Why most run Microsoft, not RedHat

Les hlhowell at pacbell.net
Thu Apr 19 16:51:45 UTC 2007 

On Thu, 2007-04-19 at 01:14 -0400, Claude Jones wrote:
> On Wed April 18 2007, Robin Laing wrote:
> > You are a lucky person.  In my limited experience with Windows, a
> > re-install has happened more than that.  I did try the re-install but
> > that was useless due to all the secondary applications.
> >
> > Heck, even Steve Ballmer, CEO for Microsoft needs to re-install Windows
> > when it gets to rough.
> >
> > My biggest headache has always been registry problems.
> >
> > But that is my experience.
> 
> You speak of "limited experience" - I deal with many Windows machines, all day 
> long, day in and day out, in a business environment. Maybe that's the 
> difference. We have an enterprise grade firewall behind the router. Each 
> Windows box runs its own personal firewall. Each machine also runs anti-virus 
> and anti-spyware. That's the price you have to pay - it costs money, and it 
> takes time - it stinks. But, safe practices over many years, and that's been 
> my experience. The only virus that ever got detected inside my company was 
> ironically caught by one of my machines - but I caught it right away, and it 
> hadn't activated itself. We've got one gal who just can't resist clicking 
> indiscriminately, and I've set up a vm for her on her box using the free 
> vmplayer and a vm built on our vmware workstation, and she's under strict 
> orders to do all her internet stuff from the virtual machine - ironically, 
> once we implemented that policy, she stopped having problems. 
> 
> I prefer Linux but you can't tell me that Windows can't be run reliably - it's 
> just not my experience over many, many years. I don't think it has anything 
> to do with luck. The main problems I encounter again and again are with 
> clueless operators who've ignored repeated instructions about dangerous 
> surfing practices and clicking on attachments - those are the two most common 
> causes of problems - are they caused by the operating system? - one can argue 
> that it's the defective design of the system that allows clueless operators 
> to damage their system and I will agree. There are many things that can be 
> done cluelessly in life and will result in mayhem - 
> 
> Speaking to the question about the problems encountered in recent weeks 
> regarding drivers and endless boot cycles, I would try a Windows repair; boot 
> from the installation CD, click past the first repair options and let it 
> continue past the checking the drives for previous installations of Windows 
> section, and after that check, it should find your damaged installation and 
> offer the option to repair the existing installation - if it doesn't, you're 
> borked. If it does, just let it do its thing - once completed, you'll have to 
> patch your system back up to current security patches and service packs, but 
> you'll have preserved all your settings and data. Make sure you have your CD 
> key because it will ask for it. If you've just had a bad event but your box 
> is stil able to boot you also have system restore function that  often 
> works - if yo poke around the help files you can   find a  system restore 
> list that lets you roll back a system to a previous state - just had to do it 
> today when a Windows Media update failed in a state where I couldn't roll it 
> back - I picked a restore from last Sunday  and afer a few moments, I has 
> restored the system to its sate 4 days earlier, and Windows Media worked just 
> fine. 
> 
> Personally, I like playing with all operating systems - they nearly have 
> unique capabilities and features that are very good for doing certain things. 
> I still interact with a early nineties-vintage Dec-Alpha running VMS - it 
> does one task very well and requires little maintenance, running a 
> daybook/document management system for a publishing company that's never gone 
> down more than a half day - it's a terminal client system with all programs 
> being fun from the central processor. It's a bit weak in its word processing 
> feature set, but it chugs along, day in and day out. I've got an old Amiga 
> 500 that still runs video titling software and lets us dedicate a work 
> station where we can produce custom titling for shows going out to specific   
> stations, destinations that require non-standard program ID's and such to be  
> overlaid on the video stream; we've got a Mac guy here who's into all the 
> whiz bang features of the Mac for his multimedia operations, and runs servers 
> out of his house via FIOS connection which are located miles away from his 
> home, and in some cases across the country. 
> 
> 
> 
> Then there's me, the Linux guy - they like me because I can ask for an ip 
> outside the firewall using one of our assined ip addresses in our top range 
> and run my box completely outside the Symantec Enterprise Firewall - I'vd got 
> ssh runninng on that box and a second nic connected to a hub so people can 
> avoid the whole company network when they suspect theyr'e dealing with a 
> threat - I have an entierely independent lan behind that Linux box and I use 
> it for all sorts of stuff.. We can bring up a virus infected machine behind 
> my Linux firewalled box, and we know we don't have to worry about its getting 
> control over any other machines - we download pathes and utilities to clean 
> up the offending machine without having to worry about letting vermin in 
> behind our Windows Lan - since there is no direct connection between the two. 
> I even run a wireless access point for people who need to connect the net via 
> wireless connections - our lan is just of   the picture and therefore remains 
> protected. 
> 
But when you use Windows in an engineering department, where people have
to search the net for new and innovative solutions, and code is
routinely passed around, the protection you describe by limiting user
interaction is no longer applicable.  Even when engineers attempt to
deal correctly with malicious threats, and do development in a rigorous
fashion, the fundamental limitations of the protection under windows
fails miserably.  Every engineering situation is of course different,
but leading edge development means often partially tested code, modified
code, hand edited code, and code from multiple compilers/debuggers/code
tools/code authoring tools, and all of it running in Windows, where the
base user has to be a root equivalent to even handle most of the
debugging tools, yeilds system and network crashes.  Add a couple of
newbies, an occasional sales/marketing/secretarial blunder and you have
a loss of control of the environment, and that control of that
environment is limited by the inherent design of Windows.  The ability
to design, develop and debug code in a Unix environment without being
root is the key to a much greater level of protection that inherently
doesn't exist on Windows (at least as of XP.  I cannot speak to Vista.)

	Our experiences differ, that is fundamental to both our own uses of the
system, our customers uses of their systems and a view of the problem.
I just have to ask, do you use Active Directory in your windows servers?
And how many boxes does it take to support your users, for instance 10
users/server?  My experience is that 100 users/server is doable in Unix,
50/server in Linux, and 20 or fewer in windows?

Regards,
Les H

More information about the fedora-list mailing list