Well the reason these servers got hacked is cozz the sysadmins thought "linux is hackproof and virus proof and doesn't need a firewall or antivirus software". As indeed do most linux sysamdins that every startup a windows vs linux discussion on a list. I just found it very entertaining that those servers got infected with worms and trojans, and most of the windows server, which really were not secure and not run by people that knew what they were doing and were not even patched, escaped.
Personally I use windows simply because I like the GUI environment. I really couldn't give a hoot about linux or what it can or can't do, I simply choose not to use it. So I have nothing against it what so ever. It's just the people that use it and insist it is the best thing since god created man that irritates me. -- snake -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: 24 November 2005 21:08 To: CF-Talk Subject: RE: CF Hosting It's true that explorer is only loaded when somebody is logged in. However, the GUI and a bunch of other (some very unnessesary services for a server) are always running. Now, you mentioned in your previous post that some linux servers got hacked. Now, a poorly configured server, be it windows or linux will eventually get hacked. No software is perfect, and eventually a bug will be discovered on some software on your server that can lead to a compromise of that service. If you have configured the server properly, however, even though an attacker will be able to get into the server, he will not be able to do much. For example, if you do a default install of ColdFusion, it will run as as Local System on windows, an account which has full permissions to anything on the server. If ColdFusion happens to have some sort of bug (or an attacker is able to execute some cf code on your system, and you have CFEXECUTE enabled, for example), the attacker will be able to read any file on your system, and probably create admin accounts and eventually log into the system through remote desktop, should you have that enabled, and do whatever he pleases. If you install ColdFusion on linux, to my recollection it asks you what account you want to run under, and so you are forced to create a linux account fo r it. Unless you are stupid and put in root as the user coldfusion runs under, the only thing the attacker will be able to do once he logs in is mess with whatever files the coldfusion user has access to. Now recently there was a bug found in a popular php message board program. Those who ran apache and therefore php as root, were hacked and their machines rooted. Those who didn't, might've gotten hacked, but did not lose the whole machine, and were probably able to patch and restore from backup if necessary. As far as whether a firewall is needed, you don't need an external firewall with linux. It has a very robust firewall built in, either iptables, or on older version ipchains. You can do anything with those firewalls that you can do with hardware firewalls (In fact most hardware firewalls run some version of linux). Linux is just inherently more secure, has a lot of tools for security as well. There are things you can do with linux that you can only dream of doing on windows. Some of those things have been made possible by porting the linux tools to windows, but they are never the same. The problem with linux is that it is a lot more difficult to manage. There are no pretty GUI's to guide you, and a lot of stuff has to get done through command line or configuration files. However, most of the time, once you've configured something, you don't have to worry about it, until you need to make changes. With windows, things always tend to go wrong, although it's gotten a lot better with Windows 2003. Too bad MS SQL doesn't run on linux. I still haven't found anything that comes close in each of managibilty. Now with the coming out of MS SQL 2005 express, it's going to be hard to beat. Especially with Oracle buying the company that owns the InnoDB engine (that is one of the core engines that powers MySQL). Perhaps I'll set up some servers on linux running CF and one server running MS SQL. This way I can have the best of both worlds. Russ -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Thursday, November 24, 2005 3:29 PM To: CF-Talk Subject: RE: CF Hosting Thedesktop is only loaded if the machine is logged in at the desktop or via a terminal services session. A screensaver cannot run if no-one is logged in. Here is a very simple test for you. Logout of your machine and login again. The desktop is not instantly there, it has to load everything again and thus takes a few seconds to come up. -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: 24 November 2005 05:11 To: CF-Talk Subject: RE: CF Hosting That is ridiculous... the GUI is always loaded, and while it might not be active 100% of the time while you're not logged in, it gets loaded when windows boots up and stays loaded taking up memory and some cpu cycles. Someone on this list even reported that they found out only much later that their server had a 3d screensaver on, which was taking up 100% cpu when nobody was logged in, and they never knew, because they never physically logged in to the machine. The point is the GUI is always loaded, and takes up at least some (if minimal) resources. Linux doesn't need to have a GUI, the GUI is 100% optional, and thus it provides a much leaner OS. Not to mention that they don't need to come out with 10 patches every month that if you don't install will likely mean a virus... Linux has autoupdating that doesn't require rebooting the server like windows does... Russ -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 6:40 PM To: CF-Talk Subject: RE: CF Hosting The GUI is only loaded when you login to windows. If your not logged in, it isn't loaded. -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: 23 November 2005 18:22 To: CF-Talk Subject: RE: CF Hosting The bandwidth consumption doesn't matter. As has been said many times, any pc, with any os can pretty much saturate the bandwidth serving static content. Now, when hosting CF sites, I would guess Linux to be better, because linux overall uses resources better (CPU, RAM, etc). Linux is just a lighter OS, that's a lot more stable then windows, with a lot more features. Windows has a lot of overhead because of well windows... while linux can be run in pure text mode (without running X-Windows), which is perfect for servers, windows requires the GUI system to be loaded at all times, which cause windows to consume a lot more CPU and RAM, thus cutting down on performance. -----Original Message----- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 1:16 PM To: CF-Talk Subject: RE: CF Hosting Have you done comparisons with Linux? > -----Original Message----- > From: Snake [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 11:08 AM > To: CF-Talk > Subject: RE: CF Hosting > > It was true in the past, but with win2k3 it's not. > > For an example, on cfdeveloper I have hosted 2000 coldfusion sites on > a single low spec win2k box with only 512mb ram. > Granted these are all developer sites and thus not very active, but a > decent spec server with lots of ram should be able to do similar. > > -----Original Message----- > From: Munson, Jacob [mailto:[EMAIL PROTECTED] > Sent: 23 November 2005 14:46 > To: CF-Talk > Subject: RE: CF Hosting > > I looked at HMS, and their prices are a bit steep for me. > I'm sure they are > well worth it, but I just wish they had a lower end product with CF > (like my current host). > > I have heard from people that run hosting services that you can put > more shared hosts on a Linux server than you can on a Windows server. > Has anybody found that to be true? I would figure that Win2k3 would > be able to at least match a Linux server in bandwidth throughput, but > I've got no experience in the area. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225203 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
