Jump to content

User:DanielPharos/Sandbox

From Wikipedia, the free encyclopedia

Please note: this is a copy of "Comparison of Windows and Linux", a page recently deleted. It's only here so I can save the 'good bits'. Do NOT edit this page.


Linux and Microsoft Windows differ in philosophy, cost, versatility and stability, with each seeking to improve in their perceived weaker areas. Comparisons of the two operating systems tend to reflect their origins, historic user bases and distribution models. Typical perceived weaknesses regularly cited have often included poor consumer familiarity with Linux, and Microsoft Windows' susceptibility to viruses and malware.[1][2]

Mission critical systems

[edit]

The FAA has switched to Linux for their air traffic control.[3][4] An incident[5] caused by a known design imperfection in the Windows servers not properly taken into account by third-party software and human error caused a software crash and nearly resulted in an 800-plane pile-up in California. When the backup system also failed, radio systems were unavailable for over three hours and this left 800 planes without contact with air traffic controllers and in five cases, planes become too close to one another according to comments by the Federal Aviation Administration (FAA).[5]

User interface

[edit]
Windows Linux
Command-line interface
A sample Windows PowerShell session

The Command Prompt exists to provide direct communication between the user and the operating system. A .NET-based command line environment called Windows PowerShell has been developed. It varies from Unix/Linux shells in that, rather than using byte streams, the PowerShell pipeline is an object pipeline; that is, the data passed between cmdlets are fully typed objects. When data is piped as objects, the elements they encapsulate retain their structure and types across cmdlets, without the need for any serialization or explicit parsing of the stream. Cygwin, Mingw, or Microsoft's own Services for Unix provides a shell terminal for Windows.[6] Posix subsystem is built in but not enabled by default. The Console can execute up to 4 kinds of environments, MSDOS scripts under NT or via Command.com running on NTVDM, NT shell scripts and OS/2 Console Scripts. Windows Script Host is included in Windows 98 and newer versions.

A sample Bash session

Linux is strongly integrated with the system console. The command line can be used to recover the system if the graphics subsystem fails.[7][8] A large number of Unix shells exist, with the majority being "Bourne shell compatible". The most widely used is GNU Bash. Alternatives include the feature-full Z shell as well as shells based on the syntax of other programming languages such as the C shell and Perl Shell. Many applications can be scripted through the system console.[9] There are many small and specialized utilities available that are designed to work together and integrate with other programs. This is called the toolbox principle[citation needed].

Installation and Live environments

[edit]
Windows Linux
Ease of Installation On Windows Server 2003 and prior, the installation is divided into two stages; the first, text-mode; the second, graphical.[10] On Windows Vista and newer, the installation is single stage and graphical.

Some older versions require third party drivers (for example, by using driver floppies disks or slipstreaming the drivers and creating a new installation CD) if using a large number of SATA or SATA2 drives or RAID arrays.[11]

Varies greatly by distribution. Most distributions intended for new or intermediate users provide simple graphical installers.[specify]

General purpose oriented distributions offer a live CD or GUI installer (openSUSE, Debian, Pardus, Pclinuxos, Mandriva, Ubuntu, Fedora etc.), others offer a menu-driven installer (Slackware, Debian) while others, targeting more specialized groups, require source to be copied and compiled (Gentoo). The system can also be built completely from scratch, directly from source code (Linux from Scratch).

Device driver The Windows installation media usually contains enough drivers to make the operating system functional. Windows use class drivers to provide basic functionality such as network connection, display/screen and input devices. Modern Windows versions will allow the user to update the drivers, if available, from Windows Update once a network connection is available. Drivers can usually also be upgraded directly from the manufacturer. Drivers are almost always closed-source, maintained and published by the manufacturer of their respective devices. Best hardware performance in Windows is gained from installing the latest device drivers, once the devices are correctly identified.[12][13] Linux kernels in most distributions include the majority of drivers available as modules. They are loaded at boot without user interaction. Most drivers are included in the kernel source tree, however there are several manufacturers which distribute proprietary drivers. The latter are usually packaged separately from the kernel and usually automatically installed on user's request.[14]
Hardware changes

Windows maintains backwards compatibility with drivers back to Windows NT4[15], although some functions such as power-saving not available at the time will not be supported when running the device under a legacy driver.

If moving an existing installation of Linux into a new computer or changing the motherboard or other hardware components, Linux will detect and activate the new supported hardware with little or no further intervention required.[citation needed]

Not pre-installed software A massive pool of both proprietary software (including shareware and freeware) and free software. Programs usually come with the required libraries and are normally installed easily. Most programs must be individually installed.[citation needed]

Uninstallation can be of varying difficulty depending on which of many installer methods were used, components and registry entries may be left behind.[citation needed] Windows has a built-in installer program, and software that is to be installed has an installer "wrapper" that interfaces with the Windows Installer to accomplish installation. Not all Windows software uses the install manager.[undue weight?discuss]

Free software and some proprietary software covering a wide range of use. Most primary applications such as office suites are available for free.[16] Using free Windows-compatibility layers like Wine, some Windows software can also be run on Linux. Third-party software is usually listed/integrated into a packaging system, which is built into the operating system. Less popular programs, not available in a distribution's core software repositories, are often available by installing packages outside of the repositories. Some examples of this are the Debian-based DEB format and the Red Hat-based RPM (RPM Package Manager) format, both of which can be installed easily by the package manager. In the rare case that no precompiled package exists, programs can be generally be compiled from the source code. Most software is installed non-interactively to a default configuration. Linux distributions can not lawfully include MP3 or MPEG-4 file decoders in a minority of countries, as it would violate the Patent Cooperation Treaty. The system does not prevent a user from installing these decoders, however the user assumes all liability for installing said pieces of software.[17] In particular with the MP3 file format, many companies claim patents relevant to the format. See Patent issues with MP3 for more information.
Partitioning Expanding NTFS partitions is possible without problems, and on Vista it is possible to shrink partitions as well. Dynamic Disks provide dynamic partitioning. Third party tools are available that have more features than the built-in partitioning tools. Most file systems support resizing partitions without losing data. LVM provide dynamic partitioning. All Linux distributions have bundled partitioning software such as fdisk or gparted.
File systems Natively supported: NTFS, FAT, ISO 9660, UDF, and others; 3rd-party drivers available for ext2,[18] reiserfs,[19] HFS and the Dokan (a FUSE equivalent) UserSpace filesystem, which allows user-space programs to mount drives. Supported: ext2, ext3, ext4, ReiserFS, FAT, ISO 9660, UDF, NFS, NTFS, JFS, XFS, Minux and GmailFS. Archives and FTP sites also can be mounted as filesystems. The FUSE project (FUSE) has long been part of the Linux Kernel, and allows programs to create filesystem mounts while running in userspace.
Boot Loader May boot to multiple versions of Windows through the Windows Boot Manager in Windows Vista and newer; or the earlier boot loader NTLDR in Windows Server 2003 and prior. Graphical configuration tools are available for both, such as the 3rd party EasyBCD for the Windows Boot Manager and MSConfig for NTLDR, which can chain load multiple non-NT environments, including Linux, by referring to volume boot records from those environments saved on the Windows partition.[20] Windows overwrites the Master Boot Record on installation by default, thus rendering other non-Windows installations (e.g. Linux) unusable until fixed.[21] May boot to multiple operating systems through numerous bootloaders such as LILO and GRUB. With these, it is possible to choose among multiple installed kernel images at boot time. Graphical configuration tools for GRUB are available.[22][23] GRUB can also accept arbitrary, one-time configurations at boot time via the GRUB prompt. GRUB and LILO also support booting to non-Unix operating systems via chain loading; for a Windows and Linux dual-boot system, it is often easiest to install Windows first and then Linux because almost all Linux installers will automatically detect and set up other operating systems for dual/multiple boot with Linux.[24]

Accessibility and usability

[edit]
Windows Linux
User Focus Microsoft pushes for consistency between releases with guidelines for interface design.[25] Their focus is on consistency and usability.[attribution needed] Interface is usually consistent among the desktop environment used[attribution needed], which follows its interface guidelines.[26][27] High grade of customizability is provided in order to adapt to the needs of the user.[citation needed] Some inconsistencies may appear when using programs targeted for different desktop environments.[attribution needed] There are other environments/window managers, usually targeting professionals or minimalist users, featuring some very powerful programs with rudimentary, minimalist graphical front-ends, focusing much more on performance, small size and safety.[attribution needed] WindowMaker and the Fluxbox/Openbox/Blackbox environments are such examples. Some other environments fit between the two models, giving both power, eye candy and simplicity[attribution needed] (Enlightenment/E17, Xfce). Some graphical environments are targeted to mouse users only (Fluxbox), others to keyboard users only (Ratpoison), others to either. Certain graphical environments are also designed to be as resource-conservative as possible, so as to run on older machines.[citation needed] Newer distribution versions generally maintain the same user focus.[attribution needed]
Customization By default, Windows offers customization of size and color of the graphical elements, and it is typically not possible to change how the interface reacts to user input.[citation needed]

A few third-party programs allow more extensive customization, like WindowBlinds or LiteStep, but extreme changes are usually out of reach. It is not possible to customize applications that do not use the default look-and-feel beyond the options the specific application offers.

Linux offers several user interfaces to choose from. Different environments and window managers offer various levels of customizability, ranging from colors and size to user input, actions, and display.
Accessibility

Both Windows and Linux offer accessibility options,[28][29][30] such as high contrast displays and larger text/icon size, text to speech and magnifiers.

Windows Vista and later has built-in speech recognition[31] [32]. The Windows speech recognition allow both voice command control of the operating system shell and applications, as well as free text dictation within text editors / word processors.

Stability

[edit]
Windows Linux
General stability Linux systems range from being highly unstable, to rock solid (Debian)[33][verification needed], depending on the distribution, and release. Many stable distributions often have a working or unstable release that is signified by an odd minor version number. Tested Linux distributions are generally stable, and some servers have been known to run for years. [citation needed].
Server reliability survey In the third annual GFI/Sunbelt Software and ITIC joint 2010-2011 Global Server Hardware and Server OS Reliability survey respondents rated Windows reliability better than the closest Linux competitor:

92% of Windows Server 2008 R2 users experienced one or fewer than one unplanned Tier 3 outage per server, annually.

In the third annual GFI/Sunbelt Software and ITIC joint 2010-2011 Global Server Hardware and Server OS Reliability survey respondents rated the most reliable Linux distribution lower than Windows 2008 R2:

86% of Novell SuSE Linux Enterprise Server 11 users experienced one or fewer than one unplanned Tier 3 outage per server, annually.


Device driver stability Device drivers are provided by Microsoft or written by the hardware manufacturer. Microsoft also runs a certification program, WHQL Testing, through which most drivers are digitally signed by Microsoft as compatible with the operating system, especially on 64-bit versions.[citation needed] Some vendors contribute to free drivers (Intel, HP, etc.) or provide proprietary drivers (Nvidia, ATI, etc.). Unlike Windows, however, kernel developers and hobbyists write many or most device drivers; in these drivers, any developer is potentially able to fix stability issues and other bugs.

Kernel developers do not support the use of drivers that are not open-source, since only the manufacturer can fix stability issues in closed-source drivers.[34]

Graphics driver stability The display driver is entirely in kernel space. A fault in the driver will freeze or terminate all current programs. If the fault did not lead to a kernel memory corruption, the graphics system may be manually re-initialized terminating and restarting the X server process from a local or remote console. Restarting X will cause all GUI processes to terminate.[35] This pertains to the X Window System, which is eventually being superseded by Wayland in Linux distributions such as Ubuntu,[36] Fedora[37] etc.
Servicing reboots The Windows Restart Manager can track applications or services/drivers which are using files which needs to be replaced. By restarting select applications and/or services, the updated files can be released, updated and activated without a servicing reboot.[38] The Restart Manager coordinates this process with the installer program [39]

A servicing reboot is required only if Restart Manager cannot release resources by restarting services or applications, which will be the case for some critical parts of the operating system and some critical drivers.

Linux itself needs to restart only for kernel updates.[citation needed]

System libraries, services and applications can mostly be upgraded without restarting running software (old instances use the "replaced" versions)[citation needed]

A special utility (kexec) can be used to start a new kernel and execute it without a hardware reset. This reduces the reboot time used to reboot because the hardware reset and initialization can be skipped.[40]

Online kernel patching Microsoft Hotpatching technology [41] allows Microsoft to distribute updates to the kernel which can be applied without restarting the operating system. [42] A single distribution, Oracle Linux, can be patched while running using specially prepared Ksplice patches. These patches are available exclusively to paying customers of Oracle Linux Premier Support.


Recovery,
processes
In modern, NT-based versions of Windows, programs that freeze may be forcibly ended through the Windows Task Manager by pressing CTRL+SHIFT+ESC or CTRL+ALT+DEL. However, Windows will also automatically detect unresponsive applications when they fail to react to user interaction. Windows will present the user with the option to end such a process.

Application failures (unresponsive applications and uncontrolled terminations) are recorded and the user can allow diagnostics information (crash dumps, stack traces etc) to be uploaded to Microsoft for on-line diagnostics and searching for a solution to the problem. If a solution is found the user is presented with instructions on how to apply it.

All processes except for init and those in D or Z state may be terminated from the command line. Applications can be closed via the GUI. The optional SysRQ allows low-level system manipulation and crash recovery. The entire graphical subsystem can be restarted without the need for a whole system shutdown. Reboots are seldom required. When necessary, users can press CTRL+ALT+BACKSPACE (on most distributions) to logout immediately and recover from almost any crash without reboot. [43][44]

The command line can be accessed immediately to terminate a program if the user is unable to do so with the GUI (e.g. if a full screen game freezes). Pressing Ctrl+Alt+F1 switches to the full screen text terminal and the user can terminate the program, then restore the GUI by pressing Ctrl+Alt+F7. In the default setup, six different text terminals (tty) are available with the key combinations Ctrl+Alt+F1 to Ctrl+Alt+F6 inclusive.[citation needed]

Recovery,
user applications
Since Windows Vista applications can register with the Restart Manager. If a registered application crashes or is terminated because it became unresponsive, the Restart Manager will restart the application and restore its state, i.e. open the same document and place the cursor at the same location[45] [46] .
Recovery,
system state
When executing an installer/setup program and when installing updates from Windows Update or Microsoft Update, Windows automatically creates an in-place snapshot (a system restore point) of the system state prior to the installation and labels the restore point as such.

If the system fails to boot or becomes unstable, application and device driver installations as well as configuration changes can be undone by reverting back to a system restore point. A number of such restore points are kept automatically. Reverting back to a system restore point does not affect user data, even if it resides on the same disk.

If Windows fails to boot properly, it may be possible to boot to safe mode in order to recover the system. Safe mode boots the Windows system with a minimum of known good device drivers to allow the administrator to uninstall or undo recent changes or access files on the local disks. Safe mode can optionally include the network drivers to allow for network connections.

If the system cannot boot even to safe mode, the Windows Recovery Environment (Windows RE) can be invoked during boot. Windows RE is available from a separate partition of the harddisk (created during installation), from a System Rescue Disk (if prepared by the administrator), or from the Windows installation disc[47] [48]. From Windows RE the user can invoke a command line interface, restore a backup or invoke the automated Startup Repair tool.

For older versions of Windows (2000, XP and 2003) the Recovery Console can be utilized to revert changes, restore a backup or perform manual system recovery.

Linux does not automatically create restore points when applications and/or device drivers are installed. The administrator may manually copy configuration settings such as the etc directory hierarchy prior to installations/changes, or he/she may use a tool such as etckeeper[49] which can integrate with the package manager and automatically place configuration data under a version control system.

Recovery mode allows the user to fix problems at boot time; for example, Ubuntu offers the recovery mode from the GRUB boot loader options.[50]

Additionally, Live CDs of Linux, if equipped with the correct tools, can work to repair a broken operating system if the hard drive is mountable. See: List of Rescue and repair live CDs.

Unrecoverable errors If the kernel or a driver running in kernel mode encounters an error under circumstances whereby Windows cannot continue to operate safely, a "bug check" (colloquially known as a "stop error" or "Blue Screen of Death") is thrown. A memory dump is created and, depending on the configuration, the computer may then automatically restart. Additionally, automatic restart can be applied to services. The Unix equivalent of the Windows blue screen is known as a kernel panic. The kernel routines that handle panics are usually designed to output an error message to the console, create a memory dump, and then either halt the system or restart automatically.

Backup and restore

[edit]
Windows Linux
Disk images A disk in Linux can be treated as a file by the system. This enables copying entire disks using the Linux file copy utilities. However, when copying a disk this way it must be ensured that the disk is not written to during the copy operation as that could leave the copy corrupted. A common recommendation is to unmount the drive being copied[51] or to mount it in read-only mode.

To copy the system image (which cannot be unmounted), it is recommended to boot from a live CD and perform the copy operation from that environment instead.

If the volume/partition is a logical volume of the logical volume manager (LVM), an external snapshot can be created, residing on a separate volume. Basing the copy on a LVM snapshot can ensure file system consistency, but not application-level consistency.

Disaster recovery By default a full system image backup contains bare metal restore information as well, which enables full restore of a system by booting to the restore environment of an installation DVD or a system repair disk[52] created by the backup utility. Booting from a live CD enables restore of system images, provided such images have been previously copied. Otherwise a re-installation followed by restore from a file based backup will restore a Linux system.
Files and directories Windows Backup and Restore[53] can perform file-level full or incremental backup of a running system. File level backups are kept in a special zip files. Like with image backup, opened files can will be backed up (also files opened for exclusive write) and the persistent state of running processes is coordinated through Volume Shadow Copy Service (VSS), even across multiple files.

VSS ensures both file system consistency as well as application-level consistency for applications registered as VSS writers.

A number of utilities are available in Linux for copying or backing up files and directories. For example rsync, ddrescue and dd.

The common ext4 file system does not support snapshots and Linux does not yet feature an equivalent to the Windows Volume Shadow Copy Service through which a backup/copy utility can coordinate the copy operation with running processes, however the Btrfs file system for Linux is under development and has support for snapshots.[54] Copying a file while it is being written to by another process can leave the backup copy with an inconsistent state.[citation needed]

By installing the file system on a logical volume of the logical volume manager (LVM), an external snapshot can be created. Copying files from the snapshot can ensure file system consistency, but not application-level consistency.

Automation Windows Backup and Restore can be operated through the GUI, or interactively or scripted through the command line interface. The utility integrates with the Windows Task Scheduler to set up a schedule to automatically perform backups in the background. Backup operations can be automated through scripts and cron jobs. A number of 3rd party backup applications offer to automate backup operations through a user interface.

File system robustness

[edit]
Windows Linux
Checking and repair Windows NTFS is self-healing. [55] [56] [57]. If the system detects a corrupted file or directory during normal operation it will (default setting) initiate a repair process. The corrupted directory/file will be inaccessible during the repair operation, but the system, disks and volumes with the rest of the files will remain online.

If the online repair process is unable to repair a file system error it will mark the volume as 'dirty'. The chkdsk utility is automatically run for such 'dirty' volumes at next system start.

Microsoft recommends that users do not run chkdsk on a volume unless it has been marked ‘dirty’ by the file system itself.[58] Users can request online single-file/directory check and/or -repair through the fsutil repair command. Users can also run chkdsk to scan and repair the file system[59]. This command remains the way to diagnose and repair file system corruption on Windows XP/2003 and earlier.

Linux distributions automatically scan and repair the file system during boot time, at intervals based on how many times the computer has been started.[60] If the user does not want the check performed e.g. as a result of being in a hurry, the user can press the ESC key to skip this checking process and Linux will scan the disk next time the computer is started.[60]


Health monitoring Windows disk diagnostics monitors the hard drives on-line for evidence that they are about to fail. It also uses the drives' S.M.A.R.T. functions, where available. If Windows determines that a drive is in risk of failing it launches disk diagnostics and guides the user through the process of backing up the data and replacing the disk.[61] Some Linux distributions such as Ubuntu and Fedora include the Palimpsest Disk Utility, which will show the user if the hard disk is failing and recommend backing up files e.g. if the disk has bad sectors.[62][self-published source?] It uses information from the hard drive's S.M.A.R.T. data.[62][self-published source?]


Unclean shutdown Though the use of transaction processing, the NTFS file system structures and metadata remain intact (no repair needed) in the event of power loss or system failure.[63]

File data is not guaranteed to be flushed to disk and is not protected by the file system transactions. However, NTFS also supports application level transactions which will guarantee full atomicity, consistency, isolation and durability if used by the application.

With older versions of Windows (XP/2003 and earlier) if the computer was not shut down properly, Windows could mark the disk drive as "dirty" and tell the user that the disk should be checked for errors.[64]

The Btrfs file system (which is still under development) uses checksums to ensure the validity of the data and metadata.[65] The other Linux journaling file systems protect against corruption of file system metadata in the event of a system crash or power cut.[66] The popular ext4 file system has barriers on by default to improve filesystem integrity.[67]

The ext4 file system allows for different levels of journaling, depending on the needs of the user who may prefer the fastest option of less journaling or the most reliable option ("Journal mode") to ensure a consistent file system - the slowest option - as all data flows through the journal.[68]

Bad disk sectors/clusters NTFS dynamically remaps bad sectors if and when they are encountered with no need to take the drive or file system off line. If the bad sector is encountered during a write or during a read from a fault tolerant volume, the sector is remapped to a safe location and the bad sector is flagged as bad. If the bad sector is encountered during a read operation, the bad sector still flagged, but the file system will return a read error[69].

The Btrfs file system is designed to make the file system tolerant of errors in a process referred to as scrubbing.[70]

There are programs available such as badblocks, which can be used in Linux to scan the disk and locate bad sectors.[71] The e2fsck program can be used to scan the disk in order to find and mark bad sectors, which prevents these bad sectors on the disk being allocated to a file or directory.[72] Badblocks and e2fsck (the file checker for the ext2/3/4 file systems) can only be used offline.

Performance

[edit]
Windows Linux
Process Scheduling NT-based versions of Windows use a CPU scheduler based on a multilevel feedback queue, with 32 priority levels defined. The kernel may change the priority level of a thread depending on its I/O and CPU usage and whether it is interactive (i. e. accepts and responds to input from the user), raising the priority of interactive and I/O bounded processes and lowering that of CPU bound processes, to increase the responsiveness of interactive applications.[73]

The scheduler was modified in Windows Vista to use the cycle counter register of modern processors to keep track of exactly how many CPU cycles a thread has executed, rather than just using an interval-timer interrupt routine.[74]

Memory Management/ Disk Paging Windows NT family (including 2000, XP, Vista, Win7) most commonly employs a dynamically allocated pagefile for memory management. A pagefile is allocated on disk, for less frequently accessed objects in memory, leaving more RAM available to actively used objects. This scheme suffers from slow-downs due to disk fragmentation[citation needed] (if a variable size paging file is specified), which hampers the speed at which the objects can be brought back into memory when they are needed. Windows XP and later can defragment the pagefile, and on NTFS filesystems, intelligently allocate blocks to avoid this problem. Windows can be configured to place the pagefile on a separate disk or partition.[75][self-published source?]. However, this is not default behavior, because[citation needed] if the pagefile is on a separate partition, then Windows cannot create a memory dump in the event of a Stop Error.[76] Microsoft does not recommend disabling virtual memory in Windows because of this reason.[77][78] Also, it is not recommended to place the paging file on a different partition on the same physical hard disk, as this will cause the drive's read/write heads to jump between the Windows and paging file partitions, which causes a loss of I/O performance that outweighs any gains of having the paging file defragmented.[75]

The ideal solution performance-wise is to have the pagefile on a different hard drive from the one where Windows is installed, as this reduces both fragmentation and I/O issues.[75]

The Windows 3.1x family does not have true virtual memory [citation needed] and uses a simpler swapping scheme easily leading to more swapping to disc and therefore more disc fragmentation. Virtual memory support and strict memory protection is limited on the Windows 9x family for the 32-bit processes.[79]

Most hard drive installations of Linux utilize a "swap partition", a partition dedicated exclusively for paging operations. This reduces slowdown due to disk fragmentation from general use.

As disks are much slower than RAM, users can adjust Linux "swappiness" to keep processes in RAM memory for much longer before swapping to disk. Windows does not support such features. The performance requirements are different for desktop and server environments. If processes are moved out of RAM to swap space on disk too often, users will experience slower response times from the computer.[80]

Speculative caching Linux does not feature a built-in predictive or speculative caching,[citation needed] although third-party solutions, such as preload, do exist. Linux also does not support memory priorities which could ensure that such a cache does not inadvertently cause other process memory to be swapped out (or not swapped in) with resulting negative impact on overall performance (see below Priotitized memory).[citation needed]
Prioritized memory With Windows Vista memory prioritization was introduced. Memory priorities are valuable in desktop settings where responsiveness of some processes are more important than overall throughput. Background processes such as search indexers or caches can run with low memory priority to prevent them from gradually causing the memory of more important processes to be swapped out during periods of low-intensity use, sometimes referred to as the "after lunch syndrome"[81]. Linux swaps and frees memory pages using an adapted least recently used algorithm which does not allow memory pages to be marked with priority.[82] [83]
Multimedia performance Multimedia Class Scheduler Service (MCSS) is a Windows service that boosts the CPU and I/O priority of a thread as well as reserving network bandwidth. It allows an application to get prioritized access to CPU for time-sensitive processing (such as multimedia applications) as well as prioritized disk access to ensure that the process is not starved of data to process. Without MCSS multimedia playback may experience glitches or stutter as the load on CPU, IO subsystem or network increases.[84] Linux does not boost the priority of a thread or a process during playback of multimedia nor does it reserve bandwidth.[citation needed]. Linux does support process- and thread priorities, and applications or the user through utilities may set higher or lower priorities.

In late 2010 a patch was developed which balances workload between thread groups[85]. This mitigates the situation where a large number of processes from the same thread group starve out a single multimedia oriented process for resources.

Default file systems The way the default Windows' file system NTFS works causes files to become fragmented, degrading the performance of the system significantly over time, and it requires regular defragmenting to combat this.[86][self-published source?][87][self-published source?] Linux most commonly uses the ext4 filesystem, which is unsupported by Windows. ext4 avoids fragmenting the disk as much as possible. Linux can, if desired by the user, install and run on an NTFS file system - though no mainstream distributions do this by default. [88][self-published source?]

Only very small improvements to performance can be gained from defragmenting UNIX and Linux filesystems.[87][self-published source?]

Temporary files Windows deletes temporary files when Windows and applications close normally[89]. Windows does not automatically remove temporary files left by applications which did not close normally.

This can cause problems in Windows and when running programs in Windows.[89][failed verification]

Before available disk space gets too low for the operating system and applications to function properly, Windows will warn the user about the condition.[90]. The warning includes the option to clean up the system. When invoked, temporary files, restore points, snapshots, browser caches and download directories, offline files etc. can be deleted. The utility also allows compression of "old" files which has not been used recently.

The cleanup utility can be manually configured to run scheduled automatic clean-up, with any combination of cleanup/compression types.[91].

The Windows Event logs are managed with a quota (max size) per log[92]. Windows logs are set to roll around and re-use space when filled[93][94].

Low disk space can interfere with performance of Windows or applications.[89]

Linux distributions use tmpwatch and logrotate to automatically purge unused temporary files and unused log files respectively, at regular intervals as a cron job.

Low disk space, especially for the root directory, /tmp and /home directories can cause problems such as operating system hangs, applications which do not start or hang, or loss of network connections.[95]

Support

[edit]
Windows Linux
Community support Microsoft Developer Network (MSDN), Microsoft TechNet: Resources for IT Professionals, and multitudes of user driven support forums are available at no charge. Additional support is available by 3rd party services such as OEMs. Most support is provided by advanced users and developers over IRC, online forums, and other free community based venues.[citation needed] Professional support is available, but most commonly only utilized by large-scale businesses, and server dependent organizations.[citation needed]
Phone support Retail versions of Windows come with 90-day no-charge phone support[96]

OEM versions (purchased with hardware) are supported by the hardware vendors and subject to the support policies of the each vendor.

Phone support is available with a paid subscription program or a support contract.
Documentation Applications and tools all have a help menu item in the menu bar with access to hypertext based help topics. PowerShell cmdlets all have integrated help topics available as Unix-style man pages.

From Microsoft the following online documentation sources are available:

Most documentation is available online, either in FAQ form or Wiki pages on developers' websites. Detailed documentation for specific commands, programs, functions, libraries, files, and file formats are available through offline documentation systems, such as the man and info pages, which are accessed through the command line, or through graphical viewers. Large applications often come with separate documentation.
Training Many IT courses are written for participants to learn how to use and manage Windows systems and networks. Most computer assistance experts have Windows training and qualifications. [citation needed] Linux is taught in many computing university courses in programming and computer science. [97][98][99] Linux diplomas and certificates are rarely offered.[citation needed] Courses for certifications are provided by Linux Professional Institute and some distributions, such as Red Hat and Ubuntu.
Third Party Documentation Documentation is either written in-house or by a consulting firm for most proprietary software. Documentation for source packages usually in a README file, also man pages, info pages, and other types of generally programmer-supplied documentation.

Platform for third party applications

[edit]
Windows Linux
Operating system integration (Installation)

Strict separation between operating system parts and applications.[100] It is possible to install same software in several different directories. Microsoft's guidelines strongly suggest that software vendors use the Windows Installer for installation. However, many applications are still deployed with alternative installers such as NSIS[citation needed]. Nevertheless, overly simplified application management has several drawbacks such as introducing chances of DLL hell and compatibility issues. The former problem can be solved by using static linking (with a considerable tradeoff in speed and memory consumption).[101][102] In addition to that Microsoft has addressed compatibility issues by providing compatibility layer to older software.[103]

Linux systems often do not separate operating system and (third party) applications at the filesystem level as most popular distributions follow the Filesystem Hierarchy Standard.[104][105][106] This approach stores the program itself, its data, configuration files and logs separately.[107] Usually applications are installed using a package manager such as (not Net connected) APT or RPM,[108][109] which ensures that all applications have their library dependencies satisfied. As packages are incorporated into the system portion of the Linux filesystem tree, installation of any software typically requires administrative privileges.[110] However, it is possible to install software into user's home directory, although it is a complex task as the application needs to be compiled from source. [111] Also, these applications introduce a security risk as they will not be tracked and updated if necessary.

Program distribution

Thousands of programs are available for download from many websites and for purchase on CD/DVD in retail shops. Programs must be downloaded (or purchased on CD/DVD) and installed individually. The user has to search for the application he needs, track dependencies (if any) by hand and ensure safety from malware himself.

The majority of applications are distributed in a binary package format. Each distribution usually has a centralized package repository, where trusted applications are stored and available for download.[112] The dependencies are handled automatically. As there are several common package formats, applications are usually packaged specifically for each distribution. The source code is distributed of most applications, which have a licence which allows to do so.

Software Compatibility

Software Compatibility historically has been very high priority.[113] However, exceptions do exist, even within Microsoft's own applications (particularly with respect to Windows Vista).[114] For example, Windows Vista is not compatible with pre-2005 versions of MS SQL Server.[citation needed]

The distributed software is generally compatible with the current and upcoming versions of the distribution (Linux Standard Base framework guarantees maintaining interfaces for at least 6 years).[115] The same binary packages can be used among systems using the same package manager.[116] and generally can be used among any system providing libraries the package is dependent upon[117] Some compatibility issues existed in the past, when proper packaging guidelines were yet to be established.[118][119]

Shared Library Policy

DLLs are the Windows implementation of shared libraries. DLLs placed in an application (called "private libraries").[120] directory are used in favor to the DLLs in the system folder[121] Historically, Windows 9x and prior versions had no protections on system DLLs, and poorly written programs would often overwrite them at will with incorrect versions, potentially leading to dependency problems.

Almost all shared libraries are installed strictly system wide.[121] Several Linux distributions have had problems with software not packaged for the distribution when updating libraries, since the application programming interfaces of some Open Source libraries are prone to change between releases.[122]

Software updates
  • Windows Update handles only updates to Microsoft software and can deploy driver updates if present on the Windows update site.
  • Some third party software has its own separate update manager.
  • Windows Installer (See Package management system above) does not manage updates.
  • Windows security updates typically require a restart.
The Ubuntu Update Manager on a Ubuntu Linux system showing updates.
  • The Package manager handles updates for software that was installed via the package manager.
  • Updates generally do not require a system restart, with the exception of kernel updates. Updates to applications or libraries require restarting the applications to take effect, but there is usually no need to restart immediately (new instances of the program use the new version).
  • All of the installed programs and the Linux operating system can be kept up to date easily (see picture, above). Keeping the operating system and the installed programs up to date is essential for security.[123]
  • Gentoo allows different versions of software and libraries to be installed in the same system.
  • GoboLinux allows different versions of a program to be run concurrently.[124]

Microsoft has had a longstanding emphasis on backwards compatibility.[113] In general, the Windows API is consistent over time, with new features added; [citation needed] programs designed for earlier versions of Windows often run without issues on later versions. [citation needed] For the sake of progress, however, Microsoft sometimes draws a line precluding support of very old programs. That first happened with Windows 95, where some purely 16 bit Windows 3.1 applications would not work, and again with Windows XP, where certain mixed-bit applications would not work. 64-bit versions of Windows (XP-64 and Vista-64) drop 16-bit support completely. However, 16 bit emulation and the enormous array of application-specific tweaks (“shims”) within new Windows versions[125] ensure that compatibility with old applications remains very high.[126]

In the Linux world, the landscape differs. As most (if not all) parts of the operating system are open source and many Linux programs are open source, when a Linux distribution breaks backward compatibility, anyone willing might write a patch to the operating system or the program itself that would allow the older software to work. In reality though, since many popular Linux distributions uses software repository and the most popular programs exist in the repository, the programs provided in the repository are guaranteed to be compatible with supported versions of the distribution.

Gaming

[edit]

A major attraction of Windows is the large library of video games available for purchase.[citation needed] The majority of current major PC games natively support Windows and are released first (and often only) for the Windows platform.[citation needed] Some of these games can be run on Linux with a compatibility layer like Wine, Cedega or CrossOver. Those that rely on copy protection or undocumented features often require much more effort in order to work properly. It has also been shown that native speeds can be achieved with applications running under WINE. [127]

There are notable exceptions, such as id Software's Doom and Quake series. When a developer chooses to write graphics code with OpenGL instead of DirectX, Linux ports become much easier. In addition, games such as the Unreal Tournament series are written in 3 parts: The core 'engine' of the game, the graphical display system, and the actual game data itself. The first two, typically being compiled programs, require porting, however only the graphical display system will often require much work (Windows to X Window, DirectX to OpenGL, etc.). The third part, the game data itself, is typically written in system-independent file formats and scripting languages. This allows the game developer to separate the actual game experience from platform compatibility. This also serves to reduce the cost of development in 2 ways.

  • There is no need to port the game data to another platform, which eliminates the need to compile and bug-fix the game data for each platform.
  • Future releases of the software can use the same "engine" and graphical display system. This allows game developers to focus more on the game experience, and less on compatibility issues.

OpenGL provides a platform independent, widely accepted and available solution for 3D graphics, but does not address input devices or sound. The Simple DirectMedia Layer(SDL) libraries provide support for these features on both Linux and Windows, and are often used to provide portable gaming support.[128]

There are Open Source games designed specifically for Linux[129], including over 1200 native Linux games[130] with over 220 games using proprietary licenses.[131] While most of these are small casual games like Kolf or Pingus, there are also larger games, such as Freeciv and The Battle for Wesnoth. Many have been ported to work on Windows as well. Some gamers opt to dual boot Windows and Linux, using the Windows partition for gaming and other applications, while using the Linux partition for the needs it addresses better.[citation needed]

Software development

[edit]
Windows Linux
Cross-platform development (Operating system resource access: file system, threads, memory allocation, etc.)
  • Elementary system resource access is provided by the Windows API which is available and kept compatible since Windows NT. Many programs are written for the Windows API and depend on an implementation of that API. Many Microsoft libraries have not been ported to other operating systems.
  • Source compatibility with some UNIX programs is done via POSIX subsystem (Windows NT and 2000), or Subsystem for UNIX applications (formerly Interix) (2000, XP, 2003, Vista). Alternatives for POSIX and Linux compatibility under windows are Cygwin and MinGW.
  • Linux is a UNIX-like operating system which implements most of POSIX functionality.[132] Compatibility between such Unix-like operating systems (such as BSD Unix, Solaris, and Mac OS X) is provided through standards such as the POSIX and system libraries such as glibc. The GNU toolchain has been ported on Windows, as well as GTK, Qt and many other libraries.
  • Under Linux there is no standard widget toolkit implementing GUI utilities such as windows, buttons, labels, etc. Several competing libraries are available, such as GTK, Qt, wxWidgets, Motif. Programs written for these widget toolkits must ensure that required libraries are installed in order to run.
  • Wine providing a reimplementation of the Windows API and the DirectX API to allow Windows programs to run on Linux, although often with glitches.
Cross-platform development (hardware resource access: graphic, audio, input devices, etc.)

For multimedia applications like games, audio and video applications is for Windows the DirectX API available. Almost all major games and multimedia applications rely on this API, given the availability since 1995 and the downward compatibility since then. DirectX is available for the Windows PC platform and the Xbox platform, and by the reimplementation Wine it is also available for Linux. There are also third party libraries and standards available like e. g. OpenGL for 3D graphics, OpenAL for audio and SDL as general purpose multimedia API.

Among the various distributions of Linux there is no widely accepted and general multimedia standard and API available. For 3D graphics OpenGL is as standard available and accepted but for everything else like audio, input devices, networking etc. many different approaches are available.[133][134] An important, widely supported standard for access to audio devices are the Advanced Linux Sound Architecture drivers, which allow for very low latencies and supports sound cards from about 120 vendors including, for example, high-end sound cards used for professional recordings, as well as the JACK Audio Connection Kit. These are extended by audio daemons, such as the PulseAudio system, which integrates different libraries without need for configuration. Various implementations of networked home audio systems, such as the cross-platform Music Player Daemon, are supported.

Driver development

Windows provides extensive, well-documented programming interfaces that enable third parties to develop kernel software that extends and modifies system behavior. Microsoft provides its Windows Driver Kit at no cost, which includes thorough documentation, samples, and tools for building, testing, and deploying drivers. Windows driver programming interfaces are based on standards and specifications, often the product of a process involving leading players in the applicable industry. While Windows drivers are compiled based on specifications, and are not tied to a specific version of Windows, source code for a specific version of Windows may, in theory, be purchased for modification in some circumstances (restrictive), or third-party tools may create modifications. In practice, the availability of Windows source code is generally heavily restricted or extremely expensive, if available at all. However, even where source is available, modification to the operating system can break the EULA, and in turn be prohibited or even illegal.

Linux hardware drivers are mostly developed and released as part of the kernel itself, as free software released in source code form. The driver is considered part of the kernel project, and developers of these drivers are considered to be part of the community of Linux kernel developers. However, driver developers are responsible for keeping their drivers up to date; drivers which are not actively maintained are removed from the kernel.[135]

The kernel group does not publish a programming interface for third-party drivers released in compiled binary-only form. Nonetheless, third-party closed-source binary drivers are not uncommon, especially for graphics hardware. Usually they consist of the binary driver itself and an open-source driver interface which is compiled on installation.[136] Because binary-only drivers are released only for specific machine architectures (usually Intel x86 and x86-64) they are not supported on the full set of architectures that the Linux kernel itself supports.

IDEs & Compilers

Several commercial IDEs for sale, such as Microsoft's Visual Studio, or Embarcadero Embarcadero Delphi. Multiple free or gratis IDEs and compilers, including the GNU Compiler Collection, Eclipse, NetBeans, Pelles C, lcc32, Borland C++, Visual Studio Express (Visual C++, C#, and VB.NET compilers), .NET compilers freely included in .NET Framework, Sharpdevelop, Free Pascal

Several commercial IDEs and compilers for sale such as PGI, Intel, and Absoft's Fortran compilers[citation needed]. Multiple free IDEs and compilers, the most common of which are often included in distributions, including the GNU Compiler Collection, Eclipse, NetBeans, Mono, MonoDevelop, Qt, Geany, Anjuta, KDevelop, Free Pascal, OpenLDev, Code::Blocks

Security

[edit]

The actual security of the operating system can be affected by the actions performed by the user, such as tampering with security settings, tampering with network settings or running malicious executables or "malware". Users with administrative privileges have more control and so do the programs the user runs with these elevated privileges.

Threats and vulnerabilities

[edit]
Windows Linux
Malware As of 2009, well over 2 million malware programs target Windows.[1] Botnets – networks of infected computers controlled by malicious persons – with more than one million computers have been witnessed.[137]

Microsoft recommends the use of anti-virus software [138] in Windows and the Windows Action Center (previously called the "Windows Security Center") checks to see if anti-virus software is installed and alerts the user if it can't detect an anti-virus program.[139] As a result of users following this recommendation, there are consequences[weasel words] of using anti-virus software which are not caused by Windows itself: Anti-virus programs have, in the past, damaged Windows due to faulty signatures,[140] which has resulted in costly IT repairs and disruption to businesses.[141] There are other issues of concern pertaining to the use of anti-virus software.

As of 2006, more than 800 pieces of Linux malware had been discovered.[142] Some malware has propagated through the Internet.[143] However, in practice, reports of bonafide malware presence on Linux-based systems are extremely rare.[144][145] Nonetheless, anti-malware tools such as ClamAV and Panda Security's DesktopSecure for Linux do exist. These programs are mainly intended[144] to filter Windows malware from emails and network traffic traveling through Linux-based servers. The extreme rarity of this type of occurrence is such that it is not usually necessary to use anti-malware programs.[144]

Various distributions are configured to use address space layout randomization and NX memory protection by default.

Open vs. Closed Since 2004 developed using the formalized process Security Development Lifecycle.

Only Microsoft-employed programmers (or licensed third-parties) can fix bugs.

There is a public review process for the source code. Anyone is free to enter this process by submitting patches for public review and inclusion in future releases and updates. Any patch must be signed off by the maintainers of a portion of code, the subsystem maintainers and further up the development chain. [146] The theory that it is reviewed by so many people that bugs are detected is referred to as Linus' law.
Vulnerabilities

Nonsponsored research from Aberdeen Group (2003)[147], Forrester Research (2004)[148], CERT (2006)[149], Symantec (2007)[150] and IBM (2009)[151] found that Windows experienced fewer vulnerabilities overall as well as fewer high-risk vulnerabilities when compared to Linux.

In an assessment report from 2004 by the former editorial director of LinuxWorld, Nicholas Petreley, he states that vulnerability counts alone cannot be used to reliably compare the overall security of Linux and Windows. The report talks about the overall security design of Linux and Windows. In the report, Nicholas Petreley claimed that Linux is less vulnerable (but not 100% immune) to malware compared to Windows.[152]

Response speed Microsoft releases bug fixes on a monthly schedule in a stated attempt to help enhance the manageability and predictability of the patch management process[153].

In 2004 a Forrester Research report [154] found that Microsoft patched vulnerabilities with an average all-days-risk of 25 days, faster than the 57 days of Red Hat Linux.

A 2007 Symantec research report found that Microsoft had an average patch time between 18 and 23 days, faster than the 36 and 49 of Red Hat, the best Linux distribution.[155].

There are known security vulnerabilities which Microsoft will not patch on supported versions of Windows, such as Windows XP - which is supported by Microsoft until April 2014. Windows XP will not receive security patches to fix vulnerabilities which affect TCP/IP.[156] Also Windows 2000 did not receive patches for known TCP/IP vulnerabilities during the time which Windows 2000 was still supported;[157] Windows 2000 support from Microsoft ended in July 2010.

Also there have been cases when Microsoft has been aware of security vulnerabilities and not fixed them for longer periods of time. A critical networking vulnerability which security firm eEye had reported to Microsoft was fixed 200 days after Microsoft was notified about it.[158]. A privilege escalation vulnerability was reported to Microsoft in June 2009 by Google security researcher Tavis Ormandy. After waiting several months and seeing no patch released, he made the flaw public.[159][160] The fix/patch was released to Windows users in February 2010.[161] In another case which came to light in January 2010, Windows users' had to wait at least another 28 days for security patches to fix a known vulnerability affecting the Server Message Block (SMB) in Windows 7 and Windows 2008R2, which could be exploited remotely.[162]

Unless the vulnerability information has been publicly disclosed by another party prior to the patch, the release will coincide with vulnerability disclosure. This minimizes the higher-risk period between public vulnerability disclosure and patch availability.

Bugs can be fixed and rolled out within a day [citation needed] of being reported, though usually it takes a few weeks before the patch is available on all distributions.

In the 2004 Forrester Report[154] the best Linux distributions (Red Hat and Debian) had an average all-days-risk of 57, slower than the 25 days for Windows. The report was met with skepticism from the Linux community[163].

A 2007 Symantec research report[155] found that the Red Hat Linux distribution had an average patch time of between 36 and 49 days compared to Windows' 18 to 23 days.

In 2010 Jonathan Corbet called attention to a practice among kernel developers which lead to at least 18 fixes in the 2.6.32.9 kernel which had not been classified as security flaws although he found them to have clear security implications[164]. Linus Torvalds (founder of Linux) is quoted for saying that he doesn't care for labeling updates and changes to Linux as a security fix in a security advisory[165]. As David Woodhouse told The Register[166] not labelling fixes as having security implications can lead to the fix not being back-ported to older (but still maintained) versions of the distributions.

There have been other cases where the Linux vulnerability fixing process has overlooked a vulnerability even though it had been reported[167], where a vulnerability has been inexplicably re-introduced after it had been fixed once and then left vulnerable for 2 years[168], and where Linux distributions have failed to back-port a vulnerability fix to older (but still active) versions due to the lack of a proper vulnerability disclosure[169].

Vulnerabilities are implicitly or explicitly disclosed when security bug-fixes are submitted to the Linux kernel source tree. These changes are submitted when testing has been completed, not on a fixed schedule. However, each Linux distribution must then adopt the changes and create patches for that specific distribution. The period between the disclosure of the vulnerability in the public source tree and the practical availability in the Linux distributions is referred to as distribution-days-of-risk in the 2004 Forrester Report. The distribution-days-of-risk are of higher risk as the vulnerability information is publicly available through this period.

Modular vs. monolithic design Windows is monolithic and this design makes it less secure and use more resources as a result.[170][non-primary source needed][171][non-primary source needed] Linux is modular and does not have the same security disadvantages nor the higher resource requirements compared to Windows.[172][non-primary source needed][173]

Access control

[edit]
Windows Linux
Filesystem permissions

Linux has a traditional Unix-like "user, group, other" approach to filesystem permissions at a minimum.[174] This approach is extended by Access Control Lists on some filesystems. There are some optional, Linux-specific frameworks such as AppArmor and SELinux which add even finer-grained controls over which users and programs can access certain resources or perform certain operations. Some distributions use them out of the box.[175] SELinux can be configured to policies as Role-Based Access Control and multilevel security, which are demanded, for example, in military environments.

Linux executable files must be set as executable, which helps unsuspecting users to avoid malware, trojan horses etc.[176][177] Linux distributions such as Ubuntu will not allow a .desktop file (which is a file shortcut) to execute a target file unless the target file is set executable or installed from a trusted software repository.[176]

Privileged system functions A Linux system has traditionally used a single root user who has exclusive access to perform the privileged system operations. Unlike in Windows, the permissions to perform these privileged operations are hardwired to this user and the privileges cannot be delegated in whole or part to other user accounts. In Linux it is the privilege to run as the root user which can be delegated.[178] When a non-root user needs to perform a privileged operation (e.g. change a password), the user needs to temporarily log in as the root user or run a process with root as the effective user of the process.
  • To temporarily log in as the root user, the su utility is used, along with the correct password. However, this means that multiple users with administrative responsibilities will share the root account and password, which is not considered a security best-practice. Some distributions (e.g. Ubuntu[179]) disable log-in for the root user to avoid this.
  • To allow a user to execute a process with root as the effective user, a SUID root executable can be used. A special SUID root utility, sudo, is available which can be configured with more fine-grained access control to system operations than what is possible with the default file system permissions. sudo can also request extra confirmation from the user prior to executing the privileged operation.

Logging in as or running a process with root privileges (root as the effective user) is not in keeping with the Principle of least privilege security best-practice. A security flaw in the process can allow an attacker unrestricted system access. Extensions/patches such as SELinux, AppArmor or grsecurity can mitigate this problem. The patch/extension hooks into every system operation and for each invocation it compares the attempted action against a policy/profile for the particular process, e.g. ensuring that the ping utility can only access network sockets and not the entire system, even if an exploitable vulnerability exists.

Linux does define a number of Linux capabilities[180] akin to Windows privileges, but these are not practically available[181] except for the Fedora distribution. Fedora has from release 15 changed system utilities to utilize capabilities instead of the unrestricted SUID model[182] .

User Accounts In Windows Vista and later versions, all logged-in sessions (even for those of "administrator" users) run with standard user permissions, preventing malicious programs (and inexperienced users) from gaining total control of the system. Processes that require administrator privileges can be run using the User Account Control (UAC) framework. For standard users, this presents a credentials dialogue (example) that requires the password of a member of the administrators group (who are listed). For users who are already logged in as an administrator, only confirmation is necessary. The first user account created during the setup process is automatically a member of the administrators group; if the user does not manually create another user account which runs with fewer privileges, the administrator account in use means that in Windows versions prior to the introduction of the UAC, malicious programs could gain full control over the system. Security exploits have been able to bypass the protection offered by the User Account Control.[183] It is possible for users to disable the UAC or lower the UAC security level in order to reduce the number of prompts; disabling the UAC is not recommended. Users typically run as limited accounts, having created both administrator (named "root") and at least one user account during installation. In most Linux distributions, there are commands (su, sudo) that will temporarily grant elevated permissions to processes that need it. Like in Windows, the administrator (su) or user (sudo) password is required to access such commands. Errors done with these elevated privileges can lead to severe damage to the system. As an alternative to this approach, the Ubuntu Linux distribution disables the root account by default and the password for the root account is locked. This setup exists for security and safety reasons. Ubuntu also prohibits the use of su and uses sudo instead, which is safer. Ubuntu users do not use the root account and the Ubuntu documentation does not support or recommend trying to unlock the root account, but recommends that: "Ideally, you run as a user that has only the privileges needed for the task at hand".[179]

New frameworks such as PolicyKit exist to restrict the actions of programs running with elevated privileges - PolicyKit is now included in Ubuntu, Fedora, OpenSUSE and many other distributions.

Exploit mitigation and prevention

[edit]
Windows Linux
ASLR and NX/DEP Linux has Address Space Layout Randomization (ASLR) combined with Data Execution Protection/No Execute bit (DEP/NX) enabled in the kernel by default. Security researcher Charlie Miller (security researcher) considers the default Linux ASLR a weak form compared to the full ASLR of Windows Vista[184]unless the Linux distribution include one of the PaX or ExecShield patches.

PaX and ExecShield are not in the mainline kernel. PaX is included with grsecurity while ExecShield is included with SELinux. Mainstream distributions such as Ubuntu do not use any of these patches. Red Hat Enterprise Server includes SELinux.

Both grsecurity and SELinux comes with increased CPU overhead.[185]

Integrity protection

[edit]
Windows Linux
Runtime kernel integrity 64-bit versions of Windows have, since Windows XP, employed Kernel Patch Protection. Kernel Patch Protection will periodically check the integrity of central kernel structures and tables, and if it determines that the kernel has been tampered with it will halt the system[186].

Microsoft does not claim that Kernel Patch Protection can stop all malicious code, but they do take the position that "Protecting the integrity of the kernel is one of the most fundamental steps in protecting the entire system from malicious attacks and from inadvertent reliability problems that result from patching"[187]

No runtime kernel integrity checks.[citation needed]
Persistent kernel integrity Beginning with Windows XP, 64-bit versions of Windows have required that kernel mode drivers be digitally signed to be loaded. With Windows Vista this requirement was expanded to the entire kernel on 64-bit versions of Windows. Microsoft calls this Kernel Mode Code Signing (KMCS).[188] KMCS requires that all the kernel files on disk are digitally signed or resides within a digitally signed catalog file.[189] This requirement can protect against malicious code tampering with kernel binaries or driver code to inject attack code and hijack program flow. If a file has been tampered with, the signature will not be valid for the file.

Drivers can be signed with certificates obtained from a number of certificate authorities which are trusted by Windows, i.e. a device vendor can develop and sign a driver without Microsofts consent. Driver signing does not prevent an attacker from obtaining such a certificate and create a malicious, signed driver which will be accepted by the system should she succeed in placing it in the boot path. However, to obtain a certificate an identity check is performed by the certificate authority. Also, drivers signed with a certificate that is later determined to be used to sign malicious code, can be disabled by revoking the certificate at any time.

Linux does not perform integrity checks on the kernel or drivers before loading.[citation needed]
Boot process integrity Windows does not protect against boot loader tampering, other than requiring system privileges to change the disk sector where the boot loader code resides.

Malicious code and malware (such as the TDL4 rootkit), have been able to avoid the Windows kernel integrity mechanisms by taking control of the boot loader code.[190][191]

With Windows 8 (next version of Windows) the boot loader will be digitally signed (integrity protected) as well. The Unified Extensible Firmware Interface can be set to verify the integrity of the boot loader before giving it control of the boot process.

Linux does not protect against boot loader tampering, other than requiring root privileges to change the disk sector where the boot loader code resides.

Firewall

[edit]
Windows Linux
Basic rules Windows has a built-in Windows Firewall which has all basic firewall features[192] :
  • Both inbound and outbound rules
  • Rules for specific local ports, remote ports and IP protocols
  • Rules can be scoped by both local and remote IP addresses
  • Rules can allow or block connections
  • The firewall can log accepted and/or rejected traffic

The firewall rules describe connections (depending on protocol) and do not allow the fine-grained single-packet filtering of the Linux kernel firewall.

Linux has a built-in Linux kernel netfilter firewall.

The firewall/netfilter has all basic firewall features:

  • Both inbound and outbound rules
  • Rules for specific local ports, remote ports and IP protocols
  • Rules can be scoped by both local and remote IP addresses
  • Rules can allow or block connections/packets
  • The firewall can log traffic based on matching rules.

The firewall allows fine-grained packet inspection, down to individual fragments.

Advanced rules Rules can be set to only activate for certain applications (by executable path) and/or services (by service name)[193] . For instance, a rule can be set to only allow incoming traffic on given port if the recipient is a specific instant messaging client. The same feature can also be used to ensure that only specific programs/services are allowed to connect to the Internet, thus controlling "phone-home" behavior of programs.

Windows Firewall also integrates with the user directory and allows rules to be set up on condition that the attempted connection is authenticated and optionally encrypted[193]. As part of this, access can be restricted by using access control lists on individual rules or ports, for instance allowing only certain users to access the internet or allowing only certain remote (authenticated) computers to access services.

Default state A Linux distribution can decide whether configure the netfilter with default rules. For instance, Ubuntu does not filter any traffic in the firewall by default. The firewall is not activated because Ubuntu has no outward-facing services. There are no programs that allow incoming connections from the Internet apart from those which are under the user's control.[194] Ubuntu does, however, have a policy of "No Open Ports" and states: "Default installations of Ubuntu must have no listening network services after initial install. Exceptions to this rule include network infrastructure services such as the DHCP client and mDNS (Avahi/ZeroConf, see ZeroConfPolicySpec for implementation details and justification). When installing Ubuntu Server, the administrator can, of course, select specific services to install beyond the defaults (e.g. Apache)."
Configuration The Linux firewall can be controlled/configured through a user-mode program called iptables, or other tools which can access netfilter. iptables is a scriptable command-line tool. The firewall can also be controlled through an API. Graphical front-ends and online "rule generators" exist, but they do not allow all firewall features to be controlled. One example is the Uncomplicated Firewall (UFW) and its associated GUI tool Gufw distributed with Ubuntu.

Security certifications

[edit]
Windows Linux
Security certification (Common Criteria) As of October 2011 all major versions of Windows have obtained EAL4+ certification:
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Vista Enterprise
  • Windows Server 2008 Standard, Enterprise and Datacenter Editions
  • Microsoft Windows Server 2003 SP2 including R2, Standard, Enterprise, Datacenter, x64, and Itanium Editions
  • Windows XP Professional SP2 and x64 SP2
  • Windows XP Embedded SP2
  • Microsoft Windows Server 2003 SP1 (x86) and x64 Edition, Standard, Enterprise, and Datacenter
  • Windows Server 2003 SP1 (IA64), Enterprise and Datacenter
  • Windows XP Professional SP2 (x86) and x64 Edition
  • Microsoft Windows 2000 Professional, Server, and Advanced Server with SP3
As of October 2011 the following Linux distributions have obtained EAL4+ certifications:
  • Wind River Linux Secure 1.0
  • Red Hat Enterprise Linux Ver. 5.3 on Dell 11G Family Servers
  • Red Hat Enterprise Linux Version 5.1
  • SUSE Linux Enterprise Server 10 SP1
  • Red Hat Enterprise Linux Version 5
  • Red Hat Enterprise Linux (RHEL) Version 4 Update 1 AS and Red Hat Enterprise Linux (RHEL) Version 4 Update 1 WS

The following Linux distributions have obtained EAL3+ certifications:

  • Red Hat Enterprise Linux (RHEL) Advanced Server (AS) Version 3 Update 5 Running on Unisys ES7000 Hardware models 405, 410, 420, 430, and 440
  • Red Hat Enterprise Linux (RHEL) Advanced Server (AS) Version 4 Running on Unisys ES7000 Hardware models 405, 410, 420, 430, 440, 505, 510, 520, 530, 540, and one
  • Red Hat Enterprise Linux Version 4 Update 4
  • Red Hat Enterprise Linux Version 4 Update 2 AS & Red Hat Enterprise Linux Version 4 Update 2 WS
Absence of a Linux distribution certification does not mean that it cannot meet the criteria for certification; it may be that no certification has been applied for.

Localization

[edit]

It is easy to have multiple languages installed in both operating systems and to switch between them while the user is logging in. In MS Windows, localization can be provided by a separate installation of the operating system, the Multilingual User Interface (MUI) can be used to provide multiple languages on one installation, and in certain editions of Windows (such as Ultimate) it is possible to switch languages from the control panel.

In Linux the language can be chosen separately for any subsession and any instance of a program (by setting environment variables), separately for different aspects of the locale (date format, collation, message language etc.).

See also

[edit]

References

[edit]
  1. ^ a b Kalkuhl, Marcus; Preuss, Marco (14 August 2009). "Malware Beyond Vista and XP". Viruslist.com. Kaspersky Lab. Retrieved 17 December 2009.
  2. ^ "Windows malware dwarfs other viral threats". The Register. 13th September 2010 10:57 GMT. Retrieved 2011-10-4. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  3. ^ "Red Hat: Move to Linux Saved FAA $15 Million". Retrieved 2011-10-24.
  4. ^ "FAA manages air traffic with Linux". May 1, 2006. Retrieved 2011-10-24.
  5. ^ a b "Microsoft server crash nearly causes 800-plane pile-up Failure to restart system caused data overload". 21 September 2004. Retrieved 2011-10-24.
  6. ^ "Porting Shell Scripts". Retrieved 9 October 2011.
  7. ^ "NT vs. Linux". 9 February 2000. Retrieved 20 February 2008.
  8. ^ "Linux vs Windows (a comparison)". 20 June 2005. Retrieved 16 March 2008.
  9. ^ "CLI magic: shell programming". Linux.com. 15 March 2004. Retrieved 16 March 2008.
  10. ^ Clean Install Procedure with Illustrative Screen Captures, The Elder Geek
  11. ^ Sjouwerman, Stu; Tittel, Ed (1999). Windows NT and Hardware. Pearson Education (web outtake: Microsoft TechNet) (published September 1999). ISBN 978-0-73-570922-5. Retrieved 12 April 2008. {{cite book}}: |work= ignored (help)
  12. ^ http://www.playtool.com/pages/chipsetdrivers/chipset.html How to install your motherboard chipset drivers
  13. ^ http://www.playtool.com/pages/installgraphics/install.html How to install display drivers for your video card
  14. ^ "Nvidia driver installation procedure". help.ubuntu.com. Retrieved 20 February 2011.
  15. ^ Russinovich, Mark. E. (2008). Windows internals : including windows server 2008 and windows vista (5th ed.). Redmond, Wash.: Microsoft Press. p. 69. ISBN 978-0-7356-2530-3. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  16. ^ "Microsoft Halloween documents leak".
  17. ^ "RestrictedFormats". Community Ubuntu Documentation. help.ubuntu.com.
  18. ^ "Ext2 File System Driver for Windows". Sourceforge.net.
  19. ^ "ReiserFS for Windows".
  20. ^ Hicks, Alan; Lumens, Chris; Cantrell, David; Johnson, Logan (2005) [1998]. "7". Slackware Linux Essentials. ISBN 1-57176-338-4. Retrieved 18 December 2009.
  21. ^ "Windows dual boot". help.ubuntu.com. Retrieved 20 February 2011.
  22. ^ "KGRUBEditor". Kde-Apps.org. Retrieved 20 February 2011.
  23. ^ "GrubConf – GRUB Graphical Configuration Editor". Sourceforge.net. Retrieved 20 February 2011.
  24. ^ Adrian Kingsley-Hughes (10 July 2007). "Dual-Booting XP and Linux: It's Really Easy!". ZDNet. CBS Interactive. Retrieved 18 December 2009.
  25. ^ "Windows User Experience Interaction Guidelines". Microsoft. 29 September 2010. Retrieved 3 April 2011.
  26. ^ "KDE human interface guidelines". Kde.org. 17 March 2000. Archived from the original on 22 May 2009. Retrieved 20 February 2011.
  27. ^ "GNOME Human Interface Guidelines 2.2.1". Retrieved 20 February 2011.
  28. ^ "Microsoft Accessibility". Microsoft. Retrieved 20 February 2011.
  29. ^ "KDE Accessibility Project". Kde.org. Retrieved 20 February 2011.
  30. ^ "Gnome Accessibility wiki". Gnome.org. Retrieved 20 February 2011.
  31. ^ "Windows Speech Recognition". Microsoft.
  32. ^ Tony Bradley. "Ditch Your Keyboard With Windows Voice Commands". PC World.
  33. ^ http://www.linuxnewbieguide.org/content/chapter-3-choosing-linux-distribution
  34. ^ "The Linux-Kernel Mailing List FAQ". The Linux Kernel Archives. 17 October 2009. Retrieved 18 December 2009.
  35. ^ "Enabling Ctrl+Alt+Backspace to Kill X in Linux and Ubuntu GNOME". Digitivity.org.
  36. ^ Mark Shuttleworth (4 November 2010). "Unity on Wayland". The next major transition for Unity will be to deliver it on Wayland....
  37. ^ Adam Jackson (ajax) (9 November 2010). "[Re:] Ubuntu moving towards Wayland".
  38. ^ "Restart Manager". Microsoft TechNet.
  39. ^ "Restart Manager". Microsoft Developer Network (MSDN).
  40. ^ Nellitheertha, Hariprasad. "Reboot Linux faster using kexec". IBM developerWorks.
  41. ^ "Using Hotpatching Technology to Reduce Servicing Reboots".
  42. ^ Russinovich, Mark. E. (2008). Windows internals : including windows server 2008 and windows vista (5th ed.). Redmond, Wash.: Microsoft Press. p. 242. ISBN 978-0-7356-2530-3. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  43. ^ "Windows-to-Linux roadmap: Part 1. Thinking in Linux". IBM developerWorks. 11 November 2003. Retrieved 17 March 2008.
  44. ^ Brian Hatch (9 April 2003). "The Upgrade Process: Restarting vs Rebooting". Retrieved 17 March 2008.
  45. ^ "Restart Manager: it was never so easy to recover from an application hang". Ars Technica.
  46. ^ "Application Recovery and Restart". Microsoft Developer Network (MSDN).
  47. ^ "What are the system recovery options in Windows 7?". Microsoft.
  48. ^ "What happened to the Recovery Console?". Microsoft. Retrieved 20 February 2011.
  49. ^ "etckeeper".
  50. ^ "GRUB2 - Boot Display Behavior - Last Boot Failed or Boot into Recovery Mode". 18 May 2011. Retrieved 18 May 2011.
  51. ^ "The Move To Linux - Encrypted Disk Issues". Linux Journal.
  52. ^ "Create a system repair disc". Microsoft.
  53. ^ Cite error: The named reference windowsbackuprestore was invoked but never defined (see the help page).
  54. ^ "What is btrfs?". 2011-10-05 13:14:34. Retrieved 2011-10-18. {{cite web}}: Check date values in: |date= (help)
  55. ^ Russinovich, Mark. E. (2008). Windows internals : including windows server 2008 and windows vista (5th ed.). Redmond, Wash.: Microsoft Press. p. 989. ISBN 978-0-7356-2530-3. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  56. ^ "Self-healing NTFS in Windows Server 2008 and Windows Vista". Microsoft TechNet.
  57. ^ "Self-healing NTFS keeps admins one step ahead of data corruption".
  58. ^ "NTFS Chkdsk Best Practices and Performance". Microsoft. Do not run Chkdsk on a volume unless it has been marked 'dirty' by the file system. Microsoft recommends querying the file system for whether it is 'dirty' before running Chkdsk.
  59. ^ "Error Message: The File or Directory Is Corrupt..." Last Review: September 11, 2011. Retrieved 2011-10-17. {{cite web}}: Check date values in: |date= (help)
  60. ^ a b "HOW TO CHANGE THE PERIODIC DISK CHECK IN UBUNTU (FSCK)". 17 May 2009. Retrieved 2011-10-17.
  61. ^ "Reducing Support Costs with Windows Vista, Windows disk diagnostics". Microsoft.
  62. ^ a b "How to predict hard disk failure in Ubuntu with 3 clicks?". May 19, 2010. Retrieved 2011-10-18.
  63. ^ Russinovich, Mark. E. (2008). Windows internals : including windows server 2008 and windows vista (5th ed.). Redmond, Wash.: Microsoft Press. pp. 974–988. ISBN 978-0-7356-2530-3. NTFS recovery support ensures that if a power failure or a system failure occurs, no file system operations (transactions) will be left incomplete and the structure of the disk volume will remain intact without the need to run a disk repair utility. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  64. ^ "The How-To Geek Guide to Using Check Disk in Windows 7 or Vista". Retrieved 2011-10-17.
  65. ^ http://oss.oracle.com/projects/btrfs/
  66. ^ "Anatomy of Linux journaling file systems Journaling today and tomorrow". IBM. Retrieved 2011-10-20.
  67. ^ http://kernelnewbies.org/Ext4#head-25c0a1275a571f7332fa196d4437c38e79f39f63
  68. ^ "Anatomy of ext4". IBM. Retrieved 2011-10-20.
  69. ^ Russinovich, Mark. E. (2008). Windows internals : including windows server 2008 and windows vista (5th ed.). Redmond, Wash.: Microsoft Press. pp. 986–987. ISBN 978-0-7356-2530-3. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  70. ^ "Linux 3.0 scrubs up Btrfs, gets more Xen". 2011-07-22. Retrieved 2011-10-28.
  71. ^ http://manpages.ubuntu.com/manpages/intrepid/man8/badblocks.8.html
  72. ^ http://linux.die.net/man/8/e2fsck
  73. ^ Windows NT Kernel Thread Scheduling[dead link]
  74. ^ "Inside the Windows Vista Kernel: Part 1". Microsoft Technet. February 2007. Retrieved 20 February 2011.
  75. ^ a b c "XP Myths: Paging File - Moving".
  76. ^ "How to configure paging files for optimization and recovery in Windows XP". Microsoft. 12 July 2007. Retrieved 20 February 2011.
  77. ^ "How to change the size of the virtual memory paging file". Microsoft. Retrieved 20 February 2011.
  78. ^ "How to change the size of virtual memory". Microsoft. Retrieved 20 February 2011.
  79. ^ "Windows 95 Architecture Components". Microsoft Technet. Retrieved 20 February 2011.
  80. ^ "Swap Faq". Community Ubuntu Documentation. help.ubuntu.com. 26 November 2010. Retrieved 20 February 2011.
  81. ^ Mark, Russinovich. "Inside the Windows Vista Kernel: Part 2". Microsoft TechNet. Retrieved 4 September 2011.
  82. ^ Cesati, Daniel P. Bovet, Marco (2005). Understanding the Linux Kernel (3rd ed.). Boston, MA: Safari Tech Books Online. pp. 691–697. ISBN 978-0-596-00565-8.{{cite book}}: CS1 maint: multiple names: authors list (link)
  83. ^ Mauerer, Wolfgang (2008). Professional Linux kernel architecture ([Online-Ausg.] ed.). Indianapolis, IN: Wiley Pub. pp. 1027–1092. ISBN 978-0-470-34343-2.
  84. ^ Mark, Russinovich. "Inside the Windows Vista Kernel: Part 1". Microsoft TechNet.
  85. ^ "The ~200 Line Linux Kernel Patch That Does Wonders". Phoronix. Retrieved 4 September 2011.
  86. ^ "How to make a computer faster: 6 ways to speed up your PC". Microsoft. Retrieved 20 February 2011.
  87. ^ a b "Microsoft Windows Performance Disk I/O".
  88. ^ "Why doesn't Linux need defragmenting?". 17 August 2006. Retrieved 20 February 2011.
  89. ^ a b c "Errors and freezes -- Adobe Reader -- Windows". Last updated 2010-12-02. Retrieved 2011-10-1. {{cite web}}: Check date values in: |accessdate= and |date= (help) See step 12: "Optimize handling of temporary files by Windows."
  90. ^ "Description of the Low Disk Space Notification in Windows XP". Microsoft.
  91. ^ "Automating Disk Cleanup Tool in Windows". Microsoft Support.
  92. ^ "Set Maximum Log Size". Microsoft TechNet.
  93. ^ "Set Log Retention Policy". Microsoft TechNet.
  94. ^ "Event log retention".
  95. ^ "Low Disk Space Conditions on SUSE". Novell.
  96. ^ "Microsoft No Charge Support". Microsoft.
  97. ^ Oren Laada. "Structured Linux Kernel Projects for Teaching Operating Systems Concepts" (PDF). Columbia University Dept of Computer Science. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  98. ^ Alessio Gaspar, Clark Godwin. "Root-kits & Loadable Kernel Modules: Exploiting the Linux Kernel for Fun and (Educational) Profit" (DOC). University of South Florida Polytechnic.
  99. ^ Rob Hess, Paul Paulson. "Linux Kernel Projects for an Undergraduate Operating Systems Course" (PDF). Oregon State University School of Electrical Engineering and Computer Science.
  100. ^ "Windows File protection". Microsoft. Retrieved 20 February 2011.
  101. ^ "Static linking tradeoff".
  102. ^ Collberg, Christian; Hartman, John H.; Babu, Sridivya; Udupa, Sharath K. "Static linking to solve DLL hell".
  103. ^ "Windows XP compatibility mode". Microsoft.
  104. ^ "Debian policy on FHS compliance". Debian.org. Retrieved 20 February 2011.
  105. ^ "Ubuntu file system tree overview". help.ubuntu.org. Retrieved 20 February 2011.
  106. ^ "Filesystem Hierarchy Standard".
  107. ^ Alkalay, Avi. "The Importance of Clear Separation Between Four Parts". Linux.org. Retrieved 20 February 2011.
  108. ^ Frey, John. "Popular Linux package managers". Retrieved 20 February 2011.
  109. ^ Hess, Joey (26 April 2008). "Comparing Linux/UNIX Binary Package Formats". Kitenet.net/~joey. Archived from the original on 19 June 2008. Retrieved 23 March 2010.
  110. ^ "Ubuntu software installation guide". help.ubentu.com. 4 December 2010. Retrieved 20 February 2011.
  111. ^ "Non-root (Local user) APT installs into user home directories". Ubuntu brainstorm. 8 April 2008. Retrieved 2 May 2010.
  112. ^ "Debian package repository". Debian.org.
  113. ^ a b "Raymond Chen on Backward compatibility".
  114. ^ McLaws, Robert (27 September 2006). "The Truth About Visual Studio Support on Windows Vista". Windows-now.com. Archived from the original on 27 September 2006. Retrieved 12 April 2008. {{cite news}}: |archive-date= / |archive-url= timestamp mismatch; 9 February 2007 suggested (help)
  115. ^ "Linux Standard Base roadmap". The Linux Foundation. Retrieved 20 February 2011.
  116. ^ Murdock, Ian. "Ubuntu vs. Debian, reprise". Retrieved 14 December 2010.
  117. ^ Sanford, Allen. "Installing RPM Files Using Alien: Ubuntu, Debian". Retrieved 14 December 2010.
  118. ^ Weinstein, Paul (11 September 2003). "Is Linux Annoying?". linuxdevcenter.com. Retrieved 10 April 2010.
  119. ^ Anderson, Rick (11 January 2000). "The End of DLL Hell". Microsoft.com. Archived from the original on 5 June 2001. Retrieved 7 July 2010.
  120. ^ a b Desitter, Arnaud (15 June 2007). "Using static and shared libraries across platforms; Row 9: Library Path". ArnaudRecipes. Archived from the original on 1 June 2008. Retrieved 7 July 2010.
  121. ^ Zollner, Karl (4 August 2004). "LSB and "Dependency Hell": the Buck Stops Here". www.osnews.com. Retrieved 10 April 2010.
  122. ^ "How to keep your Ubuntu Linux system up to date". 20 July 2008. Retrieved 20 February 2011.
  123. ^ "GoboLinux at a glance". GoboLinux. Retrieved 17 March 2008.
  124. ^ "Vista will ship with thousands of application shims to accommodate legacy applications".
  125. ^ "Application Compatibility Cookbook". The Windows Vista and Windows Server 2008 Developer Story. Microsoft Developer Network. April 2007. Retrieved 12 April 2008.{{cite web}}: CS1 maint: date and year (link)
  126. ^ "Benchmark tests for WINE". Winehq.org.
  127. ^ "Official libSDL webpage".
  128. ^ "List of Games for Debian". Debian.org.
  129. ^ "Linux/Unix games list".
  130. ^ "Proprietary License Games".
  131. ^ Nandrha, Ian. "POSIX.1 (FIPS 151-2) Certification".
  132. ^ Melanson, Mike (1 May 2007). "Welcome To The Jungle". Blogs.adobe.com. Retrieved 16 December 2010.
  133. ^ Poettering, Lennart (24 September 2008). "A Guide Through The Linux Sound API Jungle". 0pointer.de. Retrieved 4 April 2010.
  134. ^ "Android related code to be removed from Linux kernel". 3 February 2010. Retrieved 20 February 2011.
  135. ^ "NVidia kernel driver interface compilation". NVidia Corporation.
  136. ^ Dutch Botnet Suspects Ran 1.5 Million Machines – Security Technology News by TechWeb
  137. ^ "List of antivirus software vendors". July 20, 2011. Retrieved 2011-10-2. {{cite web}}: Check date values in: |accessdate= (help)
  138. ^ "Use antivirus software that Windows doesn't find". Retrieved 2011-10-2. {{cite web}}: Check date values in: |accessdate= (help)
  139. ^ "AVG incorrectly flags user32.dll in Windows XP SP2/SP3". Retrieved 2011-10-2. {{cite web}}: Check date values in: |accessdate= (help)
  140. ^ "McAfee to compensate businesses for buggy update". 27 April, 2010 17:19. Retrieved 2011-10-2. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  141. ^ InternetNews Realtime IT News – Linux Malware On The Rise
  142. ^ New worm targets Linux systems – CNET News. com
  143. ^ a b c "Antivirus". 2011-09-27 20:28:00. Retrieved 2011-9-30. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  144. ^ "The short life and hard times of a Linux virus". Updated: July 30, 2005. Retrieved 2011-9-30. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  145. ^ http://www.groklaw.net/article.php?story=20050529095918381
  146. ^ "Linux, Unix as Vulerable as Windows". Aberdeen Group report, vol. 1, no. 35. ZDNet.
  147. ^ "Is Linux More Secure Than Windows?". Forrester Research.. The full paper is available from Microsofts site
  148. ^ "Windows beats Linux - Unix on vulnerabilities - CERT". The Register.
  149. ^ "Symantec Internet Security Threat Report Trends for January–June 07" (PDF). Patched operating system vulnerability by type. p. 57.
  150. ^ "IBM X-Force® 2008 Trend & Risk Report" (PDF). IBM. p. 40.
  151. ^ "Security Report: Windows vs Linux An independent assessment". The Register. Security, 22nd October 2004 07:26 GMT. Retrieved 2011-9-18. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  152. ^ "Revamping the Security Bulletin Release Process". Microsoft.
  153. ^ a b Forrester Research. "Forrester Report into relative security of Linux and Windows" (PDF).
  154. ^ a b "Symantec Internet Security Threat Report" (PDF). Symantec. p. 55.
  155. ^ "Microsoft: No TCP/IP patches for you, XP". September 14, 2009. Retrieved 2011-10-8. {{cite web}}: Check date values in: |accessdate= (help)
  156. ^ "Microsoft: Patching Windows 2000 'infeasible'". September 8, 2009 04:02. Retrieved 2011-10-8. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  157. ^ "200 days to fix a broken Windows". 2004-2-13. Retrieved 2011-9-9. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  158. ^ "Windows plagued by 17-year-old privilege escalation bug". The Register. 19th January 2010 23:23 GMT. Retrieved 2011-10-6. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  159. ^ "Microsoft confirms 17-year-old Windows vulnerability". ZDNet. 2010-1-21. Retrieved 2011-9-9. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  160. ^ "Microsoft to fix 26 vulnerabilities on patch day". 2010-2-5. Retrieved 2011-9-9. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  161. ^ "Serious IE and Windows flaws left to fester". The Register. 8th January 2010 20:12 GMT. Retrieved 2011-10-6. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  162. ^ The Register (22 October 2004). "Security Report: Windows vs Linux (Rebuttal to the Forrester Report)". The Register.
  163. ^ Corbet, Jonathan. "2.6.32.9 Release notes". lwn.net.
  164. ^ "Torvalds: Fed up with the 'security circus'". InfoWorld.
  165. ^ "Exim code-execution bug, now with root access". The Register.
  166. ^ "Linux kernel purged of five-year-old root access bug". The Register. Retrieved 13 September 2011. The vulnerability was described as long ago as 2005 by researcher Gael Delalleu, but it remained largely overlooked until Rafal Wojtczuk, a researcher at Invisible Things Lab, started investigating related issues.
  167. ^ "Die-hard bug bytes Linux kernel for second time". The Register. Retrieved 13 September 2011. The vulnerability in a component of the operating system that translates values from 64 bits to 32 bits (and vice versa) was fixed once before – in 2007 with the release of version 2.6.22.7. But several months later, developers inadvertently rolled back the change, once again leaving the OS open to attacks that allow unprivileged users to gain full root access.
  168. ^ "Exim code-execution bug, now with root access". The Register. Retrieved 13 September 2011. "It really underscores the importance of singling out security issues and publicizing them as such," Rosenberg said. "Otherwise, this sort of thing can happen."
  169. ^ http://news.cnet.com/8301-13505_3-9916813-16.html
  170. ^ http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/
  171. ^ http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/
  172. ^ http://www.zdnet.com/blog/btl/gartner-windows-collapsing-under-its-own-weight-radical-change-needed/8428?tag=mncol;txt
  173. ^ Security on a Linux file system, retrieved 19 January 2007.
  174. ^ Red Hat discusses RHEL's inclusion of SELinux: redhat.com A wiki devoted to SELinux in Fedora: fedoraproject.org A review of CentOS hosted at linux.com: distrocenter.linux.com
  175. ^ a b "ExecutableBit". 2011-02-14. Retrieved 2011-10-1. {{cite web}}: Check date values in: |accessdate= (help)
  176. ^ "FilePermissions". 2011-06-14. Retrieved 2011-10-1. {{cite web}}: Check date values in: |accessdate= (help)
  177. ^ Edward, Edward Blunt. "Delegating Root Authority and Auditing Activities on UNIX/Linux Systems" (PDF). ISACA.
  178. ^ a b "RootSudo - Community Ubuntu Documentation". Ubuntu.com.
  179. ^ "capabilities - overview of Linux capabilities".
  180. ^ Corbet. "A bid to resurrect Linux capabilities".
  181. ^ "Fedora 15 Accepted Features". Fedora Project.
  182. ^ New Windows zero-day flaw bypasses UAC
  183. ^ "The NX Bit And ASLR". Toms Hardware.
  184. ^ Michael Fox. "SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements" (PDF). University of Virginia, Department of Computer Science. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  185. ^ Scott Field. "An Introduction to Kernel Patch Protection". Microsoft.
  186. ^ "Kernel Patch Protection: Frequently Asked Questio". Microsoft.
  187. ^ "Kernel-Mode Code Signing Policy (Windows Vista and Later)". Microsoft.
  188. ^ "Code Integrity". Microsoft.
  189. ^ "World's stealthiest rootkit gets a makeover". The Register. 21st October 2011 18:41 GMT. Retrieved 2011-10-22. {{cite web}}: Check date values in: |date= (help)
  190. ^ "World's most advanced rootkit penetrates 64-bit Windows". The Register. 16th November 2010 04:00 GMT. Retrieved 2011-10-22. {{cite web}}: Check date values in: |date= (help)
  191. ^ "Understanding Firewall Rules". Microsoft.
  192. ^ a b "Configuring Firewall Rules". Microsoft.
  193. ^ "How to Configure Ubuntu's Firewall". Sunday, January 18, 2009. {{cite web}}: Check date values in: |date= (help)
[edit]