Linux vs windows server?

Adam,

We could discuss this for days, but the Vantage list is not the place.
I will respond directly to you.


Chris


-----Original Message-----
From: adamtuliper [mailto:amt@...]
Sent: Saturday, March 31, 2007 11:31 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



I think you missed the point on that, nor were 'critical details'
left out. The point of that information is that media reports
generally account for what is deemed 'secure'. I'd like for you to
tell me why either of them is more secure - be as technical as you
want - there will be a justified counter argument for whichever side
you choose. Same type of exploits for the most part are capable on
either OS, so you can compare "apples to apples". I can just as
easily inject code into a running process on linux via some shellcode
as I can on windows - so whats your criteria besides personal
preference on 'what is more secure'. You can't do it - and to say
anyone can is biased as your usage of the system dictates the attack
vectors. I provided that report to show the pendulum can swing the
other was as well - as that is where most public opinion comes from -
published exploits. Security on modern OS's can be very subjective
based on your environment and the types of exploits that can occur
specific to your environment. I can take an OS full of exploits, put
it in a closed room with a firewall in front of it, and have it be
safer than a hardened OS plugged directly to the net or a user
running any program on their system - they download malware and their
files are erased - Its subjective - and similiar exploits exists on
any modern environment. Its your usage that dictates it, and you
can't dictate which is more 'secure'and they should choose one or the
other, because again, there's a whole wealth of information stating
the contrary on whichever side you choose.

--- In vantage@..., "Gitzlaff, Christopher"
<cgitzlaff@.-..> wrote:
>
> I think you've left a few critical details out of your post. I'm
sure
> you're
> aware that judging the security of an OS by the quantity of
> vulnerabilities
> is misleading. It isn't an "apples to apples" comparison.
>
> Here is some recent info: hard facts.
>
> Published March 26, 2007: 2006 Operating System Vulnerability
Summary
> http://www.omninerd-.com/2007/-03/26/articles/-74
>
> This article was an in-depth study done on 14 different operating
> systems
> and cites over 90 references regarding the research performed.
From the
>
> articles conclusion:
>
> "As far as "straight-out--of-box" conditions go, both Microsoft's
Windows
>
> and Apple's OS X are ripe with remotely accessible vulnerabilities.
Even
>
> before enabling the servers, Windows based machines contain
numerous
> exploitable holes allowing attackers to not only access the system
but
> also execute arbitrary code. Both OS X and Windows were susceptible
to
> additional vulnerabilities after enabling the built-in services.
Once
> patched, however, both companies support a product that is secure,
at
> least from the outside. The UNIX and Linux variants present a much
more
> robust exterior to the outside. Even when the pre-configured server
> binaries are enabled, each system generally maintained its
integrity
> against remote attacks. Compared with the Microsoft and Apple
products,
> however, UNIX and Linux systems tend to have a higher learning
curve for
>
> acceptance as desktop platforms."
>
> And, of course, a splashy headline "Report Says Windows Gets The
Fastest
>
> Repairs"
> http://www.internet-news.com/-security/-article.php/-3667201
>
> Again, the devil is in the details. The article provides the
following
> vulnerability information for the past 6 months:
>
> Windows - 39, 12 severe, average 21 day fix
> Mac - 49, 1 severe, average 66 day fix
> Red Hat - 208, 2 severe, average 13 day fix
>
> There are two points here. Severity: would you rather have 12
system
> level compromises or 2? Quantity: Red Hat receives patches for
> thousands of programs available in their distribution repositories -

> software that is available, not necessarily installed. The Windows
> patch count only includes those for the programs specifically
shipped
> with their OS. I doubt very much this report included
vulnerabilities
> for
> MS Office.
>
>
> -----Original Message-----
> From: adamtuliper [mailto:amt@-...]
> Sent: Thursday, March 29, 2007 8:14 PM
> To: vantage@...
> Subject: [Vantage] Re: Linux vs windows server?
>
>
>
> ">3) Security, is well known and documented to be a far more secure
> O/S
> >4)O/S stability
> "
>
> well known to who?
>
> I always love this stmt (not a personal attack, just saying in
> general - heard that stmt before plenty of times because of media
> rumors), I was a security consultant (penetration testing, code
> scanning, etc) and as such you hear this argument on occasion. So,
to
> be clear, the number of reported security issues at times was
higher
> on linux (easily check vuln. reporting sites), and at other times
> higher on Windows.
>
> doing a quick search, here's stats for 2005
> "CERT found more than 500 multiple vendor vulnerabilities in Linux
> and Unix spanning old favorites such as denial of service and
buffer
> overflows, while CERT recorded 88 Windows-specific holes and 44 in
> Internet Explorer (IE). For a complete list of vulnerabilities, you
> can visit the CERT site "
>
> This doesn't mean a thing either way - it happened to be the luck
of
> the draw in any time period - many times based on one exploit that
> could be turned into several others using the same basic. You
> cannot 'prove' either is more secure, because simple exploits have
> been found in both OS's. In addition, the "open source" argument
> for "more eyes looking at code - therefore it is more secure" is
> highly arguable as well, considering most developers are _not_ very
> security conscious, and in a corporation where the push is for
> security, there are more trainined eyes looking at it (see works
via
> Michael Howard).
>
> It comes down to available skill as cost saving reports swing to
> either side when trying to 'fairly evaluate'.
>
> Porting to Mono - well - their .net code is basically the client
> base - server side is progress 4gl - so if anyone was looking at
that
> for the client you are supporting and testing a second codebase for
a
> much smaller percentage client in this environment.--. doesn't make
a
> ton of financial sense at this point - for them its prob easier now
> not doing it since progress does most of the work in the port. We
> already know "write once run anywhere" is bs, and doesn't work -
take
> a look at Java. Although mono implementation tries to be decent at
> it.. fact still it.. "write once run anywhere" doesn't work and
there
> are always additional third party extensions and features-
especially
> in a windowing environment dependent on third party (infragistic)
> controls that rely heavily on built in win32 messaging.
>
> --- In vantage@..., "Pete Wutzke" <prw@> wrote:
> >
> > Just one bone to pick with your item number 1) under "Cons".
> >
> > Ever hear of a little company called Novell? How about Red Hat?
> Even
> > Oracle is offering Linux O/S support these days (actual tech
> support, not
> > just porting their products). Those are some major companies in
my
> book,
> > all far bigger than Epicor :-)
> >
> > Other than that, you have summed it up quite nicely. We need to
> encourage
> > Epicor to step up to the plate and enhance their Linux offerings.
> As others
> > have mentioned here, using Novell's Mono they could easily port
> their .NET
> > code to run on linux (and give it a performance boost which it
> sorely needs,
> > BTW). I'm not talking about the entire client code base (wouldn't
> that be
> > nice!), but at least the server side processes that now still
> require a
> > Win32 environment.
> >
> > Command line installation and administration need not be a
problem,
> if you
> > provide thorough and correct instructions and documentation.
> Unfortunately,
> > this is another area where Epicor have continued to disappoint
over
> the
> > years.
> >
> > The more we tell them this is something their customers are
looking
> for, the
> > more likely they'll be to invest in it.
> >
> > My 2c.
> >
> > Pete Wutzke
> > IT Manager
> > Giddens Industries
> >
> >
> >
> > "vantage803" <bash100@> wrote:
> >
> > >My comments for what it's worth;
> > >
> > >Differences between Linux and Windows Server O/S
> > >
> > >Pro's for Linux
> > >1) Cost of O/S Software Linux is far more economical
> > >2) RAM this is a tricky subject. Linux does support memory
greater
> > >then 4GB of RAM
> > >It does this by supporting Intel's PAE (Physical Address
Extension)
> > >Features which are in all Pentium Pro and newer CPU's. The PAE
> > >extensions allow up to a maximum of 64GB of RAM that the OS can
> > >address
> > >3) Security, is well known and documented to be a far more
secure
> O/S
> > >4)O/S stability
> > >
> > >Cons
> > >1) Do not have a major corporation'--s support staff for
assistance
> > >2) Installation is not done thru a GUI must use a command line
> > >
> > >Vantage/Vista Stability (application only)
> > >As I see it from a Vantage/Vista perspective I believe that both
> O/S
> > >versions are equal in respect to stability.
> > >
> > >Hardware Requirements:
> > >Epicor states a minimum requirement regardless of O/S
> > >
> > >Known Issues;
> > >Epicor does not give us this information so this is up to the
users
> > >in this forum and others to disclose. I can only state the known
> > >issues that I have encountered and that is as follows;
> > >
> > >1) BPM is NOT functioning at this time in v8.03 (currently in
> > >development)
> > >2)Many 3rd Party applications will still require a separate Win32
> > >server running in parallel to the Linux Server due to the fact
that
> > >Epicor/Partners have not yet ported these applications to the
Linux
> > >platform.
> > >
> > >Please I encourage all to add to me view points as well ....
> >
>
>
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>








[Non-text portions of this message have been removed]
I would like to know the differences between these two platforms. Is
the linux version of vantage stable? Is it faster than the windows
platform? Does it require the same hardware requirements? Are there
any known issues with linux running vantage?


Thanks,

James
My comments for what it's worth;

Differences between Linux and Windows Server O/S

Pro's for Linux
1) Cost of O/S Software Linux is far more economical
2) RAM this is a tricky subject. Linux does support memory greater
then 4GB of RAM
It does this by supporting Intel's PAE (Physical Address Extension)
Features which are in all Pentium Pro and newer CPU's. The PAE
extensions allow up to a maximum of 64GB of RAM that the OS can
address
3) Security, is well known and documented to be a far more secure O/S
4)O/S stability

Cons
1) Do not have a major corporation's support staff for assistance
2) Installation is not done thru a GUI must use a command line

Vantage/Vista Stability (application only)
As I see it from a Vantage/Vista perspective I believe that both O/S
versions are equal in respect to stability.

Hardware Requirements:
Epicor states a minimum requirement regardless of O/S

Known Issues;
Epicor does not give us this information so this is up to the users
in this forum and others to disclose. I can only state the known
issues that I have encountered and that is as follows;

1) BPM is NOT functioning at this time in v8.03 (currently in
development)
2)Many 3rd Party applications will still require a separate Win32
server running in parallel to the Linux Server due to the fact that
Epicor/Partners have not yet ported these applications to the Linux
platform.

Please I encourage all to add to me view points as well Â….
My comments for what it's worth;

Differences between Linux and Windows Server O/S

Pro's for Linux
1) Cost of O/S Software Linux is far more economical
2) RAM this is a tricky subject. Linux does support memory greater
then 4GB of RAM
It does this by supporting Intel's PAE (Physical Address Extension)
Features which are in all Pentium Pro and newer CPU's. The PAE
extensions allow up to a maximum of 64GB of RAM that the OS can
address
3) Security, is well known and documented to be a far more secure O/S
4)O/S stability

Cons
1) Do not have a major corporation's support staff for assistance
2) Installation is not done thru a GUI must use a command line

Vantage/Vista Stability (application only)
As I see it from a Vantage/Vista perspective I believe that both O/S
versions are equal in respect to stability.

Hardware Requirements:
Epicor states a minimum requirement regardless of O/S

Known Issues;
Epicor does not give us this information so this is up to the users
in this forum and others to disclose. I can only state the known
issues that I have encountered and that is as follows;

1) BPM is NOT functioning at this time in v8.03 (currently in
development)
2)Many 3rd Party applications will still require a separate Win32
server running in parallel to the Linux Server due to the fact that
Epicor/Partners have not yet ported these applications to the Linux
platform.

Please I encourage all to add to me view points as well Â….
Ok, I'll chime in.



If you wish to proceed to the land of what most assuredly could be:



Epicor's deployment landscape currently supports Win2K3 32 (and 64 under the
table), Linux as RHEL and HPUX. Assuming ideal circumstances, I would
purport that Epicor should give reasonable consideration to a Solaris
deployment as well for some of, if not all of, the reasons you propose. To
whit:



Pros:



1.) Solaris is free and has no per user license fees

2.) Solaris is a true 64 bit OS without RAM manipulations

3.) Solaris runs on Intel x86, x64 and SPARC hardware without byte level
conversion required

4.) Solaris is supported by SUN Microsystems and has a viable corporate
support structure

5.) Solaris is vastly more secure than MS OS systems

6.) Solaris is internally self healing and more stable than any other
interrupt based OS

7.) Solaris has the most advanced file system available (read ZFS)

8.) Solaris scales to hundreds of processors and thousands of users
without a problem

9.) Java (and hence Progress and OE10B) runs faster under Solaris

10.) Sun offers multiple back end applications like mail, application
servers, IM and other servers for free to run on Solaris



Cons:

1. Epicor's current port doesn't support Solaris but Progress does

2. The talent pool available to support Solaris is largely limited to
internet server farms

3. There is no number three..



So, while we are considering alternatives. we might enjoy the stuff of
imagination.



Best regards,



Michael



Michael Barry
Aspacia Systems Inc
866.566.9600
312.803.0730 fax
<http://www.aspacia.com/> http://www.aspacia.com/

This email, and any attachments thereto, is intended only for use by the
addressee(s) named herein and may contain legally privileged and/or
confidential information. If you are not the intended recipient of this
email, you are hereby notified that any dissemination, distribution or
copying of this email, and any attachments thereto, is strictly prohibited.
If you have received this email in error, please immediately notify me by
telephone and permanently delete the original and any copy of any email and
any printout thereof.








From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
vantage803
Sent: Wednesday, March 28, 2007 7:24 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



My comments for what it's worth;

Differences between Linux and Windows Server O/S

Pro's for Linux
1) Cost of O/S Software Linux is far more economical
2) RAM this is a tricky subject. Linux does support memory greater
then 4GB of RAM
It does this by supporting Intel's PAE (Physical Address Extension)
Features which are in all Pentium Pro and newer CPU's. The PAE
extensions allow up to a maximum of 64GB of RAM that the OS can
address
3) Security, is well known and documented to be a far more secure O/S
4)O/S stability

Cons
1) Do not have a major corporation's support staff for assistance
2) Installation is not done thru a GUI must use a command line

Vantage/Vista Stability (application only)
As I see it from a Vantage/Vista perspective I believe that both O/S
versions are equal in respect to stability.

Hardware Requirements:
Epicor states a minimum requirement regardless of O/S

Known Issues;
Epicor does not give us this information so this is up to the users
in this forum and others to disclose. I can only state the known
issues that I have encountered and that is as follows;

1) BPM is NOT functioning at this time in v8.03 (currently in
development)
2)Many 3rd Party applications will still require a separate Win32
server running in parallel to the Linux Server due to the fact that
Epicor/Partners have not yet ported these applications to the Linux
platform.

Please I encourage all to add to me view points as well ..





[Non-text portions of this message have been removed]
Just one bone to pick with your item number 1) under "Cons".

Ever hear of a little company called Novell? How about Red Hat? Even
Oracle is offering Linux O/S support these days (actual tech support, not
just porting their products). Those are some major companies in my book,
all far bigger than Epicor :-)

Other than that, you have summed it up quite nicely. We need to encourage
Epicor to step up to the plate and enhance their Linux offerings. As others
have mentioned here, using Novell's Mono they could easily port their .NET
code to run on linux (and give it a performance boost which it sorely needs,
BTW). I'm not talking about the entire client code base (wouldn't that be
nice!), but at least the server side processes that now still require a
Win32 environment.

Command line installation and administration need not be a problem, if you
provide thorough and correct instructions and documentation. Unfortunately,
this is another area where Epicor have continued to disappoint over the
years.

The more we tell them this is something their customers are looking for, the
more likely they'll be to invest in it.

My 2c.

Pete Wutzke
IT Manager
Giddens Industries



"vantage803" <bash100@...> wrote:

>My comments for what it's worth;
>
>Differences between Linux and Windows Server O/S
>
>Pro's for Linux
>1) Cost of O/S Software Linux is far more economical
>2) RAM this is a tricky subject. Linux does support memory greater
>then 4GB of RAM
>It does this by supporting Intel's PAE (Physical Address Extension)
>Features which are in all Pentium Pro and newer CPU's. The PAE
>extensions allow up to a maximum of 64GB of RAM that the OS can
>address
>3) Security, is well known and documented to be a far more secure O/S
>4)O/S stability
>
>Cons
>1) Do not have a major corporation's support staff for assistance
>2) Installation is not done thru a GUI must use a command line
>
>Vantage/Vista Stability (application only)
>As I see it from a Vantage/Vista perspective I believe that both O/S
>versions are equal in respect to stability.
>
>Hardware Requirements:
>Epicor states a minimum requirement regardless of O/S
>
>Known Issues;
>Epicor does not give us this information so this is up to the users
>in this forum and others to disclose. I can only state the known
>issues that I have encountered and that is as follows;
>
>1) BPM is NOT functioning at this time in v8.03 (currently in
>development)
>2)Many 3rd Party applications will still require a separate Win32
>server running in parallel to the Linux Server due to the fact that
>Epicor/Partners have not yet ported these applications to the Linux
>platform.
>
>Please I encourage all to add to me view points as well ....
>>>>>We need to encourage
Epicor to step up to the plate and enhance their Linux offerings<<<<<



As I understand, Epicor's migration path is toward SQL Server and the
ultimate phasing out of Progress DB, I doubt anyone of us would have
much success encouraging a Linux platform. I'm not 100% certain on this
but that was the impression I got when I attended perspectives 2006.









Gerard M Wadman

Sr. Network Systems Engineer



Scandius BioMedical Inc.

11A Beaver Brook Road

Littleton, MA 01460



978/486-4088 x 124

978/486-4108 (fax)



http://www.scandius.com/





This e-mail is for the use of the intended recipient(s) only. If you
have received this e-mail in error, please notify the sender immediately
and then delete it. If you are not the intended recipient, you must not
use, disclose or distribute this e-mail without the author's prior
permission. We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message. We do not accept
liability for any loss or damage caused by software viruses







________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Pete Wutzke
Sent: Thursday, March 29, 2007 12:51 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



Just one bone to pick with your item number 1) under "Cons".

Ever hear of a little company called Novell? How about Red Hat? Even
Oracle is offering Linux O/S support these days (actual tech support,
not
just porting their products). Those are some major companies in my book,
all far bigger than Epicor :-)

Other than that, you have summed it up quite nicely. We need to
encourage
Epicor to step up to the plate and enhance their Linux offerings. As
others
have mentioned here, using Novell's Mono they could easily port their
.NET
code to run on linux (and give it a performance boost which it sorely
needs,
BTW). I'm not talking about the entire client code base (wouldn't that
be
nice!), but at least the server side processes that now still require a
Win32 environment.

Command line installation and administration need not be a problem, if
you
provide thorough and correct instructions and documentation.
Unfortunately,
this is another area where Epicor have continued to disappoint over the
years.

The more we tell them this is something their customers are looking for,
the
more likely they'll be to invest in it.

My 2c.

Pete Wutzke
IT Manager
Giddens Industries

"vantage803" <bash100@... <mailto:bash100%40snet.net> > wrote:

>My comments for what it's worth;
>
>Differences between Linux and Windows Server O/S
>
>Pro's for Linux
>1) Cost of O/S Software Linux is far more economical
>2) RAM this is a tricky subject. Linux does support memory greater
>then 4GB of RAM
>It does this by supporting Intel's PAE (Physical Address Extension)
>Features which are in all Pentium Pro and newer CPU's. The PAE
>extensions allow up to a maximum of 64GB of RAM that the OS can
>address
>3) Security, is well known and documented to be a far more secure O/S
>4)O/S stability
>
>Cons
>1) Do not have a major corporation's support staff for assistance
>2) Installation is not done thru a GUI must use a command line
>
>Vantage/Vista Stability (application only)
>As I see it from a Vantage/Vista perspective I believe that both O/S
>versions are equal in respect to stability.
>
>Hardware Requirements:
>Epicor states a minimum requirement regardless of O/S
>
>Known Issues;
>Epicor does not give us this information so this is up to the users
>in this forum and others to disclose. I can only state the known
>issues that I have encountered and that is as follows;
>
>1) BPM is NOT functioning at this time in v8.03 (currently in
>development)
>2)Many 3rd Party applications will still require a separate Win32
>server running in parallel to the Linux Server due to the fact that
>Epicor/Partners have not yet ported these applications to the Linux
>platform.
>
>Please I encourage all to add to me view points as well ....





[Non-text portions of this message have been removed]
Sounds more like a way to ruin the Vantage product for another several
years. In my opinion they need to get the product working properly and
efficiently before they port it here and port it there. I know I have
been using Vantage since long before Linux existed and I am paying way
more in maintenance than I am getting in return. I am sure I am not the
only user who feels Epicor needs to firm up their current offerings
before spreading their wings any further than they are already spread.



My 2 Cents



Todd Hofert



From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Pete Wutzke
Sent: Thursday, March 29, 2007 12:51 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



Just one bone to pick with your item number 1) under "Cons".

Ever hear of a little company called Novell? How about Red Hat? Even
Oracle is offering Linux O/S support these days (actual tech support,
not
just porting their products). Those are some major companies in my book,
all far bigger than Epicor :-)

Other than that, you have summed it up quite nicely. We need to
encourage
Epicor to step up to the plate and enhance their Linux offerings. As
others
have mentioned here, using Novell's Mono they could easily port their
.NET
code to run on linux (and give it a performance boost which it sorely
needs,
BTW). I'm not talking about the entire client code base (wouldn't that
be
nice!), but at least the server side processes that now still require a
Win32 environment.

Command line installation and administration need not be a problem, if
you
provide thorough and correct instructions and documentation.
Unfortunately,
this is another area where Epicor have continued to disappoint over the
years.

The more we tell them this is something their customers are looking for,
the
more likely they'll be to invest in it.

My 2c.

Pete Wutzke
IT Manager
Giddens Industries

"vantage803" <bash100@... <mailto:bash100%40snet.net> > wrote:

>My comments for what it's worth;
>
>Differences between Linux and Windows Server O/S
>
>Pro's for Linux
>1) Cost of O/S Software Linux is far more economical
>2) RAM this is a tricky subject. Linux does support memory greater
>then 4GB of RAM
>It does this by supporting Intel's PAE (Physical Address Extension)
>Features which are in all Pentium Pro and newer CPU's. The PAE
>extensions allow up to a maximum of 64GB of RAM that the OS can
>address
>3) Security, is well known and documented to be a far more secure O/S
>4)O/S stability
>
>Cons
>1) Do not have a major corporation's support staff for assistance
>2) Installation is not done thru a GUI must use a command line
>
>Vantage/Vista Stability (application only)
>As I see it from a Vantage/Vista perspective I believe that both O/S
>versions are equal in respect to stability.
>
>Hardware Requirements:
>Epicor states a minimum requirement regardless of O/S
>
>Known Issues;
>Epicor does not give us this information so this is up to the users
>in this forum and others to disclose. I can only state the known
>issues that I have encountered and that is as follows;
>
>1) BPM is NOT functioning at this time in v8.03 (currently in
>development)
>2)Many 3rd Party applications will still require a separate Win32
>server running in parallel to the Linux Server due to the fact that
>Epicor/Partners have not yet ported these applications to the Linux
>platform.
>
>Please I encourage all to add to me view points as well ....





This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

[Non-text portions of this message have been removed]
">3) Security, is well known and documented to be a far more secure
O/S
>4)O/S stability
"

well known to who?

I always love this stmt (not a personal attack, just saying in
general - heard that stmt before plenty of times because of media
rumors), I was a security consultant (penetration testing, code
scanning, etc) and as such you hear this argument on occasion. So, to
be clear, the number of reported security issues at times was higher
on linux (easily check vuln. reporting sites), and at other times
higher on Windows.

doing a quick search, here's stats for 2005
"CERT found more than 500 multiple vendor vulnerabilities in Linux
and Unix spanning old favorites such as denial of service and buffer
overflows, while CERT recorded 88 Windows-specific holes and 44 in
Internet Explorer (IE). For a complete list of vulnerabilities, you
can visit the CERT site "


This doesn't mean a thing either way - it happened to be the luck of
the draw in any time period - many times based on one exploit that
could be turned into several others using the same basic. You
cannot 'prove' either is more secure, because simple exploits have
been found in both OS's. In addition, the "open source" argument
for "more eyes looking at code - therefore it is more secure" is
highly arguable as well, considering most developers are _not_ very
security conscious, and in a corporation where the push is for
security, there are more trainined eyes looking at it (see works via
Michael Howard).


It comes down to available skill as cost saving reports swing to
either side when trying to 'fairly evaluate'.

Porting to Mono - well - their .net code is basically the client
base - server side is progress 4gl - so if anyone was looking at that
for the client you are supporting and testing a second codebase for a
much smaller percentage client in this environment.. doesn't make a
ton of financial sense at this point - for them its prob easier now
not doing it since progress does most of the work in the port. We
already know "write once run anywhere" is bs, and doesn't work - take
a look at Java. Although mono implementation tries to be decent at
it.. fact still it.. "write once run anywhere" doesn't work and there
are always additional third party extensions and features- especially
in a windowing environment dependent on third party (infragistic)
controls that rely heavily on built in win32 messaging.


--- In vantage@yahoogroups.com, "Pete Wutzke" <prw@...> wrote:
>
> Just one bone to pick with your item number 1) under "Cons".
>
> Ever hear of a little company called Novell? How about Red Hat?
Even
> Oracle is offering Linux O/S support these days (actual tech
support, not
> just porting their products). Those are some major companies in my
book,
> all far bigger than Epicor :-)
>
> Other than that, you have summed it up quite nicely. We need to
encourage
> Epicor to step up to the plate and enhance their Linux offerings.
As others
> have mentioned here, using Novell's Mono they could easily port
their .NET
> code to run on linux (and give it a performance boost which it
sorely needs,
> BTW). I'm not talking about the entire client code base (wouldn't
that be
> nice!), but at least the server side processes that now still
require a
> Win32 environment.
>
> Command line installation and administration need not be a problem,
if you
> provide thorough and correct instructions and documentation.
Unfortunately,
> this is another area where Epicor have continued to disappoint over
the
> years.
>
> The more we tell them this is something their customers are looking
for, the
> more likely they'll be to invest in it.
>
> My 2c.
>
> Pete Wutzke
> IT Manager
> Giddens Industries
>
>
>
> "vantage803" <bash100@...> wrote:
>
> >My comments for what it's worth;
> >
> >Differences between Linux and Windows Server O/S
> >
> >Pro's for Linux
> >1) Cost of O/S Software Linux is far more economical
> >2) RAM this is a tricky subject. Linux does support memory greater
> >then 4GB of RAM
> >It does this by supporting Intel's PAE (Physical Address Extension)
> >Features which are in all Pentium Pro and newer CPU's. The PAE
> >extensions allow up to a maximum of 64GB of RAM that the OS can
> >address
> >3) Security, is well known and documented to be a far more secure
O/S
> >4)O/S stability
> >
> >Cons
> >1) Do not have a major corporation's support staff for assistance
> >2) Installation is not done thru a GUI must use a command line
> >
> >Vantage/Vista Stability (application only)
> >As I see it from a Vantage/Vista perspective I believe that both
O/S
> >versions are equal in respect to stability.
> >
> >Hardware Requirements:
> >Epicor states a minimum requirement regardless of O/S
> >
> >Known Issues;
> >Epicor does not give us this information so this is up to the users
> >in this forum and others to disclose. I can only state the known
> >issues that I have encountered and that is as follows;
> >
> >1) BPM is NOT functioning at this time in v8.03 (currently in
> >development)
> >2)Many 3rd Party applications will still require a separate Win32
> >server running in parallel to the Linux Server due to the fact that
> >Epicor/Partners have not yet ported these applications to the Linux
> >platform.
> >
> >Please I encourage all to add to me view points as well ....
>
Memory really makes a difference - our server 2003 enterprise has 16 GB
RAM - progress is able to cache 1.6 GB (9.1) operating system
caches the rest of the database or the most read portions - I have
seen bench marked 30,000 to 40,000 read per second from the operating
system cache - best I have seen from disk is 2,000 reads per second



Bob Booth



________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of adamtuliper
Sent: Thursday, March 29, 2007 9:14 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



">3) Security, is well known and documented to be a far more secure
O/S
>4)O/S stability
"

well known to who?

I always love this stmt (not a personal attack, just saying in
general - heard that stmt before plenty of times because of media
rumors), I was a security consultant (penetration testing, code
scanning, etc) and as such you hear this argument on occasion. So, to
be clear, the number of reported security issues at times was higher
on linux (easily check vuln. reporting sites), and at other times
higher on Windows.

doing a quick search, here's stats for 2005
"CERT found more than 500 multiple vendor vulnerabilities in Linux
and Unix spanning old favorites such as denial of service and buffer
overflows, while CERT recorded 88 Windows-specific holes and 44 in
Internet Explorer (IE). For a complete list of vulnerabilities, you
can visit the CERT site "

This doesn't mean a thing either way - it happened to be the luck of
the draw in any time period - many times based on one exploit that
could be turned into several others using the same basic. You
cannot 'prove' either is more secure, because simple exploits have
been found in both OS's. In addition, the "open source" argument
for "more eyes looking at code - therefore it is more secure" is
highly arguable as well, considering most developers are _not_ very
security conscious, and in a corporation where the push is for
security, there are more trainined eyes looking at it (see works via
Michael Howard).

It comes down to available skill as cost saving reports swing to
either side when trying to 'fairly evaluate'.

Porting to Mono - well - their .net code is basically the client
base - server side is progress 4gl - so if anyone was looking at that
for the client you are supporting and testing a second codebase for a
much smaller percentage client in this environment.. doesn't make a
ton of financial sense at this point - for them its prob easier now
not doing it since progress does most of the work in the port. We
already know "write once run anywhere" is bs, and doesn't work - take
a look at Java. Although mono implementation tries to be decent at
it.. fact still it.. "write once run anywhere" doesn't work and there
are always additional third party extensions and features- especially
in a windowing environment dependent on third party (infragistic)
controls that rely heavily on built in win32 messaging.

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ,
"Pete Wutzke" <prw@...> wrote:
>
> Just one bone to pick with your item number 1) under "Cons".
>
> Ever hear of a little company called Novell? How about Red Hat?
Even
> Oracle is offering Linux O/S support these days (actual tech
support, not
> just porting their products). Those are some major companies in my
book,
> all far bigger than Epicor :-)
>
> Other than that, you have summed it up quite nicely. We need to
encourage
> Epicor to step up to the plate and enhance their Linux offerings.
As others
> have mentioned here, using Novell's Mono they could easily port
their .NET
> code to run on linux (and give it a performance boost which it
sorely needs,
> BTW). I'm not talking about the entire client code base (wouldn't
that be
> nice!), but at least the server side processes that now still
require a
> Win32 environment.
>
> Command line installation and administration need not be a problem,
if you
> provide thorough and correct instructions and documentation.
Unfortunately,
> this is another area where Epicor have continued to disappoint over
the
> years.
>
> The more we tell them this is something their customers are looking
for, the
> more likely they'll be to invest in it.
>
> My 2c.
>
> Pete Wutzke
> IT Manager
> Giddens Industries
>
>
>
> "vantage803" <bash100@...> wrote:
>
> >My comments for what it's worth;
> >
> >Differences between Linux and Windows Server O/S
> >
> >Pro's for Linux
> >1) Cost of O/S Software Linux is far more economical
> >2) RAM this is a tricky subject. Linux does support memory greater
> >then 4GB of RAM
> >It does this by supporting Intel's PAE (Physical Address Extension)
> >Features which are in all Pentium Pro and newer CPU's. The PAE
> >extensions allow up to a maximum of 64GB of RAM that the OS can
> >address
> >3) Security, is well known and documented to be a far more secure
O/S
> >4)O/S stability
> >
> >Cons
> >1) Do not have a major corporation's support staff for assistance
> >2) Installation is not done thru a GUI must use a command line
> >
> >Vantage/Vista Stability (application only)
> >As I see it from a Vantage/Vista perspective I believe that both
O/S
> >versions are equal in respect to stability.
> >
> >Hardware Requirements:
> >Epicor states a minimum requirement regardless of O/S
> >
> >Known Issues;
> >Epicor does not give us this information so this is up to the users
> >in this forum and others to disclose. I can only state the known
> >issues that I have encountered and that is as follows;
> >
> >1) BPM is NOT functioning at this time in v8.03 (currently in
> >development)
> >2)Many 3rd Party applications will still require a separate Win32
> >server running in parallel to the Linux Server due to the fact that
> >Epicor/Partners have not yet ported these applications to the Linux
> >platform.
> >
> >Please I encourage all to add to me view points as well ....
>





[Non-text portions of this message have been removed]
I think you've left a few critical details out of your post. I'm sure
you're
aware that judging the security of an OS by the quantity of
vulnerabilities
is misleading. It isn't an "apples to apples" comparison.

Here is some recent info: hard facts.

Published March 26, 2007: 2006 Operating System Vulnerability Summary
http://www.omninerd.com/2007/03/26/articles/74

This article was an in-depth study done on 14 different operating
systems
and cites over 90 references regarding the research performed. From the

articles conclusion:

"As far as "straight-out-of-box" conditions go, both Microsoft's Windows

and Apple's OS X are ripe with remotely accessible vulnerabilities. Even

before enabling the servers, Windows based machines contain numerous
exploitable holes allowing attackers to not only access the system but
also execute arbitrary code. Both OS X and Windows were susceptible to
additional vulnerabilities after enabling the built-in services. Once
patched, however, both companies support a product that is secure, at
least from the outside. The UNIX and Linux variants present a much more
robust exterior to the outside. Even when the pre-configured server
binaries are enabled, each system generally maintained its integrity
against remote attacks. Compared with the Microsoft and Apple products,
however, UNIX and Linux systems tend to have a higher learning curve for

acceptance as desktop platforms."

And, of course, a splashy headline "Report Says Windows Gets The Fastest

Repairs"
http://www.internetnews.com/security/article.php/3667201

Again, the devil is in the details. The article provides the following
vulnerability information for the past 6 months:

Windows - 39, 12 severe, average 21 day fix
Mac - 49, 1 severe, average 66 day fix
Red Hat - 208, 2 severe, average 13 day fix

There are two points here. Severity: would you rather have 12 system
level compromises or 2? Quantity: Red Hat receives patches for
thousands of programs available in their distribution repositories -
software that is available, not necessarily installed. The Windows
patch count only includes those for the programs specifically shipped
with their OS. I doubt very much this report included vulnerabilities
for
MS Office.


-----Original Message-----
From: adamtuliper [mailto:amt@...]
Sent: Thursday, March 29, 2007 8:14 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: Linux vs windows server?



">3) Security, is well known and documented to be a far more secure
O/S
>4)O/S stability
"

well known to who?

I always love this stmt (not a personal attack, just saying in
general - heard that stmt before plenty of times because of media
rumors), I was a security consultant (penetration testing, code
scanning, etc) and as such you hear this argument on occasion. So, to
be clear, the number of reported security issues at times was higher
on linux (easily check vuln. reporting sites), and at other times
higher on Windows.

doing a quick search, here's stats for 2005
"CERT found more than 500 multiple vendor vulnerabilities in Linux
and Unix spanning old favorites such as denial of service and buffer
overflows, while CERT recorded 88 Windows-specific holes and 44 in
Internet Explorer (IE). For a complete list of vulnerabilities, you
can visit the CERT site "

This doesn't mean a thing either way - it happened to be the luck of
the draw in any time period - many times based on one exploit that
could be turned into several others using the same basic. You
cannot 'prove' either is more secure, because simple exploits have
been found in both OS's. In addition, the "open source" argument
for "more eyes looking at code - therefore it is more secure" is
highly arguable as well, considering most developers are _not_ very
security conscious, and in a corporation where the push is for
security, there are more trainined eyes looking at it (see works via
Michael Howard).

It comes down to available skill as cost saving reports swing to
either side when trying to 'fairly evaluate'.

Porting to Mono - well - their .net code is basically the client
base - server side is progress 4gl - so if anyone was looking at that
for the client you are supporting and testing a second codebase for a
much smaller percentage client in this environment.-. doesn't make a
ton of financial sense at this point - for them its prob easier now
not doing it since progress does most of the work in the port. We
already know "write once run anywhere" is bs, and doesn't work - take
a look at Java. Although mono implementation tries to be decent at
it.. fact still it.. "write once run anywhere" doesn't work and there
are always additional third party extensions and features- especially
in a windowing environment dependent on third party (infragistic)
controls that rely heavily on built in win32 messaging.

--- In vantage@..., "Pete Wutzke" <prw@...> wrote:
>
> Just one bone to pick with your item number 1) under "Cons".
>
> Ever hear of a little company called Novell? How about Red Hat?
Even
> Oracle is offering Linux O/S support these days (actual tech
support, not
> just porting their products). Those are some major companies in my
book,
> all far bigger than Epicor :-)
>
> Other than that, you have summed it up quite nicely. We need to
encourage
> Epicor to step up to the plate and enhance their Linux offerings.
As others
> have mentioned here, using Novell's Mono they could easily port
their .NET
> code to run on linux (and give it a performance boost which it
sorely needs,
> BTW). I'm not talking about the entire client code base (wouldn't
that be
> nice!), but at least the server side processes that now still
require a
> Win32 environment.
>
> Command line installation and administration need not be a problem,
if you
> provide thorough and correct instructions and documentation.
Unfortunately,
> this is another area where Epicor have continued to disappoint over
the
> years.
>
> The more we tell them this is something their customers are looking
for, the
> more likely they'll be to invest in it.
>
> My 2c.
>
> Pete Wutzke
> IT Manager
> Giddens Industries
>
>
>
> "vantage803" <bash100@...-> wrote:
>
> >My comments for what it's worth;
> >
> >Differences between Linux and Windows Server O/S
> >
> >Pro's for Linux
> >1) Cost of O/S Software Linux is far more economical
> >2) RAM this is a tricky subject. Linux does support memory greater
> >then 4GB of RAM
> >It does this by supporting Intel's PAE (Physical Address Extension)
> >Features which are in all Pentium Pro and newer CPU's. The PAE
> >extensions allow up to a maximum of 64GB of RAM that the OS can
> >address
> >3) Security, is well known and documented to be a far more secure
O/S
> >4)O/S stability
> >
> >Cons
> >1) Do not have a major corporation'-s support staff for assistance
> >2) Installation is not done thru a GUI must use a command line
> >
> >Vantage/Vista Stability (application only)
> >As I see it from a Vantage/Vista perspective I believe that both
O/S
> >versions are equal in respect to stability.
> >
> >Hardware Requirements:
> >Epicor states a minimum requirement regardless of O/S
> >
> >Known Issues;
> >Epicor does not give us this information so this is up to the users
> >in this forum and others to disclose. I can only state the known
> >issues that I have encountered and that is as follows;
> >
> >1) BPM is NOT functioning at this time in v8.03 (currently in
> >development)
> >2)Many 3rd Party applications will still require a separate Win32
> >server running in parallel to the Linux Server due to the fact that
> >Epicor/Partners have not yet ported these applications to the Linux
> >platform.
> >
> >Please I encourage all to add to me view points as well ....
>








[Non-text portions of this message have been removed]
I think you missed the point on that, nor were 'critical details'
left out. The point of that information is that media reports
generally account for what is deemed 'secure'. I'd like for you to
tell me why either of them is more secure - be as technical as you
want - there will be a justified counter argument for whichever side
you choose. Same type of exploits for the most part are capable on
either OS, so you can compare "apples to apples". I can just as
easily inject code into a running process on linux via some shellcode
as I can on windows - so whats your criteria besides personal
preference on 'what is more secure'. You can't do it - and to say
anyone can is biased as your usage of the system dictates the attack
vectors. I provided that report to show the pendulum can swing the
other was as well - as that is where most public opinion comes from -
published exploits. Security on modern OS's can be very subjective
based on your environment and the types of exploits that can occur
specific to your environment. I can take an OS full of exploits, put
it in a closed room with a firewall in front of it, and have it be
safer than a hardened OS plugged directly to the net or a user
running any program on their system - they download malware and their
files are erased - Its subjective - and similiar exploits exists on
any modern environment. Its your usage that dictates it, and you
can't dictate which is more 'secure'and they should choose one or the
other, because again, there's a whole wealth of information stating
the contrary on whichever side you choose.


--- In vantage@yahoogroups.com, "Gitzlaff, Christopher"
<cgitzlaff@...> wrote:
>
> I think you've left a few critical details out of your post. I'm
sure
> you're
> aware that judging the security of an OS by the quantity of
> vulnerabilities
> is misleading. It isn't an "apples to apples" comparison.
>
> Here is some recent info: hard facts.
>
> Published March 26, 2007: 2006 Operating System Vulnerability
Summary
> http://www.omninerd.com/2007/03/26/articles/74
>
> This article was an in-depth study done on 14 different operating
> systems
> and cites over 90 references regarding the research performed.
From the
>
> articles conclusion:
>
> "As far as "straight-out-of-box" conditions go, both Microsoft's
Windows
>
> and Apple's OS X are ripe with remotely accessible vulnerabilities.
Even
>
> before enabling the servers, Windows based machines contain
numerous
> exploitable holes allowing attackers to not only access the system
but
> also execute arbitrary code. Both OS X and Windows were susceptible
to
> additional vulnerabilities after enabling the built-in services.
Once
> patched, however, both companies support a product that is secure,
at
> least from the outside. The UNIX and Linux variants present a much
more
> robust exterior to the outside. Even when the pre-configured server
> binaries are enabled, each system generally maintained its
integrity
> against remote attacks. Compared with the Microsoft and Apple
products,
> however, UNIX and Linux systems tend to have a higher learning
curve for
>
> acceptance as desktop platforms."
>
> And, of course, a splashy headline "Report Says Windows Gets The
Fastest
>
> Repairs"
> http://www.internetnews.com/security/article.php/3667201
>
> Again, the devil is in the details. The article provides the
following
> vulnerability information for the past 6 months:
>
> Windows - 39, 12 severe, average 21 day fix
> Mac - 49, 1 severe, average 66 day fix
> Red Hat - 208, 2 severe, average 13 day fix
>
> There are two points here. Severity: would you rather have 12
system
> level compromises or 2? Quantity: Red Hat receives patches for
> thousands of programs available in their distribution repositories -

> software that is available, not necessarily installed. The Windows
> patch count only includes those for the programs specifically
shipped
> with their OS. I doubt very much this report included
vulnerabilities
> for
> MS Office.
>
>
> -----Original Message-----
> From: adamtuliper [mailto:amt@...]
> Sent: Thursday, March 29, 2007 8:14 PM
> To: vantage@yahoogroups.com
> Subject: [Vantage] Re: Linux vs windows server?
>
>
>
> ">3) Security, is well known and documented to be a far more secure
> O/S
> >4)O/S stability
> "
>
> well known to who?
>
> I always love this stmt (not a personal attack, just saying in
> general - heard that stmt before plenty of times because of media
> rumors), I was a security consultant (penetration testing, code
> scanning, etc) and as such you hear this argument on occasion. So,
to
> be clear, the number of reported security issues at times was
higher
> on linux (easily check vuln. reporting sites), and at other times
> higher on Windows.
>
> doing a quick search, here's stats for 2005
> "CERT found more than 500 multiple vendor vulnerabilities in Linux
> and Unix spanning old favorites such as denial of service and
buffer
> overflows, while CERT recorded 88 Windows-specific holes and 44 in
> Internet Explorer (IE). For a complete list of vulnerabilities, you
> can visit the CERT site "
>
> This doesn't mean a thing either way - it happened to be the luck
of
> the draw in any time period - many times based on one exploit that
> could be turned into several others using the same basic. You
> cannot 'prove' either is more secure, because simple exploits have
> been found in both OS's. In addition, the "open source" argument
> for "more eyes looking at code - therefore it is more secure" is
> highly arguable as well, considering most developers are _not_ very
> security conscious, and in a corporation where the push is for
> security, there are more trainined eyes looking at it (see works
via
> Michael Howard).
>
> It comes down to available skill as cost saving reports swing to
> either side when trying to 'fairly evaluate'.
>
> Porting to Mono - well - their .net code is basically the client
> base - server side is progress 4gl - so if anyone was looking at
that
> for the client you are supporting and testing a second codebase for
a
> much smaller percentage client in this environment.-. doesn't make
a
> ton of financial sense at this point - for them its prob easier now
> not doing it since progress does most of the work in the port. We
> already know "write once run anywhere" is bs, and doesn't work -
take
> a look at Java. Although mono implementation tries to be decent at
> it.. fact still it.. "write once run anywhere" doesn't work and
there
> are always additional third party extensions and features-
especially
> in a windowing environment dependent on third party (infragistic)
> controls that rely heavily on built in win32 messaging.
>
> --- In vantage@..., "Pete Wutzke" <prw@> wrote:
> >
> > Just one bone to pick with your item number 1) under "Cons".
> >
> > Ever hear of a little company called Novell? How about Red Hat?
> Even
> > Oracle is offering Linux O/S support these days (actual tech
> support, not
> > just porting their products). Those are some major companies in
my
> book,
> > all far bigger than Epicor :-)
> >
> > Other than that, you have summed it up quite nicely. We need to
> encourage
> > Epicor to step up to the plate and enhance their Linux offerings.
> As others
> > have mentioned here, using Novell's Mono they could easily port
> their .NET
> > code to run on linux (and give it a performance boost which it
> sorely needs,
> > BTW). I'm not talking about the entire client code base (wouldn't
> that be
> > nice!), but at least the server side processes that now still
> require a
> > Win32 environment.
> >
> > Command line installation and administration need not be a
problem,
> if you
> > provide thorough and correct instructions and documentation.
> Unfortunately,
> > this is another area where Epicor have continued to disappoint
over
> the
> > years.
> >
> > The more we tell them this is something their customers are
looking
> for, the
> > more likely they'll be to invest in it.
> >
> > My 2c.
> >
> > Pete Wutzke
> > IT Manager
> > Giddens Industries
> >
> >
> >
> > "vantage803" <bash100@> wrote:
> >
> > >My comments for what it's worth;
> > >
> > >Differences between Linux and Windows Server O/S
> > >
> > >Pro's for Linux
> > >1) Cost of O/S Software Linux is far more economical
> > >2) RAM this is a tricky subject. Linux does support memory
greater
> > >then 4GB of RAM
> > >It does this by supporting Intel's PAE (Physical Address
Extension)
> > >Features which are in all Pentium Pro and newer CPU's. The PAE
> > >extensions allow up to a maximum of 64GB of RAM that the OS can
> > >address
> > >3) Security, is well known and documented to be a far more
secure
> O/S
> > >4)O/S stability
> > >
> > >Cons
> > >1) Do not have a major corporation'-s support staff for
assistance
> > >2) Installation is not done thru a GUI must use a command line
> > >
> > >Vantage/Vista Stability (application only)
> > >As I see it from a Vantage/Vista perspective I believe that both
> O/S
> > >versions are equal in respect to stability.
> > >
> > >Hardware Requirements:
> > >Epicor states a minimum requirement regardless of O/S
> > >
> > >Known Issues;
> > >Epicor does not give us this information so this is up to the
users
> > >in this forum and others to disclose. I can only state the known
> > >issues that I have encountered and that is as follows;
> > >
> > >1) BPM is NOT functioning at this time in v8.03 (currently in
> > >development)
> > >2)Many 3rd Party applications will still require a separate Win32
> > >server running in parallel to the Linux Server due to the fact
that
> > >Epicor/Partners have not yet ported these applications to the
Linux
> > >platform.
> > >
> > >Please I encourage all to add to me view points as well ....
> >
>
>
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>