times a CD can be copied, was included on about 20 titles, including discs from The Bad Plus and Vivian Green, among others.

Gilliat-Smith and Sony BMG spokesman John McKay said the technology had been on the market for about eight months and there had been no major complaints prior to Russinovich's blog post. Still, a newer, similar technology was in the process of rolling out before the latest controversy erupted.

The patches that reveal the hidden files are being made available to antivirus companies as well as customers who visit the Sony BMG site. They do not remove the copy protection software, however.

McKay said customers can request a program to safely uninstall everything by visiting the Sony BMG Web site at http://cp.sonybmg.com. That site, however, requires a form to be filled out and submitted.

In a test of the form late Wednesday, an e-mail confirming receipt was quickly returned by Sony BMG customer service, but it included no instructions on how to remove the software. The message promised another reply "shortly."

The process is unlike the vast majority of Windows software, which can be easily uninstalled - by the user, without permission - through the "Add or Remove Programs" tool in the operating system's control panel.

The controversy highlights the need for rules as to what content providers can and can't install on PCs to protect their property, said Russinovich, who is co-founder and chief software architect at Winternals Software, which specializes in advanced systems software for Microsoft Windows.

"We need to get some formality about what's legal, what's ethical and what's fair - and what level of disclosure there needs to be," he said. "It's fine for Sony to say we're not going to do that now. What kind of guarantee do we have they're not going to do it at a future date or that other companies are not going to do this?"



More on system reliability through poor system design

Mark Russinovich has a blog where he writes about unkillable processes.  Evidently, it is possible to get a process in a state where it cannot be killed without rebooting the system!  True, Linux has zombie processes, but it is easy to find the zombies (use ps -l command) and get rid of them by killing their parent process. (Look at the PPID column in the ps -l  command).  You don't have to reboot the system.


Market Share

Some people claim we should buy Windows because it is the leading market share.  By that reasoning, Chrysler-Daimler and Ford should just pack it in and quit because GM has them beat.  By that reasoning, there is no point in buying a Macintosh (but just try to convince a Macintosh fan of that!).  In any event, it isn't true that windows is leading in all markets.

The OS market place

The operating system counter.
 

The web server market place

IIS, which runs only on WIndows/NT, is clearly in second place and is losing market share!  This is from the Netcraft Web Server Survey.
Web server percent market share

However, even this is optimistic.  A lot of people are running IIS and they don't even know it, because IIS is turned on by default when Windows/NT comes out of the box!  So the IIS numbers are inflated by people who never actually made a decision, but let the OS install program decide for them.
 

Comments from Readers

In general, I have received favorable comments and some modest error corrections.  To everybody who wrote, thank you: I need that kind of constructive feedback.
 

From: "Bas v.d. Wiel" <bwiel@hotmail.com>     9:22 AM


From: "Bas v.d. Wiel" <bwiel@hotmail.com>     9:22 AM
Subject:            OS comoparison..
To:            <jeff@www.commercialventvac.com>

Win2K has a few different flavors, each with different specs.. (this has to be.. according to
M$.. even though they use the same kernel..don't ask me why!). This determines max.
address space, max number of CPU's.. etc.. it's all on M$'s website, www.microsoft.com.

NTFS is available in different flavors as well. Linux will read NTFS as came with NT4. Win2K
has an upgraded (read: incompatiblized) version of NTFS that can't be reliably used by
Linux.

I'd be wary of mixing any environment with M$. Their 1998 leaked 'Halloween' memo states
M$'s policy to uncommoditize common protocols. Looking at Kerberos on Win2K: this doesn't
cooperate with Unix... and M$ blames Unix for it!

What I'm trying to say is that M$ is on a path to twist and corrupt all possible open protocols
that it can get its hands on, so that integration will be a thing of the past.

Again, I'm not making this up! It's official M$ material! Slap the words Halloween and
Microsoft into altavista and you're bound to hit the memo soon enough. M$ says it's not
official policy, but with the top brass of the OS department approving it.. how much more
official could it get?? All right.. ol' Billy himself could sign, but that's about it.

Be wary of integrating M$ products into a unix environment!!

if you still want to try: www.xlink.com and www.pcnfs.com (not sure about the latter).

Bas

http://www.scripting.com/misc/halloweenMemo.html
 

"K. Bjarnason" <kelseyb@telus.net>


From:            "K. Bjarnason" <kelseyb@telus.net>         7:24 PM
Subject:    re: OS comparison page
To:            <jeff@www.commercialventvac.com>

Windows 2000 clusterable: no.

Incorrect.  Windows 2000 Advanced Server has a clustering service as
part of the base package.  So does DataCenter.

Windows 2000 SMP:  up to 8 CPUs.

Incorrect.  Windows 2000 DataCenter supports up to 32.

Scalability, high end:

Win2K DataCenter supports up to 64Gb of physical memory.  Advanced
server supports up to 8Gb.

Just FYI.
 

To Fritz Bohamut@san.rr.com

 

 
 
 
 
 
 
 

bohamut@san.rr.com wrote:

        Jeff,

        On page:
        http://www.commercialventvac.com/~jeffs/OS_comparison.html

        You stated:
        Secure  =       no no no... (etc).
        apparently indicating that every OS compared was not secure.

 
        Am I reading the table correctly?
Yes.
        Can any OS be secure on Intel x86/PC hardware?
Yes.  Look at http://www.engardelinux.org/ and http://www.trustix.com/products/tsl/ and http://www.dwheeler.com/secure-programs/.  Definitely check out http://www.nsa.gov/selinux/index.html
        If not, can you recommend a secure OS, and does it require a specific
hardware set?
I recomend OpenVMS, which runs on a VAX, an Alpha, and is being ported to the Itanium.

One of the reasons why I like VMS is because it is impossible to have a buffer overflow problem in programs written in FORTRAN, BASIC, COBOL, Ada, Java, and Pascal.  In UNIX, when you call the operating system, you pass the address of the buffer.  The buffer is 0 terminated, and the buffer has to big enough to handle the string.  In VMS, when you call the operating system, you pass the address of a descriptor.  The descriptor describes the string, including how the string is and possibly how big the string can be.  So if you have a string which is too long for the buffer that is supposed to contain it, it will throw an exception.

The Java Operating System, JOS, see http://wiki.jos.org/, may be secure.  Except that there has been no development of JOS since 2001.
 

Jeff
 

 

        A quick response would be greatly appreciated.
        Thanks.

        Fritz
        Bohamut@san.rr.com

Obscure recipies for burgers


Valid HTML 4.01!


  litigious bastards [sco.com]